Privacy Policy

1. Controller

HybridAI UG (haftungsbeschränkt)
Im Mediapark 5
50670 Köln

Email for privacy inquiries: datenschutz@hybridai.one

2. Data We Collect

We collect the following categories of personal data:

• Account data (e.g., name, email address)
• Content you create (books, texts, images)
• Usage data (e.g., interactions with the service)
• Device information (e.g., browser, operating system)

3. Purposes of Processing

• Providing and operating the AI-powered book writing service
• Improving and developing our services
• IT security and protection against misuse
• Communication with you (support, updates)

4. Legal Basis

• Your consent (Art. 6(1)(a) GDPR)
• Contract performance (Art. 6(1)(b) GDPR)
• Legitimate interests (Art. 6(1)(f) GDPR)

5. AI Service Providers

To provide our AI features, we work with the following partners:

• Anthropic (Claude)
• OpenAI
• Google (Gemini)
• X.AI (Grok)
• Mistral AI

We have signed data processing agreements with all AI service providers.

None of our AI service providers are permitted to use data processed through Hermes 3000 to train their own AI models. This is contractually excluded.

6. Subprocessors and Technology Partners

We use the following service providers to operate Hermes 3000:

• Hetzner Online GmbH — Hosting and data center (Location: Germany)
• Weaviate B.V. — Vector database for semantic search (Location: Netherlands)
• Google LLC — Web analytics (Google Analytics) — only with your consent
• PostHog Inc. — Product analytics — only with your consent
• Stripe Inc. — Payment processing and subscription management
• Amazon Web Services (AWS) — Encrypted security backups on Amazon S3

We have signed data processing agreements pursuant to Art. 28 GDPR with all subprocessors.

A Data Processing Agreement (DPA) as outlined in our Terms of Service (§ 11) applies between you and HybridAI UG, which takes effect automatically upon registration.

7. Sign in with Google (OAuth)

You have the option to sign in to Hermes 3000 using your Google account. When using this feature, the following data is processed:

• From Google, we receive: your email address, your name, and your Google user ID
• We use this data exclusively for authentication and creating or linking your user account.
• We do not gain access to your Google password or other Google services (such as Gmail, Drive, etc.).
• If an account with your Google email address already exists, your Google login will be automatically linked to that account.
• You can revoke the connection to Google at any time in your Google account settings under 'Third-party apps with account access'.

8. Backup and Data Retention

We store your data only as long as necessary for the purposes for which it was collected, but no longer than 3 months after your last use. Account data is removed after you delete your account. Created content is deleted upon your request.

To protect your data, we follow a multi-tier backup strategy: All data is backed up hourly on our own systems. Additionally, backups are created twice daily in an alternative format. Once daily, a complete encrypted backup is transferred to an external system (Amazon S3).

9. Your Rights

You have the following rights regarding your personal data:

• Right of access
• Right to rectification
• Right to erasure
• Right to restriction of processing
• Right to data portability
• Right to object

To exercise your rights, contact us at: datenschutz@hybridai.one

10. Cookies

We only use technically necessary cookies for the functionality of the application (e.g., authentication). No tracking cookies are set without your explicit consent.

11. Changes to This Privacy Policy

We reserve the right to adapt this privacy policy to reflect changes in legal requirements or changes to the service. The current version can always be found on this page.