Mira KI – Bildgenerator

Get Started

Privacy Policy

Privacy Policy for the “Mira KI Bild & Text Generator” App

  1. Scope and Age Restriction

1.1 Scope

This Privacy Policy applies to the “Mira KI Bild & Text Generator” mobile app (hereinafter “App”), which is made available via the Apple App Store and Google Play Store.
It informs you about which personal data we collect in the App, for what purposes we use this data, and what rights you have in relation to your data.

1.2 Age Restriction and Consent for Minors

  • Intended Age Restriction: The App is primarily designed for use by persons aged 12 and over. Persons under 12 years of age are prohibited from using it.
  • Legal Requirements (GDPR Art. 8): For certain data processing operations that rely on consent (especially personalized tracking, AI training, etc.), European law (depending on the country, typically between 13 and 16 years) may require additional parental/guardian consent.
  • Consequence: If you are under 16 and a feature of the App requires your consent, please ensure that your parents or guardians also consent to the data processing.
  • Deletion of Minor Data: If we become aware that persons under 12 years of age (or under 16 years without parental consent, if required) are using our services, we will promptly delete their personal data or obtain the required parental consent.
  1. Principles of Our Data Processing
    We only process personal data on the basis of a valid legal ground pursuant to Article 6 of the GDPR and apply the principle of data minimization. This means we always check whether and which data are necessary for each respective purpose.

Personal data includes any information relating to an identified or identifiable natural person (e.g., name, email address, IP addresses).

  1. Categories of Data Processed

3.1 Registration and Account Data

  • Email Address: Required to create and manage your user account, for password resets, and for support inquiries.
  • Password: Stored only in encrypted (hashed) form; no plaintext access.

(If you use social logins via Google or Apple, see the “Social Login” section below.)

3.2 Payment Information

  • In-App Purchases (IAP) through Apple App Store / Google Play Store: We only receive token-based payment confirmations, never your complete credit card or bank details. These are held solely by Apple or Google.

3.3 Usage and Content Data

  • Chat logs (prompts, text inputs) for the AI chat function: We use, among others, OpenAI services and Stable Diffusion for AI generation.
  • Prompts for image generation: Text descriptions (prompts) are sent to external AI systems so they can generate appropriate images.
  • Log files / crash reports (e.g., via Firebase Crashlytics) to improve stability and security.
  • Usage statistics (e.g., frequency of certain feature usage via Firebase Analytics).

3.4 Device Information

  • Operating system, device model, app version
  • Advertising IDs (Apple IDFA or Google Advertising ID), if you have enabled personalized advertising
  • IP address (possibly anonymized/truncated) to provide functionalities and prevent misuse

3.5 Communication Data

  • Support inquiries: Via email to support@kiassist.rog or through any in-app contact forms.
  • Newsletter subscription: If you subscribe to our newsletter, we store your email address.
  • Push notifications: If you have enabled these in your operating system (for marketing or service messages).

3.6 Special Categories of Personal Data

We do not collect or process special categories of personal data (e.g., health data, Article 9 GDPR) unless you choose to submit them yourself in chat inputs (which we do not recommend). If such data appear in free-text fields, they may be briefly transferred to our or third-party servers. We advise against including especially sensitive data.

  1. Purposes and Legal Bases

We use the data mentioned above for the following purposes:

