Privacy Policy

Effective Date: January 30, 2026
Last Updated: January 30, 2026

1. Data Controller

The controller responsible for data processing on this website is:

Alexander Slivinskiy
Alexander Slivinskiy
Leopoldstraße 2-8
32051 Herford
Deutschland

E-Mail: alex@wizardtoad.net
Telefon:

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2. Data We Collect

We collect and process the following personal data:

2.1 Account Data

When you register for our service, we collect:

• Username: Your chosen username for identification
• Email Address: For account verification and communication
• Password: Stored only as a secure hash (SHA-256 with salt), never in plain text
• Language Preference: Your preferred language (English or German)

2.2 Service Usage Data

When you use our service, we store:

• Chat Conversations: Your conversations with our AI assistant about financial summaries, so you can access them again
• Channel Subscriptions: The YouTube channels you subscribe to and your custom names/descriptions for them
• Topic Preferences: The financial topics you are interested in
• Feedback: Any feedback you voluntarily submit through our feedback form

2.3 Telegram Data (Optional)

If you choose to link your Telegram account:

• Telegram User ID: Your numeric Telegram identifier to send you notifications
• Topic Subscriptions: Which topics you want to receive notifications for

3. Legal Basis for Processing

We process your personal data based on the following legal grounds (Art. 6 GDPR):

• Contract Performance (Art. 6(1)(b)): Processing of account data, subscriptions, and chat history is necessary to provide our service to you.
• Consent (Art. 6(1)(a)): Telegram integration and notifications are only processed with your explicit consent. You can withdraw consent at any time.
• Legitimate Interest (Art. 6(1)(f)): We may process data to improve our services and ensure security. Our legitimate interest is to provide and improve our service.

4. Third-Party Services and Data Transfers

We use the following third-party services to provide our service:

4.1 OpenRouter (LLM API)

• Purpose: AI-powered analysis of YouTube video content
• Data Transferred: YouTube video transcripts (not your personal data)
• Location: USA
• Privacy Policy: https://openrouter.ai/privacy

Note: Your personal account data is NOT sent to OpenRouter. Only publicly available YouTube video transcripts are processed.

4.2 Resend (Email Service)

• Purpose: Sending verification emails during registration
• Data Transferred: Your email address
• Location: USA
• Privacy Policy: https://resend.com/legal/privacy-policy

4.3 Telegram Bot API

• Purpose: Sending you notifications about new summaries (only if you opt in)
• Data Transferred: Your Telegram user ID and message content
• Location: Various (Telegram servers)
• Privacy Policy: https://telegram.org/privacy

5. Server Location and Data Storage

Our servers are located in Germany. All your personal data (account information, chat history, preferences) is stored on servers within the European Union. We use SQLite as our database system.

6. Cookies

We use only essential cookies that are necessary for the functioning of our service:

• Authentication Cookie (auth_token):
  Purpose: Keeps you logged in
  Duration: 30 days
  Type: HTTP-only, secure cookie
  Legal Basis: Contract performance (Art. 6(1)(b) GDPR) - necessary to provide the service

We do NOT use tracking cookies, analytics cookies, or advertising cookies. No cookie consent banner is required because we only use technically necessary cookies.

7. Data Retention

We retain your data for the following periods:

• Account Data: Until you delete your account or request deletion
• Chat History: Until you delete your account or request deletion
• Verification Codes: 30 minutes (automatically deleted after expiry)
• Feedback: Indefinitely for service improvement, unless you request deletion

8. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right of Access (Art. 15): You can request a copy of your personal data
• Right to Rectification (Art. 16): You can request correction of inaccurate data
• Right to Erasure (Art. 17): You can request deletion of your data ('right to be forgotten')
• Right to Restriction (Art. 18): You can request restriction of processing
• Right to Data Portability (Art. 20): You can request your data in a machine-readable format
• Right to Object (Art. 21): You can object to processing based on legitimate interests
• Right to Withdraw Consent (Art. 7): You can withdraw consent at any time (e.g., for Telegram notifications)

To exercise any of these rights, please contact us at: alex@wizardtoad.net

9. Right to Lodge a Complaint

If you believe that our processing of your personal data violates data protection laws, you have the right to lodge a complaint with a supervisory authority. In Germany, you can contact your state's data protection authority (Landesdatenschutzbeauftragter).

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Passwords are hashed using SHA-256 with a random 32-character salt
• Authentication uses secure, HTTP-only JWT cookies
• All data transmission uses HTTPS encryption
• Access to personal data is limited to the service operator

11. Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of any significant changes by updating the 'Last Updated' date at the top of this policy. We encourage you to review this policy periodically.

Contact

If you have any questions about this privacy policy or our data practices, please contact us at:
Email: alex@wizardtoad.net
Address: Leopoldstraße 2-8, 32051 Herford, Deutschland