SignatureTaste
Loading...
Back to Home

Privacy Policy and Data Protection Information for Signature Taste

Introduction

We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the AmNi Software Solutions UG (haftungsbeschränkt). The use of the Internet pages of the AmNi Software Solutions UG (haftungsbeschränkt) is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the AmNi Software Solutions UG (haftungsbeschränkt). By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

As the controller, AmNi Software Solutions UG (haftungsbeschränkt) has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.

Name and Address of the Controller

Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

AmNi Software Solutions UG (haftungsbeschränkt)
Pestalozzistraße 25
22305 Hamburg
Deutschland

Phone: 01774945465
Email: service@amnisoftware.de
Website: https://www.signature-taste.com

Definitions

Our data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). It should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to explain the terminology used.

In this data protection declaration, we use, inter alia, the following terms:

  • Personal data means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
  • Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
  • Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
  • Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
  • Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
  • Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
  • Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Collection of General Data and Information (Server Logs)

When you access our website or use integrated API routes, our hosting provider automatically collects and stores information in server log files with each access by a data subject or automated system. This general data and information typically includes:

  • The browser types and versions used
  • The operating system used by the accessing system
  • The website from which an accessing system reaches our website (referrer URL)
  • The specific pages or API endpoints accessed on our site
  • The date and time of access
  • An Internet protocol address (IP address)
  • The Internet service provider of the accessing system
  • Other similar data used for security purposes (e.g., preventing attacks)

When using this general data and information, AmNi Software Solutions UG (haftungsbeschränkt) does not draw any conclusions about the data subject. This information is needed to:

  • Deliver the content of our website and API responses correctly.
  • Optimize the content of our website and potentially advertising for it.
  • Ensure the long-term viability, stability, and security of our IT systems and website technology.
  • Provide law enforcement authorities with information necessary for prosecution in case of cyber-attacks.

The legal basis for processing this log data is our legitimate interest (Art. 6(1)(f) GDPR) in ensuring the proper functioning, security, stability, and delivery of our website and services, as well as potentially clarifying cyber incidents.

Server log files are stored separately from any other personal data provided by a data subject. The data in the server log files are deleted or anonymized after 7 days at the latest.

Information about our specific hosting providers is detailed in the "Service Providers / Processors" section below.

Cookies and Consent Management

Our website uses cookies and similar technologies such as localStorage, sessionStorage, service workers, and browser caches. These technologies can store information on your device or access information already stored there.

We use technically necessary storage and access operations required for the basic operation, security, language routing, consent documentation, age verification, authentication redirects, and delivery of the website. The legal basis for related personal-data processing is our legitimate interest in providing a functional and secure website according to Art. 6(1)(f) GDPR and, where storage or access on your device is strictly necessary, § 25(2) No. 2 TDDDG.

If you have given your consent, we also use non-essential storage and tracking technologies for analytics and user-experience measurement. This includes Google Analytics, Vercel Analytics, Vercel Speed Insights, and Microsoft Clarity. Details are available in our Cookie Consent Manager ("Cookie Settings"), accessible at any time via the footer.

The legal basis for setting or reading technically non-essential cookies and similar technologies is your consent according to § 25(1) TDDDG. The legal basis for the subsequent processing of personal data using these technologies is your consent according to Art. 6(1)(a) GDPR.

You can change your preferences or withdraw your consent at any time with future effect via our Cookie Consent Manager ("Cookie Settings").

You can also generally prevent the setting of cookies by adjusting the settings of your Internet browser and permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via your browser settings. Please note that if you deactivate all cookies, not all functions of our website may be fully usable.

Documentation of Consent (Consent Log)

To comply with our legal obligations under the GDPR (specifically the principle of accountability, Art. 5(2) GDPR), we document the consent choices you make in our consent banner. When you make a selection, we store the following information:

  • A randomly generated, anonymous user ID (UUID) to distinguish your consent record. This ID is stored in localStorage as a technically necessary consent-documentation item.
  • The consent choices you made (e.g., for functional or analytics purposes).
  • The date and time your consent was given.
  • Metadata, such as the language of the site when you made your selection.