  1. Provision of App Functions
    • (AI-based) chat and image generation; technical maintenance (hosting, database, user accounts).
    • Legal basis: Contractual performance (Art. 6(1)(b) GDPR).
  2. Conducting Paid Services
    • Handling in-app purchases, subscriptions, credits/coins.
    • Legal basis: Contractual performance (Art. 6(1)(b) GDPR).
  3. Analysis and Improvement of the App
    • Evaluating usage statistics (Firebase Analytics), crash reports (Crashlytics).
    • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR), or consent (Art. 6(1)(a) GDPR) for certain tracking methods.
  4. Advertising / Monetization
    • Displaying advertisements via Google AdMob (potentially personalized), newsletters/push marketing.
    • Legal basis: Consent (Art. 6(1)(a) GDPR) for personalized ads, marketing push notifications, newsletters. For purely contextual (non-personalized) ads: legitimate interests (Art. 6(1)(f) GDPR).
  5. IT Security and Enforcement of Rights
    • Protection against misuse, fraud prevention, assertion and defense of legal claims.
    • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
  6. AI Processing and Model Improvement (optional if applicable)
    • Your text inputs or uploaded images may be analyzed (pseudonymized or anonymized) to improve our AI features (e.g., error detection, training of recognition algorithms).
    • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) or – where legally required – consent (Art. 6(1)(a) GDPR).
    • If third-party services (e.g., OpenAI) use data for their own training, this is governed by their contractual terms. We endeavor to contractually ensure that personal data is largely anonymized and that no unnecessary profiling occurs.
  7. Other Purposes for Which You Have Given Consent
    • If you have given us consent for a specific purpose, we will only process your data in accordance with that consent. You can revoke your consent at any time with effect for the future (Art. 7(3) GDPR).
  1. Data Transfer to Third Parties / Transfer to Third Countries

5.1 Firebase (Google LLC)

We use Firebase services (Hosting, Auth, Firestore, Analytics, Crashlytics) provided by Google LLC (USA). Data may be transmitted to the USA. Google assures an adequate level of data protection via EU Standard Contractual Clauses (SCCs) and additional measures. For more information, see Google Privacy.

5.2 OpenAI / Stable Diffusion

  • OpenAI (USA): Your chat prompts/text inputs and potentially generated content may be transferred to and processed in the USA.
  • Stable Diffusion: Depending on implementation, image-generation prompts may be processed in third countries as well.

We seek to conclude appropriate agreements (e.g., SCCs) with our service providers. Nonetheless, there is a residual risk of possible access by US authorities when data is transferred to the USA (see “Schrems II”).

5.3 Google AdMob

We use Google AdMob for displaying advertisements. This may involve sending advertising IDs, device information, and usage data to Google. Transfers to the USA may also occur. See Google Privacy Policy.

5.4 Payments (Apple / Google)

Paid transactions are handled via the Apple App Store or Google Play Store. Apple/Google process payment data under their own responsibility. We only receive confirmations (tokens), not sensitive payment details.

5.5 Social Login (Google / Apple)

If you log in using your Google or Apple account, we receive certain basic data (e.g., email address, authentication token) solely for linking your account. For further data processing by Google/Apple, they are independently responsible.

5.6 Other Instances of Data Transfer

  • Fraud and Abuse Prevention: If illegal activities are suspected, we may share data with relevant authorities or security partners for investigation.
  • Requests by Authorities / Legal Proceedings: We disclose data to courts, law enforcement, or regulators if legally required or by court order.
  • Corporate Acquisitions / Mergers: In the event of acquisition, merger, or reorganization, user data may be transferred as necessary for contractual fulfillment. We will notify you promptly.
  1. Retention Periods and Deletion
  • User Account: Stored until you delete it or request deletion.
  • Payment / Billing Data: Retained per tax/commercial law (usually 6–10 years).
  • Chat Logs / Prompts: If linked to your account, stored until you delete them or request deletion. Note that once data is sent to external AI services, we may not have full control over its removal.
  • Analytics Data (Firebase Analytics / Crashlytics): Generally pseudonymized; deleted after defined periods (e.g., 14 months) or as per Google’s policies.
  • Log Files (server/security logs): Kept for a limited time (e.g., 7–90 days) unless required for security or evidentiary reasons.

You can cancel your account or request data deletion anytime by emailing support@kiassist.rog.

  1. Advertising and Marketing

7.1 Personalized Advertising

If you have consented, we process advertising IDs and usage data (e.g., app usage) for personalized ads via Google AdMob. You can withdraw consent at any time in the App settings or your device settings.

7.2 Contextual (Non-Personalized) Advertising

If you do not consent to personalized ads or withdraw consent, we may still serve non-personalized ads based on contextual info (e.g., app content, approximate region) under our legitimate interests (Art. 6(1)(f) GDPR).

