SimpleLabs

Privacy Policy

Information on the processing of personal data in accordance with GDPR

As of: January 25, 2026

1)

Data Controller

The responsible party for data processing on this website is:

Ross Alexander Khrisna

Hermannstraße 4, 34117 Kassel, Germany

Email: alex.khr@yahoo.com

Privacy Contact (Requests/Deletion): info@simple-labs.ai

2)

General Data Processing

We process personal data in accordance with the General Data Protection Regulation (GDPR). This privacy policy informs you about the type, scope, purpose, legal basis, and your rights under Art. 13 GDPR.

3)

Categories of Processed Data

Depending on usage, we process the following data:

  • Account/Master data: Username, email, profile information if applicable
  • Contract/Payment data: Plan, billing status, transaction IDs (no complete card/account data stored with us)
  • Usage data: Feature usage, credit consumption, timestamps, technical events
  • Technical data/Logs: IP address, device/browser information, security logs
  • Content data: Uploaded images/videos, generated outputs, prompts, negative prompts, metadata
  • Community data (Discord): Username/IDs, messages/interactions within our community (as provided by you)
  • Support/Communication data: Content of emails/support requests, bug reports, attachments
4)

Purposes of Processing

We process data for the following purposes:

  • Providing and operating the platform (login, membership, credits, generation, publisher/scheduler)
  • Contract processing, billing, fraud/abuse prevention
  • Performing AI generations (including forwarding necessary inputs to third-party providers)
  • Moderation/content policy enforcement, security (e.g., abuse detection)
  • Support, error analysis (bug reports), product improvement
  • Documentation (e.g., terms acceptance, withdrawal/dispute handling)
5)

Legal Basis

Depending on the processing, we rely on:

  • Art. 6(1)(b) GDPR (Contract/pre-contractual measures: account, membership, credits, generation, publisher)
  • Art. 6(1)(c) GDPR (Legal obligations: e.g., retention/compliance)
  • Art. 6(1)(f) GDPR (Legitimate interests: security, abuse prevention, IT operations, error analysis)
  • Art. 6(1)(a) GDPR (Consent: e.g., optional cookies/tracking, if used)
  • § 25 TDDDG for storing/accessing information on your device (cookies/similar technologies), where required
6)

Cookies, Device Access, Consent Management

We use cookies and/or similar technologies (e.g., Local Storage) to:

  • Enable website operation (e.g., session, login, language, security)
  • Optional: Analytics/marketing (only with your consent)

Legal situation: Storing information on your device or accessing it is generally only permitted with consent, except in legally prescribed cases (e.g., strictly necessary). If we use non-essential cookies/technologies, this only occurs after your consent via a cookie banner.

7)

Registration & User Account

When creating an account, we process your information for account setup and management, authentication, and contract fulfillment (Art. 6(1)(b) GDPR).

8)

Membership, Credits, Billing (Stripe)

For payments, we use Stripe (payment service provider). Data required for payment processing (e.g., name/email, payment status, transaction information) is transmitted to Stripe. Legal basis is Art. 6(1)(b) GDPR (contract) and Art. 6(1)(f) GDPR (fraud prevention, secure payment processing).

Note: Payment data such as complete credit card numbers are typically processed directly by Stripe and not stored with us.

9)

AI Generation (Images/Videos) & Third-Party Sharing

To provide AI generations, depending on the selected model/provider, we may transmit the following data to external AI service providers as required: Legal basis: Art. 6(1)(b) GDPR (contract).

  • Prompts/negative prompts, parameters
  • Uploaded images/videos (inputs) and metadata if applicable
  • Technical request data (e.g., job IDs, error codes)

Important: The AI providers used may vary (e.g., depending on the model). We transparently display within the platform before execution or in a current provider list which third-party providers are used for the specific generation and which data categories are required.

10)

Publisher/Scheduler & Social Media Integrations

When you connect social media accounts, we process depending on the integration: Legal basis: Art. 6(1)(b) GDPR.

  • Tokens/access data (to the technically required extent)
  • Scheduled posts/metadata (time, channel, media references)
  • Status information (success/error)

Please note: When publishing/transmitting, data is also processed by the respective social media platforms (under their own responsibility).

11)

Discord Community

For the community, we use Discord (third-party provider). When you join or interact on our Discord, Discord processes data under its own responsibility according to their privacy policy. Additionally, we may process data provided within Discord (e.g., nickname, messages, moderation actions) as required for community organization, moderation, or support. Legal basis: Art. 6(1)(b) GDPR (community as part of service) and/or Art. 6(1)(f) GDPR (moderation, security).

12)

Bug Reports & Prompt Library (Credit Compensation)

When you report bugs or submit prompts, we process the submitted content including metadata (timestamp, reproduction steps, attachments) to: Legal basis: Art. 6(1)(b) GDPR (contract) and Art. 6(1)(f) GDPR (security, abuse prevention, quality assurance).

  • Review/reproduce bugs
  • Prevent abuse
  • Assign credit compensation
13)

Moderation, Abuse Prevention, Security

To enforce our usage rules (e.g., prohibition of illegal/violent/sexually explicit content), we may: Legal basis: Art. 6(1)(f) GDPR (security, protection against abuse) and possibly Art. 6(1)(c) GDPR (legal obligations).

  • Review content (manually and/or technically assisted)
  • Block accounts/requests
  • Analyze security logs (e.g., anomalies, rate limits)
14)

Recipients / Categories of Recipients

We may transmit data to the following categories of recipients:

  • Payment service provider: Stripe
  • Community platform: Discord
  • AI service providers/compute providers: depending on selected model/job (indicated in-app)
  • Hosting/CDN/IT service providers: infrastructure operation (if used)
  • Support/communication service providers: email/support tools (if used)
  • Authorities/courts/advisors: as required (e.g., legal enforcement, compliance)
15)

Third Country Transfer (outside EU/EEA)

When we use service providers outside the EU/EEA (e.g., USA), personal data may be transferred to third countries. In such cases, we ensure - where required - appropriate safeguards (e.g., Standard Contractual Clauses (SCC)) and review additional protective measures based on risk assessment.

16)

Retention Period & Deletion

We store data only as long as necessary for the purposes:

  • Account/contract data: Until account deletion or contract end, then restriction/deletion as applicable
  • Billing/documentation data: According to legal retention requirements
  • Logs/security data: As long as required for security/abuse prevention and error analysis, then deletion/anonymization
  • Content data (uploads/prompts/outputs): As long as you maintain them in your account or until deletion/account closure, unless legal reasons prevent this

Deletion on request: You can request deletion of your account and data at info@simple-labs.ai. We may require identity verification to prevent unauthorized deletions.

17)

Your Rights

Subject to legal requirements, you have the following rights:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing based on legitimate interests (Art. 21 GDPR)
  • Withdrawal of consent at any time with future effect (Art. 7(3) GDPR)
18)

Right to Complain to Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority includes the Hessian Data Protection Commissioner (HBDI).

19)

Obligation to Provide Data

Certain data is required for using the platform (e.g., email for login, payment status for membership). Without this data, we cannot provide services or can only provide them with limitations.

20)

Automated Decision-Making / