Privacy Policy for „Darkly Yours"
This is a courtesy translation. The German version is the legally binding one.
Controller
Johanna Grollmann, Kaiserstraße 171, 53113 Bonn, Germany, e-mail: support@darklyyours.app. For privacy matters you can reach us at this e-mail. No statutory data protection officer has been appointed; there is currently no obligation to appoint one.
Purposes, data types and legal bases
- Registration and account management: e-mail (required), hashed password, display name, date of birth, language; purposes: account creation, authentication, contractual communication; legal basis: Art. 6 (1) (b) GDPR.
- Conversation content (sensitive): messages may allow conclusions about your sex life or sexual orientation; purposes: personalised conversation, memory features; legal bases: Art. 6 (1) (a) GDPR (consent) and expressly Art. 9 (2) (a) GDPR (special categories). Withdrawal possible at any time with effect for the future; without consent, memory features cannot be used.
- Usage and security data: sign-in times/IPs, number of messages sent, subscription status; purposes: provision of the service, abuse and fraud prevention, stability; legal bases: Art. 6 (1) (b) and (f) GDPR (legitimate interest in security).
- Payments/subscriptions: customer number, billing data, status; purposes: payment processing, proof and retention obligations; legal bases: Art. 6 (1) (b) and (c) GDPR.
Categories of recipients
We use processors. We will name the current list on request; below are the categories with their typical functions:
- Hosting/operation in the EU: infrastructure, database, authentication, content delivery.
- AI/voice processing: processing of inputs and short-lived conversation context to generate replies or voice features.
- Payment services: subscription management and payment processing; no payment instruments are stored by us.
- E-mail services: transactional e-mails (registration, contract confirmation).
- Security/bot defence: measures to prevent abusive access (e.g. CAPTCHA/Turnstile), DNS.
- Error and stability monitoring: technical diagnostic data (no conversation content).
Transfers to third countries
Some providers have group ties to the USA. Where a transfer takes place, we base it on an adequacy decision (EU-US Data Privacy Framework) or on standard contractual clauses under Art. 46 GDPR; copies or information on the availability of the safeguards are available on request at support@darklyyours.app.
Retention period
- Account/profile data: until the account is deleted or the contract ends.
- Conversation content:
- Free („Encounter"): stored until account deletion; only the most recently needed context is transmitted to AI services.
- Paid subscription („Obsession"): stored permanently for memory features; only current context elements are transmitted per request.
- Billing data: 10 years (statutory retention).
- Error/security logs: 30 days. Statutory retention obligations take precedence.
Terminal device information (TTDSG)
- Strictly necessary storage: we use technically necessary cookies/local storage for login/session, language selection and security functions; no consent is required for this (§ 25 (2) no. 2 TTDSG).
- Bot defence/CAPTCHA: to protect sign-in, essential bot-defence tokens may be set; these are necessary for the requested function (preventing abuse during login/forms).
- No analytics/marketing without consent: should we use non-essential cookies/techniques in future, we will obtain prior consent and inform you in the consent banner.
Obligation to provide data
For performance of the contract, e-mail and password are required; without them no account can be created. Date of birth is necessary for age confirmation; without age confirmation, use is excluded. Consent to the processing of special conversation content is voluntary; without it, memory features are not available.
Your rights
You have the rights to access, rectification, erasure, restriction, data portability and to object to processing based on Art. 6 (1) (f) GDPR. You may withdraw a given consent at any time; the lawfulness up to the withdrawal remains unaffected.
Complaint
You may lodge a complaint with a supervisory authority, in particular at your place of residence. The authority competent for us is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW).
No automated decision-making
No decisions within the meaning of Art. 22 GDPR take place; AI replies are purely narrative.
Protection of minors
The app is intended exclusively for persons aged 18 and over; this is technically supported by age confirmation and recognised youth protection labelling.
Changes
We adapt this policy when functions or the legal situation change and inform you in the app or at your next login. The current version is always available at this URL.
Last updated: June 2026