7.3 Newsletter

If subscribed, we use your email for newsletters (offers, news). You can unsubscribe any time via the link in each newsletter or by emailing support@kiassist.rog.

7.4 Push Notifications

The App may send push notifications (e.g., offers, updates). You can disable these in device settings or withdraw your consent.

  1. IT Security and Incident Response

We implement appropriate technical and organizational measures (TOMs) to protect your data against loss, misuse, or unauthorized access, including:

  • Encrypted transmission (SSL/TLS)
  • Restricted access rights (role-based)
  • Regular security updates / penetration tests
  • Logging critical events (server access, logins)

Incident Response: In the event of a data breach (e.g., unauthorized access, data loss), we will inform you and any relevant data protection authority without undue delay if legally required (Articles 33, 34 GDPR).

  1. User Uploads and Third-Party Content

Since our App allows uploading text, images, or other content, you are responsible for ensuring that you only upload content for which you have the necessary rights and which does not violate third-party rights (e.g., copyright, personality rights).

Do not submit data of others without their consent; observe applicable laws (GDPR, copyright, etc.). We reserve the right to check or remove content if there is evidence of a legal violation.

  1. Your Rights

Under the GDPR, you have the right to:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object (Art. 21 GDPR), particularly where processing is based on our legitimate interests or for direct marketing
  • Withdraw consent (Art. 7(3) GDPR) at any time with future effect

10.1 Implementation with Third-Party Services

Please note that we partially transfer data (e.g., prompts) to third parties (OpenAI). Complete erasure from all systems may not always be fully under our control. However, we will attempt to forward your requests to our contractual partners wherever feasible.

You can exercise your rights by contacting support@kiassist.rog. We may request proof of identity.

If you believe our data processing violates applicable law, you also have the right to lodge a complaint with a relevant data protection authority (Art. 77 GDPR). In Baden-Württemberg, Germany:

The State Commissioner for Data Protection and Freedom of Information
Lautenschlagerstraße 20, 70173 Stuttgart
https://www.baden-wuerttemberg.datenschutz.de

  1. Minors

Use of the App is prohibited for persons under 12. For those under 16, parental/guardian consent may be required where features rely on consent (e.g., personalized ads). If we discover data from ineligible minors, we will promptly delete it or obtain parental consent.

  1. International Data Transfers

Some of your data (e.g., chat prompts to OpenAI, Firebase data) may be transferred outside the European Economic Area (EEA), particularly to the USA. While we rely on safeguards such as Standard Contractual Clauses (SCCs), a risk of authority access in the USA remains (“Schrems II”).
If you do not wish your data to be transferred outside the EEA, certain AI functions may be unavailable, as we rely on external providers.

  1. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy if necessary (e.g., upon introducing new features/services or a change in the law). The latest version can be accessed within our App. Where material changes relate to your consent, we will inform you in advance.

  1. Disclaimer and Right of Modification

This Privacy Policy has been prepared carefully to meet GDPR and other data protection requirements. However, it does not replace legal advice. We accept no liability that this document addresses every possible scenario arising from your usage.

For any questions or comments, contact us at support@kiassist.rog.

  1. Summary and Applicability
  • This version is for use within the EU/EEA. If you offer the App worldwide, other or additional rules (e.g., CCPA/CPRA for California) may apply.
  • In some EU countries (e.g., France, Spain), the age threshold for certain online service consents may be 15 or 14.

Data Controller (Imprint)

Name: Eckhardt Filatov
Address: Dresdener Ring 43, 71522 Backnang, Germany
Email: support@kiassist.rog

(Hereinafter “we,” “us,” or the “Controller.”)

We are subject to the provisions of the General Data Protection Regulation (GDPR) and supplementary national data protection laws. As our company does not exceed the statutory thresholds, no external Data Protection Officer has been appointed. We ourselves bear responsibility for compliance with all data protection regulations.

Last updated: January 2025