Purpose of Processing: The sole purpose of collecting this data is to have a verifiable record of the consent you have provided, which we are legally required to maintain.

Legal Basis: The legal basis for this processing is Art. 6(1)(c) GDPR (compliance with a legal obligation).

Data Retention: These consent records are stored for a period necessary to comply with our legal obligations, which typically aligns with statutory limitation periods (e.g., 3 years).

Data Storage: This data is stored securely in our database, hosted by Supabase (see "Service Providers / Processors"). It is not used for advertising and is not shared with unrelated third parties.

Website Analytics (Google Analytics with Anonymization)

Subject to your consent provided via our Cookie Consent Manager, we use Google Analytics, a web analytics service provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics is loaded only after analytics consent and may use cookies or similar identifiers to analyze your use of the website.

IP Anonymization: We use Google Analytics with the "anonymizeIp" function activated. This means your IP address will be truncated by Google within Member States of the European Union or other parties to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.

Data Processed: Usage data (pages visited, time spent, clicks, approximate location based on anonymized IP), device information. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Legal Basis: Your explicit consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG), managed via our Cookie Consent Manager.

Purpose: Analysis of user behavior to optimize our website and offerings.

Data Transfer: Data processing may occur in the USA. Google typically relies on Standard Contractual Clauses (SCCs) approved by the EU Commission (Art. 46(2)(c) GDPR) for such transfers. Risks may exist (e.g., access by US authorities).

Processor: We have concluded a data processing agreement (DPA) with Google Ireland Limited according to Art. 28 GDPR.

Opt-Out/Withdrawal: You can withdraw your consent at any time via the "Cookie Settings" link in our footer. You can also prevent the storage of cookies by a corresponding setting of your browser software. Furthermore, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser add-on available at: https://tools.google.com/dlpage/gaoptout?hl=en.

Data Retention: Data sent by us and linked to cookies, user identifiers (e.g., User ID), or advertising IDs are automatically deleted after 14 months. The deletion of data whose retention period has been reached occurs automatically once a month. For more information, please refer to Google's Privacy Policy: https://policies.google.com/privacy.

Website Analytics (Vercel Analytics)

Subject to your consent provided via our Cookie Consent Manager, we use Vercel Analytics and Vercel Speed Insights, services provided by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. These services help us understand page views, performance, and user experience after analytics consent has been granted.

Privacy-Focused Approach: Vercel Analytics does not use cookies for visitor tracking. In our implementation, the analytics and speed-insight components are mounted only after analytics consent and outgoing events are filtered if consent is missing or revoked.

Data Processed: Usage and performance data such as page views, referrer information, general geographic region, device/browser information, performance metrics, and route information. IP addresses may be processed transiently for delivery/security but are not used by us to identify individual visitors.

Legal Basis: Your explicit consent (Art. 6(1)(a) GDPR and, where applicable, § 25(1) TDDDG), managed via our Cookie Consent Manager.

Purpose: Analysis of anonymous user behavior patterns to optimize our website performance, content, and user experience.

Data Transfer: Data is primarily processed in EU regions (Frankfurt). However, as Vercel Inc. is based in the USA, administrative access and processing may occur in the USA. Transfers are safeguarded via Standard Contractual Clauses (SCCs) and Vercel's participation in the EU-U.S. Data Privacy Framework (DPF).

Processor: We have concluded a data processing agreement (DPA) with Vercel Inc. according to Art. 28 GDPR.

Opt-Out/Withdrawal: You can withdraw your consent at any time via the "Cookie Settings" link in our footer. Since Vercel Analytics doesn't use cookies, browser settings for cookies do not affect this service, but your consent withdrawal will stop data collection.

Data Retention: Analytics data is retained by Vercel for analysis purposes and automatically deleted after 13 months. For more information, please refer to Vercel's Privacy Policy: https://vercel.com/legal/privacy-policy.

Website Analytics & User Experience (Microsoft Clarity)

Subject to your analytics consent, we use Microsoft Clarity, provided by Microsoft Ireland Operations Limited / Microsoft Corporation, to understand how visitors interact with our pages through behavioral metrics, heatmaps, and session replay. Clarity may process clicks, scrolls, page views, device/browser data, approximate location, referrer URLs, and masked or pseudonymized interaction data. We configure and use Clarity only after consent. The legal basis is Art. 6(1)(a) GDPR and, where Clarity stores or reads information on your device, § 25(1) TDDDG. Data may be transferred to the USA and is safeguarded by Microsoft contractual measures and, where applicable, the EU-U.S. Data Privacy Framework. You can withdraw consent at any time via Cookie Settings; after withdrawal Clarity is no longer loaded. For more information, see the Microsoft Privacy Statement.

Our Service Providers / Processors

To provide and operate our website and services, we use specialized service providers and selected third-party recipients. Where required, we have entered into data processing agreements (DPAs) and rely on appropriate transfer safeguards. Key providers and recipients include:

  • Vercel Inc.

    Purpose: Hosting, delivery, security, Vercel Analytics, and Speed Insights for our website and API routes.

    Data Processed: Access logs, IP address, browser/device information, pages or API routes accessed, timestamps, referrer information, performance metrics, and analytics events where consent has been granted.

    Location: Primarily EU regions where configured; Vercel Inc. is based in the USA. Transfers for administration, support, security, and analytics are safeguarded via Standard Contractual Clauses (SCCs) and Vercel's participation in the EU-U.S. Data Privacy Framework (DPF).

    Retention: Server logs are typically deleted or anonymized after a short operational period. Analytics and performance data are retained according to the configured Vercel project settings and provider terms.

    Legal Basis: Art. 6(1)(f) GDPR for hosting/security logs; Art. 6(1)(a) GDPR and, where applicable, § 25(1) TDDDG for analytics and performance measurement.

    Privacy Info

  • Supabase Inc.

    Purpose: Authentication, user account management, database hosting, and storage of consent/account state.

    Data Processed: Email address, user ID, authentication/session data, OAuth provider metadata if Google Sign-In is used, user profile role, favorites, selected ingredients, shopping list, cocktail ratings, newsletter preference, consent records, timestamps, and related database records.

    Location: Project data is stored in the configured Supabase region. Supabase Inc. is based in the USA, so administrative/support transfers may occur and are safeguarded via SCCs and, where applicable, DPF participation.

    Retention: Account data is retained while the account exists and deleted or anonymized on request or account deletion unless legal retention duties apply. Consent records are retained as needed for accountability and limitation periods.

    Legal Basis: Art. 6(1)(b) GDPR for account functionality; Art. 6(1)(c) GDPR for consent documentation; Art. 6(1)(a) GDPR for optional newsletter consent.

    Privacy Info

  • Google Ireland Limited / Google LLC

    Purpose: Google Analytics after consent and optional Google Sign-In via Supabase OAuth. Firebase client SDKs may also be used in legacy/admin functionality where configured.

    Data Processed: For Google Analytics, usage and device data as described above. For Google Sign-In, Google account identifiers such as email address, name, profile image, and provider ID may be processed. For Firebase Authentication in legacy/admin functionality, authentication and session data may be processed if that feature is used.

    Location: EU and USA. Transfers are safeguarded via SCCs and, where applicable, Google's DPF certification.

    Retention: Google Analytics data is retained according to our configured analytics retention period, currently 14 months. Google Sign-In/Firebase data follows the relevant account and provider retention settings.

    Legal Basis: Art. 6(1)(a) GDPR and § 25(1) TDDDG for analytics; Art. 6(1)(b) GDPR for authentication requested by the user.

    Privacy Info

  • Microsoft Ireland Operations Limited / Microsoft Corporation

    Purpose: Microsoft Clarity heatmaps, behavioral metrics, and session replay after analytics consent.

    Data Processed: Page views, clicks, scrolls, device/browser data, approximate location, referrer URLs, and masked or pseudonymized interaction data.

    Location: EU and USA. Transfers are safeguarded via Microsoft contractual measures and, where applicable, DPF participation.

    Retention: Clarity data is retained according to Microsoft Clarity settings/provider terms and is no longer collected after consent withdrawal.

    Legal Basis: Art. 6(1)(a) GDPR and, where Clarity stores or reads information on your device, § 25(1) TDDDG.

