Privacy Policy

Data Controller

Gartenbach Management Consulting

Sascha Gartenbach

sascha@gartenbach.com

CH-400.1.604.190-0

Data We Collect

Account Data

Name, email address, and organization name -- provided by you during registration.

Brand Data

Context Cards, Beats, Constraints, Buyer Intents, and Profiling Agents -- provided by you as part of your brand configuration.

Generated Content

AI-generated text stored in your content history -- created by the service based on your brand context.

Usage Data

Feature usage, generation counts, and timestamps -- collected automatically to manage your subscription limits and improve the service.

Technical Data

IP address, browser type, and device information -- collected automatically for security and service delivery.

Billing Data

Payment processing is handled entirely by Stripe. We do NOT store credit card numbers or payment details on our servers.

Legal Basis (GDPR Art. 6)

• Contract performance (Art. 6(1)(b)): Account management, service delivery, and subscription management.
• Legitimate interest (Art. 6(1)(f)): Service improvement, security monitoring, and fraud prevention.
• Consent (Art. 6(1)(a)): Optional analytics and marketing communications -- only with your explicit consent.

How We Use Your Data

• Service delivery and feature functionality.
• AI content generation -- your brand data is sent to the Anthropic API as context for generating content.
• Billing and subscription management via Stripe.
• Service improvement, bug fixing, and performance optimization.
• Security monitoring and fraud prevention.
• Product update communications -- only with your explicit consent.

Third-Party Processors

AI Data Processing

• Your brand data (Context Cards, Beats, Constraints, etc.) is sent to Anthropic's Claude API as context for content generation.
• This data is processed in real-time and is NOT stored by Anthropic beyond the API request.
• Anthropic does NOT use customer data from commercial API usage for model training.
• Generated content is stored in Supabrand's database and is owned by you.
• You can delete all your data at any time through your account settings.

Data Retention

• Account data: Retained while your account is active, plus 30 days after account deletion.
• Brand data: Retained while your account is active. Deleted within 30 days of account deletion.
• Generated content: Retained while your account is active. You can delete individual items at any time.
• Usage data: Retained for 12 months for analytics purposes, then anonymized.
• Billing records: Retained for 10 years in accordance with Swiss accounting law.

Your Rights (GDPR Chapter III)

• Right of access (Art. 15): Request a copy of your personal data.
• Right to rectification (Art. 16): Request correction of inaccurate data.
• Right to erasure (Art. 17): Request deletion of your personal data.
• Right to data portability (Art. 20): Export your data in a machine-readable format. The NCP JSON export serves this purpose for brand data.
• Right to object (Art. 21): Object to processing based on legitimate interest.
• Right to withdraw consent (Art. 7(3)): Withdraw consent for optional data processing at any time.

To exercise any of these rights, contact us at sascha@gartenbach.com.

We will respond to your request within 30 days.

Cookies

We use only essential cookies by default (Supabase authentication session and locale preference). No tracking or analytics cookies are used without your explicit consent.

Please refer to our Cookie Policy for full details.

International Data Transfers

• Anthropic and Stripe process some data in the United States.
• These transfers are protected by EU Standard Contractual Clauses (SCCs).
• The Swiss-US Data Privacy Framework applies where applicable.

Data Security

• All data is encrypted in transit (TLS 1.3) and at rest.
• Row Level Security (RLS) is enforced on all database tables.
• Regular security reviews are conducted.
• Access to customer data is limited to necessary personnel only.