PRIVACY_POLICY.

The controller under the GDPR is Till Nentwich, operating as a sole trader (Einzelunternehmen) under German law, based at c/o IP-Management #9482, Ludwig-Erhard-Straße 18, 20459 Hamburg, Germany. Contact: till@audyx.ai · Phone: +49 1516 78300636.

Audyx is a web application that helps creators analyse and rewrite scripts for stronger retention. When you use the chat, your messages are sent to our backend and forwarded to Anthropic’s API together with our product prompts (system and instruction text). We do not run our own large language model; text inference is performed by Anthropic only, using Claude models, configured for normal API use. On the Pro plan, you may upload audio or record from your microphone for transcription: that audio is sent from our servers to OpenAI’s Whisper speech-to-text API exclusively for that purpose. Usage limits (scans, transcription minutes per month) are enforced server-side and reflected in your account metadata.

We process personal data where necessary to perform our contract with you (Art. 6(1)(b) GDPR), to comply with legal obligations (Art. 6(1)(c)), where we have a legitimate interest such as security and abuse prevention (Art. 6(1)(f)), or where you have given consent (Art. 6(1)(a)).

Authentication and user profiles are provided by Clerk Inc. This includes your email address, user ID, and operational metadata (e.g. subscription flags, scan counters) required to run plans and quotas.

Paid plans are billed through Stripe. We do not store your full card data on our servers. Stripe processes payment data under its own terms and notifies us of successful subscription events so we can unlock your plan.

All AI-generated text output is produced through Anthropic’s APIs from our infrastructure. We choose models and prompts for the product; Anthropic’s API data policies and terms apply to that processing. Do not submit special-category data unless you have a lawful basis to do so.

Voice transcription on the Pro plan is performed exclusively by OpenAI’s Whisper API. Audio you upload or record is sent from our servers to OpenAI for transcription only and is not used by us for model training. OpenAI’s API data policies and terms apply to that processing. Do not transcribe content you do not have a lawful basis to process.

We use Sentry (Functional Software, Inc.) to capture application errors so we can fix them. Sentry receives technical details such as stack traces, browser metadata and the route that errored. We rely on this as a legitimate interest under Art. 6(1)(f) GDPR for service security and reliability. PII identifiers (your email, full name) are not deliberately attached to error events.

Only with your explicit consent do we load PostHog (PostHog Inc.) for product analytics. PostHog is configured to use the EU host (eu.i.posthog.com) so events stay within the EU. Events captured cover navigation and feature usage (e.g. ‘pricing_view’, ‘audit_started’). If we enable optional session replay (screen recordings for debugging UX), inputs are masked and you can still decline analytics entirely in the cookie banner or revoke later via the footer link, with no effect on the rest of the service.

Only with your explicit marketing-consent do we load Rewardful (Rewardful, Inc.), which sets a cookie used to credit a creator who referred you across multiple visits. Without this consent, only same-session URL-parameter attribution applies (no persistent cookie). You can decline or revoke this category in the cookie banner / footer link.

When you submit the in-app support form, we use Resend (Resend Inc.) to deliver that email to our support inbox. The email contains the message text you wrote, your account email and your plan label, and is processed solely to reply to you.

If you opt in to our newsletter, we use Resend to deliver a confirmation email and, after you click the link in that email (double opt-in), the subsequent newsletter editions. We process your email address and the timestamps of your opt-in and any later opt-out. Legal basis: your consent under Art. 6(1)(a) GDPR. You may withdraw consent at any time via the one-click unsubscribe link in every newsletter or by emailing till@audyx.ai; withdrawal does not affect the lawfulness of processing carried out before withdrawal.

The application is hosted on Vercel. Technical logs (e.g. IP address, timestamps, device class) may be generated for reliability and security. See Vercel’s privacy policy for details.

So you can reopen recent chats from the sidebar, your browser may store a small JSON snapshot in localStorage on your device only (session titles and the message content shown in the UI). This is not our cloud database; clearing site data in your browser removes it. We still recommend not pasting secrets you cannot afford to lose into any AI chat.

Clerk, Stripe, Anthropic, OpenAI, Sentry, Resend, Rewardful and Vercel may process data in the United States and other countries. PostHog is configured on its EU host. Where transfers leave the EEA, they rely on appropriate safeguards such as the EU Commission Standard Contractual Clauses and provider documentation.

We have concluded data processing agreements (Auftragsverarbeitungsverträge) under Art. 28 GDPR with all named processors above. These agreements bind each processor to act only on our documented instructions, to apply appropriate technical and organisational security measures, and to support us in fulfilling data-subject rights. Copies are retained on file and can be made available to a supervisory authority on request.

We keep data only as long as needed for the purposes above or as required by law. Operational retention on subprocessors follows their policies until you delete your account or exercise your rights.

You may request access, rectification, erasure, restriction, portability, and object where applicable, and withdraw consent where processing is consent-based. Contact: till@audyx.ai. You may lodge a complaint with a supervisory authority; in Hamburg (example): Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI).