Datenschutzerklärung
Privacy Policy
1. Verantwortlicher / Data Controller
Kisum GmbH
Sonnwendjochstr. 6, D-81825 München, Germany
E-Mail: info@ki-sum.ai
Responsible for data processing on this website pursuant to the General Data Protection Regulation (GDPR).
2. Erhobene Daten / Data Collected
We process the following personal data:
- Account data: E-mail address, hashed password (when registering via e-mail/password)
- Payment data: Processed by LemonSqueezy as Merchant of Record. We receive order confirmation, subscription status, and customer ID — but never credit card numbers.
- Usage data: Pages visited, features used, timestamps (server logs only — no third-party analytics without consent).
- Idea submissions: Text content submitted by VIP users for evaluation.
3. Rechtsgrundlage / Legal Basis
- Art. 6 Abs. 1 lit. b DSGVO: Contract performance (providing the service, processing payments).
- Art. 6 Abs. 1 lit. a DSGVO: Consent (optional analytics, newsletter).
- Art. 6 Abs. 1 lit. f DSGVO: Legitimate interest (server logs for security, fraud prevention).
4. Auftragsverarbeiter / Data Processors
| Service | Provider | Location | Purpose |
|---|---|---|---|
| Supabase | Supabase Inc. | EU data region | Authentication, user management |
| LemonSqueezy | Lemon Squeezy LLC | USA | Payment processing (Merchant of Record) |
| Hetzner | Hetzner Online GmbH | Germany (Nuremberg) | Server hosting, data storage |
Data Processing Agreements (DPA) are in place with all processors listed above.
5. Speicherdauer / Data Retention
- Account data: retained until account deletion.
- Payment records: retained for 10 years (German tax law, § 147 AO).
- Server logs: automatically deleted after 90 days.
- Idea submissions: retained while subscription is active; deleted upon request after cancellation.
6. Ihre Rechte / Your Rights
Under the GDPR, you have the right to:
- Access your personal data (Art. 15 DSGVO)
- Rectification of inaccurate data (Art. 16 DSGVO)
- Erasure / right to be forgotten (Art. 17 DSGVO)
- Restriction of processing (Art. 18 DSGVO)
- Data portability (Art. 20 DSGVO)
- Object to processing (Art. 21 DSGVO)
- Withdraw consent at any time (Art. 7 Abs. 3 DSGVO)
To exercise any of these rights, contact us at privacy@ki-sum.ai.
7. Cookies
This website uses only technically necessary cookies for authentication session management. No tracking cookies are set without your explicit consent.
8. Beschwerderecht / Right to Complain
You have the right to lodge a complaint with a supervisory authority (Art. 77 DSGVO). The competent authority is the data protection authority of the German state where Kisum GmbH is registered.
Stand / Last updated: March 2026