Privacy Policy

Effective: January 2026

1. Introduction

We appreciate your interest in our app "Comicself". The protection of your personal data is important to us. This privacy policy informs you about what data we collect, how we use it, and what rights you have.

Data Controller:
Lenny David Enderle
Rua Padre Manuel Bernardes 16 5esq.
2825-359 Costa da Caparica
Portugal
Email: support@comicself.com

2. Data Collected

2.1 During Registration

• Email address
• Password (stored encrypted)
• Apple ID (when using Apple Sign-In)

2.2 During App Usage

• Diary entries (text, mood, tags)
• Uploaded photos (selfies, reference images)
• Generated comics and avatars
• Usage statistics (EP points, streak data)
• Character data (names, relationships)

2.3 Technical Data

• IP address
• Device type and operating system
• App version
• Access timestamps

2.4 For Purchases

• Payment information is processed by Apple (In-App Purchases) or Stripe (Print subscription)
• We store: purchase date, product, subscription status
• Delivery address (Print subscription only)

3. Purpose of Data Processing

We process your data for the following purposes:

• Service Provision: Generating comics from your diary entries
• Account Management: Authentication and account administration
• App Improvement: Usage analysis for optimization
• Communication: Notifications and support requests
• Legal Obligations: Compliance with statutory retention requirements

4. Legal Basis (GDPR Art. 6)

• Art. 6(1)(a): Consent (e.g., for push notifications)
• Art. 6(1)(b): Contract performance (service provision)
• Art. 6(1)(c): Legal obligation
• Art. 6(1)(f): Legitimate interest (security, fraud prevention)

5. Third Parties and Data Transfer

5.1 OpenAI

We use OpenAI (gpt-image-1.5) for generating comics and avatars. Diary entries and photos are transmitted to OpenAI. OpenAI processes data according to their privacy policy.

Note: OpenAI does not store data from API requests for training purposes.

5.2 Apple

• In-App Purchases are processed through Apple
• Apple Sign-In (if used)

5.3 Stripe

• Payment processing for Print subscriptions
• Stripe processes payment data according to PCI-DSS standards

5.4 Lulu

• Print service provider for comic booklets
• Receives delivery address and print data

5.5 Hosting

Our servers are located in the European Union (Germany).

6. Data Retention

• Account Data: Until account deletion
• Diary Entries & Comics: Until deletion by user or account deletion
• Technical Logs: 30 days
• Payment Data: 10 years (statutory retention requirement)

7. Your Rights

Under the GDPR, you have the following rights:

• Right of Access (Art. 15): Right to information about stored data
• Right to Rectification (Art. 16): Right to correction of inaccurate data
• Right to Erasure (Art. 17): Right to deletion ("right to be forgotten")
• Right to Restriction (Art. 18): Right to restrict processing
• Right to Data Portability (Art. 20): Right to receive your data in machine-readable format
• Right to Object (Art. 21): Right to object to processing
• Right to Withdraw Consent (Art. 7): Right to withdraw consent at any time

To exercise your rights: Use the export and deletion functions in the app or contact us at support@comicself.com.

Right to Complain: You have the right to lodge a complaint with a data protection supervisory authority.

8. Data Security

We implement technical and organizational measures:

• Encrypted data transmission (TLS/HTTPS)
• Encrypted password storage (bcrypt)
• Regular security updates
• Access restrictions for employees

9. Minors

Comicself is intended for users aged 16 and above. Persons under 16 may only use the app with parental consent.

10. Changes

We reserve the right to update this privacy policy. The current version is always available in the app and on our website.

11. Contact

For privacy-related questions, contact us at:

Lenny David Enderle
Email: support@comicself.com

---

Last updated: January 2026