Privacy Policy

Last updated: 3/24/2026

Valid under the revised Swiss Data Protection Act (nDSG)

Our Promise to You

The avatar data and stories of your children that you create are sacred to us. They are stored exclusively in your private account and will never be used for training AI models. You can permanently delete all data at any time.

1. Responsible Entity and Legal Basis

The entity responsible for data processing under the revised Swiss Data Protection Act (nDSG) is Guetnachtschatz.ch. This privacy policy transparently informs you about the collection, processing, and use of your personal data, especially your children's data.

Important: Since children under 16 years of age are not capable of giving consent themselves, consent for data processing is explicitly obtained from you as a legal guardian.

2. Personal Data Collected

We collect and process the following personal data:

  • Parent Account Information: Email address, name, encrypted password
  • Children's Data: First name, age, gender, character traits, favorite color
  • Avatar Descriptions: Features you define such as hair color, eye color, skin tone, hair length for avatar creation (no photographs)
  • Content: Story prompts you create and generated stories including AI-generated illustrations
  • Payment Information: Processed exclusively by our PCI-DSS-certified partner Stripe. We do not store credit card information.
  • Usage Data: Technical data such as IP address (anonymized), device information, access times

Important: We do not collect photographs of your children. Avatar creation is done exclusively through text descriptions (parameters) that you enter.

3. Purpose and Legal Basis of Data Processing

Your data is processed exclusively for the following purposes:

  • Contract Fulfillment: Generation of personalized children's stories based on your specifications
  • Avatar Creation: Processing of your text descriptions for AI-assisted generation of an individual avatar image of your child
  • Payment Processing: Processing of premium subscriptions through our partner Stripe
  • Service Communication: Important updates, security notices, and support requests
  • Legal Obligations: Fulfillment of statutory retention and disclosure obligations

Legal Basis: Processing is based on your explicit consent in accordance with nDSG to use our service.

4. Use of Artificial Intelligence and Third Parties

We use external AI services to generate personalized stories, images, and audio recordings. We place great value on transparency:

AI Services Used:

  • Straico API (Text Generation): Server location: USA. For generating story texts based on your prompts.
  • Midjourney/DALL-E (Image Generation): Server location: USA. For creating story illustrations and avatars based on text descriptions.
  • ElevenLabs (Audio Synthesis): Server location: USA/EU. For audio narration of stories.
  • Supabase (Data Hosting): Server location: EU. For secure storage of your data.
  • Stripe (Payments): PCI-DSS Level 1 certified.

Use of AI Services:

The data you enter (story prompts, avatar descriptions) is transmitted to the respective AI services for processing. Your data is used exclusively to generate your content. The generated stories, images, and audio files are stored in your account and can be deleted at any time.

5. Data Security and Technical Measures

We implement comprehensive technical and organizational measures to protect your data:

  • Encryption: All passwords are hashed with bcrypt. Data transmission occurs exclusively via TLS/HTTPS.
  • Access Control: Row Level Security (RLS) in the database ensures that users can only access their own data.
  • Data Storage: All avatar descriptions and stories you create are stored encrypted in your private account.
  • Deletion: You can permanently delete all your data at any time, including avatar descriptions, stories, and generated images.
  • Backup: Regular encrypted backups with geographic redundancy.

6. Child Safety and Parental Responsibility

Guetnachtschatz is exclusively intended for legal guardians. We do not knowingly collect data directly from children. Use of our platform by children is only permitted under supervision and with express consent of legal guardians.

  • All generated content goes through automatic content filters to ensure age-appropriate material.
  • Parents can report inappropriate content at any time.
  • You can delete or export all of your child's data at any time.

7. Disclosure and Sale of Data

We never sell your personal data or your children's data. Disclosure occurs only in the following clearly defined cases:

  • Service Providers (Processors): AI providers for story generation, hosting provider (Supabase), payment service provider (Stripe). All service providers are contractually obligated to process your data only according to our instructions.
  • Legal Obligations: Only when legally required (e.g., official order).
  • With Your Consent: If you explicitly agree to the disclosure (e.g., when sharing a story with third parties).

8. Your Rights under nDSG

You have comprehensive rights under the revised Swiss Data Protection Act:

  • Right to Information (Art. 25 nDSG): You can request information at any time about what data we have stored about you and your children.
  • Right to Correction: You can have incorrect or incomplete data corrected at any time.
  • Right to Deletion: You can permanently delete your account and all associated data (including children's profiles, stories, photos) at any time.
  • Right to Data Portability: Export your stories as PDF or structured data exports upon request.
  • Right to Object: You can object to the processing of your data at any time or withdraw your consent.
  • Right to Complain: You have the right to file a complaint with the Federal Data Protection and Information Commissioner (FDPIC).

To exercise your rights, contact us at privacy@guetnachtschatz.ch

9. Data Retention and Deletion

Your data is only stored as long as necessary for the purpose:

  • Avatar Data: The avatar descriptions you create remain stored in your account and can be deleted by you at any time.
  • Stories and Children's Profiles: Remain stored as long as your account is active.
  • After Account Deletion: All personal data will be completely and permanently deleted within 30 days.
  • Legal Retention Periods: Payment data is retained for tax purposes for 10 years (anonymized).

10. Cookies and Tracking

We use only technically necessary cookies to maintain your login session and platform security. We do not use tracking cookies, analytics tools, or third-party advertising cookies. Your usage is not evaluated for marketing or profiling purposes.

11. Changes to this Privacy Policy

This privacy policy may be updated when our service or legal framework changes. For significant changes, we will notify you by email at least 30 days in advance. The current version is always available on our website.

12. Contact and Data Protection Officer

Responsible for data processing:

Guetnachtschatz.ch

Eschenring 8

6300 Zug

Email: privacy@guetnachtschatz.ch

For questions, concerns, or to exercise your data protection rights, you can contact us at any time. We will respond to your request within 30 days.

13. Supervisory Authority

For complaints, you can contact the Federal Data Protection and Information Commissioner:

Federal Data Protection and Information Commissioner (FDPIC)

Feldeggweg 1

3003 Bern, Switzerland

Web: www.edoeb.admin.ch