1. Controller
Data controller: Scrayos UG (haftungsbeschränkt).
Address and
registration details are available in our legal notice.
Contact: [email protected].
2. Categories of Personal Data
- Account and registration data (name, email, credentials)
- OAuth linkage information required to publish to social platforms (we do not store your social platform passwords)
- Uploaded user content: images, videos, screenshots and any user‑entered context
- AI‑generated suggestions (captions, hashtags) and edits
- Usage, analytics and performance data (Matomo)
- Error and crash reports (Sentry)
- Technical metadata (IP, device, browser)
3. Purposes & Legal Bases
We process personal data for:
- Provision and performance of the Service (Art. 6(1)(b) GDPR)
- Service improvements, analytics and product development (legitimate interest, Art. 6(1)(f) GDPR)
- Error detection and stability (legitimate interest, Art. 6(1)(f) GDPR)
- Marketing if you consent (Art. 6(1)(a) GDPR)
- Legal compliance and defence of claims (legal obligation / legitimate interest)
4. AI Processing & External Providers
To generate suggestions we transmit content or excerpts (images, screenshots, and optional textual context) to an AI service provider (e.g., OpenAI). The AI provider processes this data to return generated text and metadata. We store generated suggestions and related metadata as part of your account. We maintain Data Processing Agreements (DPAs) with processors and take steps to ensure appropriate safeguards for transfers outside the EU/EEA (adequacy decisions or standard contractual clauses).
5. Cookies & Tracking
We use cookies and tracking for essential functionality, analytics (Matomo) and error tracking (Sentry). For non-essential cookies we obtain consent via a cookie banner in compliance with TTDSG/ePrivacy and GDPR. You can withdraw consent at any time in your settings.
6. Disclosure & Recipients
We may disclose personal data to:
- Service providers and sub‑processors (hosting, email, AI, analytics, error tracking)
- Legal authorities if required by law
- Third parties in connection with a sale, merger or reorganization (with appropriate safeguards)
7. International Transfers
If data is transferred outside the EU/EEA we rely on an adequacy decision, EU standard contractual clauses (SCCs) or other lawful safeguards. Details of our transfer mechanisms are available on request.
8. Data Retention
We retain personal data only as long as necessary for the purposes described or as required by law (e.g., commercial retention periods). When data is no longer required it will be securely deleted or anonymised. On account deletion we will remove your content after a retention period of 3 months unless legal obligations require otherwise.
9. Your Rights
You have the right to access, rectify, erase, restrict processing, object to processing, and request data portability. To exercise your rights contact [email protected]. You may also lodge a complaint with the competent supervisory authority (e.g., the German Data Protection Authority).
10. Security Measures
We implement technical and organisational measures (encryption in transit, TLS, access controls, pseudonymisation where appropriate, backups). While we strive to protect your data, absolute security cannot be guaranteed.
11. Children
The Service is not intended for children under 16. If we learn we collected personal data from a child under the minimum age without consent, we will take steps to delete it.
12. Updates
We may update this Privacy Policy. Material changes will be communicated in-app or by email. The current version and last updated date are shown at the top of this page.
13. Contact
Controller: Scrayos UG (haftungsbeschränkt)
Address: Alter Weg 14, 53819
Neunkirchen-Seelscheid, Germany
Email: [email protected]
Commercial register: HRB
13468 at Amtsgericht Siegburg
Data Protection Officer
Contact: Joshua Dean Küpper — [email protected]