    Privacy Info

  • Affiliate partners, including Amazon

    Purpose: Affiliate links and product referrals that may fund the website.

    Data Processed: If you click an affiliate link, we may route you through an internal redirect and use country information provided by Vercel to choose a suitable destination. If analytics consent exists, we may record an affiliate-click event. The affiliate partner may process referral and purchase data under its own privacy policy.

    Location: Depending on the affiliate partner, including EU and non-EU countries.

    Legal Basis: Art. 6(1)(f) GDPR for displaying and routing affiliate links; Art. 6(1)(a) GDPR for optional analytics tracking of affiliate clicks.

    Privacy Info

External Links and Affiliate Links

Our website contains links to external websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Disclosure: This website may participate in affiliate marketing programs. Some links might be affiliate links. This means if you click on the link and purchase the item, we may receive a small commission at no additional cost to you.

Purpose: These commissions help support the operation of our services.

Tracking: Clicking affiliate links may involve the use of cookies or other tracking technologies by the affiliate partner or vendor to track the referral. The data processing by these third parties is governed by their own privacy policies.

Our legal basis for participating in affiliate programs and displaying these links is our legitimate interest in funding our website (Art. 6(1)(f) GDPR).

Data Processing Outside the EU/EEA

As detailed in the "Service Providers / Processors" section, some partners (including Vercel, Supabase, Google, Microsoft, and affiliate partners) are based in the USA or may transfer data there for administrative, support, security, analytics, authentication, or processing purposes. Data protection laws in these countries may not offer the same level of protection as within the EU/EEA.

We take steps to ensure that any transfer of personal data outside the EU/EEA complies with GDPR requirements. We rely on appropriate safeguards, such as:

  • EU Commission Adequacy Decisions (where applicable, like the DPF).
  • Standard Contractual Clauses (SCCs) approved by the EU Commission, entered into with the service provider.
  • Participation of the US provider in the EU-U.S. Data Privacy Framework (DPF), where certified (relevant for Vercel, Supabase, Google, Microsoft, and some affiliate partners).

Data Retention Periods

The controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject.

The criteria used to determine the period of storage of personal data is the respective statutory retention period (e.g., commercial or tax law requires retention for 6 or 10 years for certain contract or invoice data). For data without statutory retention periods, specific criteria apply:

  • Server log data processed by Vercel is deleted or anonymized after the operational retention period described by Vercel or the configured project settings.
  • Google Analytics data collected with consent is automatically deleted after 14 months according to our current configuration.
  • Vercel Analytics, Speed Insights, and Microsoft Clarity data are retained according to the respective provider settings and are no longer collected after consent withdrawal.
  • Consent records stored in our Supabase database are retained for the duration necessary to demonstrate compliance with legal obligations, typically aligned with statutory limitation periods.
  • User account data in Supabase is stored for the duration of your account use and deleted or anonymized upon account deletion or valid request, unless legal retention periods apply.
  • Data processed based on your consent (for example, non-essential cookies, localStorage, or analytics identifiers) is retained until you withdraw consent, the purpose is fulfilled, or the configured retention period expires.

If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.

Your Data Protection Rights

As a data subject under the GDPR, you have the following rights regarding your personal data:

  • Right of Confirmation (Art. 15 GDPR)

    You have the right to obtain confirmation as to whether or not personal data concerning you is being processed.

  • Right of Access (Art. 15 GDPR)

    You have the right to obtain free information about your personal data stored at any time and a copy of this information, including details on processing purposes, data categories, recipients, planned storage duration, origin of data (if not collected from you), existence of automated decision-making, and information on data transfers and safeguards.

  • Right to Rectification (Art. 16 GDPR)

    You have the right to obtain the rectification of inaccurate personal data concerning you without undue delay, and the right to have incomplete personal data completed.

  • Right to Erasure (Right to be Forgotten) (Art. 17 GDPR)

    You have the right to obtain the erasure of personal data concerning you without undue delay where specific grounds apply (e.g., data no longer necessary, consent withdrawn, objection filed, unlawful processing), as long as processing is not necessary for exercising the right of freedom of expression, for compliance with a legal obligation, for public interest reasons, or for legal claims.

  • Right of Restriction of Processing (Art. 18 GDPR)

    You have the right to obtain restriction of processing where conditions apply (e.g., accuracy is contested, processing is unlawful but erasure is opposed, data needed for legal claims, objection is pending).

  • Right to Data Portability (Art. 20 GDPR)

    You have the right to receive the personal data concerning you, which you provided to us, in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without hindrance, where processing is based on consent or contract and carried out by automated means.

  • Right to Object (Art. 21 GDPR)

    You have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you which is based on legitimate interests (Art. 6(1)(f) GDPR), including profiling based on those provisions. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds which override your interests, rights and freedoms, or for legal claims.
    Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing for such marketing.

  • Automated individual decision-making, including profiling (Art. 22 GDPR)

    You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless specific exceptions apply (necessary for contract, authorized by law, based on explicit consent).

  • Right to Withdraw Consent (Art. 7(3) GDPR)

    Where processing is based on your consent (Art. 6(1)(a) or Art. 9(2)(a) GDPR), you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

  • Right to Lodge a Complaint (Art. 77 GDPR)

    Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes GDPR. The competent supervisory authority for us is typically: Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit, Ludwig-Erhard-Str. 22, 7. OG, 20459 Hamburg, Email: mailbox@datenschutz.hamburg.de

How to Exercise Your Rights

To exercise any of these rights, you can contact us at any time using the details provided in the "Name and Address of the Controller" section above (e.g., via email: service@amnisoftware.de) or contact our Data Protection Officer (see below). We may need to request specific information from you to help us confirm your identity.

You can manage your consent preferences for non-essential cookies and tracking technologies at any time via the "Cookie Settings" link in our website footer.

Legal Basis for the Processing

Our processing activities are based on the following legal grounds under the GDPR:

  • Art. 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose (e.g., non-essential cookies, newsletter subscription).
  • Art. 6(1)(b) GDPR applies if processing is necessary for the performance of a contract or user relationship, for example account registration, login, account-state synchronization, saved favorites, shopping lists, cocktail ratings, and requested authentication services.
  • Art. 6(1)(c) GDPR applies where processing is necessary for compliance with a legal obligation to which we are subject (e.g., tax obligations, managing consent records).
  • Art. 6(1)(d) GDPR may apply in rare cases where processing is necessary to protect the vital interests of the data subject or another natural person.
  • Art. 6(1)(f) GDPR serves as the legal basis for processing operations not covered by other grounds, if processing is necessary for the purposes of the legitimate interests pursued by us or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. Examples include ensuring system security and stability (server logs), optimizing website content, responding to general inquiries, or funding the site via affiliate links. Our legitimate interest is generally the performance of our business activities.

Data Protection Officer

The Data Protection Officer of the controller is:

Amir Heyder
c/o AmNi Software Solutions UG (haftungsbeschränkt)
Pestalozzistraße 25
22305 Hamburg
Deutschland
Email: datenschutz@amnisoftware.de

Any data subject may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning data protection.

Existence of Automated Decision-Making

We do not use fully automated decision-making according to Art. 22 GDPR that produces legal effects concerning you or similarly significantly affects you. Analytics and user-experience tools may create aggregated or pseudonymized usage patterns after consent, but we do not use them for decisions with legal or similarly significant effects.

Augmented Reality Features

Our website features augmented reality experiences powered by AR.js, which require access to your device's camera. Please note that this camera access is used solely for providing the AR functionality, and all video processing is performed locally on your device. No images or video data captured by your camera are transmitted to our servers or any third-party services.

The external libraries used for AR are loaded via trusted content delivery networks and do not process or store your personal data. By using our AR features, you consent to the camera access required for these experiences.

Legal or Contractual Requirements to Provide Personal Data

We clarify that the provision of personal data is partly required by law (e.g., tax regulations) or can also result from contractual provisions. For example, the data subject may be required to provide us with personal data when entering into a contract with us. Failure to provide the personal data would mean that the contract could not be concluded.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new privacy policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

Last updated: April 27, 2026