Privacy Policy

As a Swiss company, we are subject to the Swiss Data Protection Act (DSG). For users in the EU, we comply with the General Data Protection Regulation (GDPR).

3.1 Registration and Account Data:

• Email address
• Full name
• Password (encrypted)
• Account type (private/business customer)
• Creation and update timestamps

3.2 Image Data:

• Photos you upload
• AI-generated images
• Processing metadata (tool type, timestamps)

3.3 Usage and Transaction Data:

• Credit balance and usage
• Subscription status
• Payment information (via external payment provider)
• Ratings and feedback (NPS ratings)

3.4 B2B-Specific Data:

• Company name
• Employee email addresses
• Consent declarations (timestamp, IP address)
• HR dashboard activities

3.5 Technical Data:

• IP address
• Browser type and version
• Operating system
• Access times
• Referrer URL
• Session data (cookies)

4.1 Contract Performance (Art. 6(1)(b) GDPR):

• Platform and service provision
• AI-powered image processing
• Account management and credit system
• Payment processing

4.2 Consent (Art. 6(1)(a) GDPR):

• Processing of employee photos (B2B)
• Marketing communications (if consented)
• Analytics cookies

4.3 Legitimate Interests (Art. 6(1)(f) GDPR):

• Service improvement
• Security and fraud prevention
• Error analysis and system stability

4.4 Legal Obligations (Art. 6(1)(c) GDPR):

• Retention of invoices (tax law)
• Compliance with legal disclosure requirements

We use AI technology for automated image processing. Processing is performed by specialized AI services. Your images are used exclusively for order fulfillment and not for training AI models.

We disclose your data to the following categories of recipients:

• Cloud hosting providers: For storage and platform delivery
• Database services: For secure data storage
• AI processing services: For image editing and generation
• Payment processors: For payment and subscription management
• Email services: For transactional emails (confirmations, links, notifications)
• Error analysis tools: For system stability and error handling
• Analytics services: For anonymized usage statistics

All recipients are contractually obligated to comply with data protection regulations.

Some of our service providers have server locations outside the EU/EEA. Transfers are based on adequacy decisions by the EU Commission or standard contractual clauses according to Art. 46 GDPR.

• Account data: As long as your account is active
• B2B upload process: Uploaded images deleted after 1 hour
• B2C generated images: Automatically deleted after 30 days (subject to change)
• Selected images: Stored permanently until manual deletion
• Payment data: According to tax retention requirements (10 years)
• Log files: Automatic deletion after 90 days

9.1 For B2B customers, we act as a data processor pursuant to Art. 28 GDPR. The customer is the controller for employee data.

9.2 The customer is responsible for obtaining employee consent. We provide a GDPR-compliant template for this purpose.

9.3 For compliance purposes, we record: consent timestamp and IP address.

10.1 Technically necessary cookies:

• Session management and authentication
• Security features
• Preferences (e.g., language)

10.2 Analytics (with consent):

We use anonymized analytics tools to understand and improve platform usage.

10.3 Error analysis:

To ensure system stability, we use error tracking services that capture pseudonymized error data.

AI-powered image processing is automated. However, there is no profiling within the meaning of Art. 22 GDPR that has legal effects on you.

You have the following rights:

• Right of access (Art. 15 GDPR): Information about your stored data
• Right to rectification (Art. 16 GDPR): Correction of incorrect data
• Right to erasure (Art. 17 GDPR): Deletion of your data
• Right to restriction (Art. 18 GDPR): Restriction of processing
• Right to data portability (Art. 20 GDPR): Transfer of your data in structured format
• Right to object (Art. 21 GDPR): Object to processing
• Right to withdraw consent (Art. 7 GDPR): Withdraw given consents

Contact: support@profilebakery.com

You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.

Switzerland: Federal Data Protection and Information Commissioner (FDPIC)
Germany: State data protection officer of your federal state

We implement technical and organizational measures to protect your data:

• Encrypted data transmission (SSL/TLS)
• Encrypted data storage
• Access restrictions and authorization concepts
• Regular security updates

Providing your data (email, name, images) is required to use our services. Without this data, we cannot provide our service.