Privacy Policy

GbR Mika Jens Ramsl und Mats Ramsl An der Ehmsenkoppel 28 24376 Rabel, Germany Email: contact@mehrbytes.com

We take the protection of your personal data very seriously. This privacy policy informs you about what data we collect, how we process it, and what rights you have. Our website can generally be used without providing personal data. For certain features (e.g. registration, AI-powered analyses), the processing of personal data is required. The legal basis for this is Art. 6(1)(a), (b) and (f) GDPR.

Our website is hosted by Vercel Inc. (440 N Barranca Ave #4133, Covina, CA 91723, USA). When visiting our website, technical data is automatically collected (e.g. IP address, browser type, operating system, time of access). This data is technically necessary for delivering the website. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in reliable website delivery). More info: https://vercel.com/legal/privacy-policy

Registration is required to use our platform. The following data is collected: • Email address • Name (optional) • Password (stored encrypted) Alternatively, we offer sign-in via Google OAuth. In this case, we receive your email address and name from Google. We do not have access to your Google password. Legal basis: Art. 6(1)(b) GDPR (contract fulfillment).

We use Firebase by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) for: • Authentication (Firebase Authentication): Management of user accounts, login sessions and security tokens. • Database (Cloud Firestore): Storage of user profiles (email, name, account tier, creation date). Firebase may process technical data such as IP addresses and device information to ensure authentication security. Legal basis: Art. 6(1)(b) GDPR (contract fulfillment). More info: https://firebase.google.com/support/privacy

We use AI services to generate domain names, brand kits and logos. The following providers are used: a) OpenAI (OpenAI, L.L.C., San Francisco, USA) We use the OpenAI API (GPT-4o-mini and DALL-E 3 models) to generate brand names, color palettes, typography suggestions and logos. Your inputs (business description, preferences) are transmitted to OpenAI. OpenAI processes this data according to their privacy policy and stores API requests for up to 30 days for abuse detection. b) Google Generative AI (Google Ireland Limited) We use Google Gemini for logo generation. Your domain name, color scheme and description are transmitted to Google. c) Perplexity AI (Perplexity AI, Inc., San Francisco, USA) For market analysis, we use the Perplexity API. Project name and description are transmitted to research market and competitor data. Legal basis: Art. 6(1)(b) GDPR (contract fulfillment) and Art. 6(1)(a) GDPR (consent through use of the feature). Important: Please do not enter sensitive personal data into the AI input fields.

To check domain availability, we use the RDAP protocol (Registration Data Access Protocol). The entered domain names are transmitted to the responsible registry servers (e.g. DENIC for .de, Verisign for .com/.net). No personal data is shared with the registries — only the domain name being checked. Results are cached server-side for 10 minutes to avoid unnecessary requests. Legal basis: Art. 6(1)(b) GDPR (contract fulfillment).

We offer the ability to check username availability on social networks. The entered usernames are transmitted to the respective platforms: • Instagram (Meta Platforms Ireland Ltd.) • TikTok (TikTok Technology Limited, Dublin) • GitHub (GitHub, Inc., San Francisco) Only publicly available information is queried (whether a username is taken or not). Results are cached server-side for 1 hour. Legal basis: Art. 6(1)(b) GDPR (contract fulfillment).

We use Google Fonts to display typefaces in the Brand Kit. When loading fonts, a connection to Google servers is established, and your IP address is transmitted to Google. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in appealing visual presentation). More info: https://policies.google.com/privacy

We use your browser's local storage (localStorage) to save user settings and intermediate results, such as: • Project data and idea descriptions • Inputs and preferences (e.g. creativity level) • Generated brand kit data This data does not leave your browser and is not transmitted to our servers. You can delete this data at any time through your browser settings.

Our website does not use marketing or tracking cookies. Only technically necessary cookies and tokens are used: • Firebase Authentication Tokens: To maintain your login session. These are required for the platform to function and cannot be disabled. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in functioning authentication).

Some of our service providers are based in the USA: • Vercel Inc. (Hosting) • OpenAI, L.L.C. (AI services) • Perplexity AI, Inc. (Market analysis) • GitHub, Inc. (Social media check) Data transfers are based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR) or Standard Contractual Clauses (Art. 46(2)(c) GDPR).

Under the GDPR, you have the following rights: • Right of access (Art. 15 GDPR): You can request information about your stored data. • Right to rectification (Art. 16 GDPR): You can request correction of inaccurate data. • Right to erasure (Art. 17 GDPR): You can request deletion of your data. • Right to restriction (Art. 18 GDPR): You can request restriction of processing. • Right to data portability (Art. 20 GDPR): You can receive your data in a common format. • Right to object (Art. 21 GDPR): You can object to processing. • Right to withdraw consent (Art. 7(3) GDPR): Consent can be withdrawn at any time. To exercise your rights, contact: contact@mehrbytes.com You also have the right to lodge a complaint with a data protection supervisory authority.

• User account: Your data is stored as long as your account exists. After account deletion, all personal data will be deleted within 30 days. • Rate limiting data: Stored server-side for a maximum of 2 hours and automatically deleted. • Cache data (domain/social checks): Stored server-side for 10 minutes to 1 hour. • Local browser data: Remains in your browser until you delete it.

We reserve the right to update this privacy policy to reflect changes in legal requirements or modifications to our service. The current version is always available on this page.

For privacy-related questions, contact us at: GbR Mika Jens Ramsl und Mats Ramsl An der Ehmsenkoppel 28 24376 Rabel, Germany Email: contact@mehrbytes.com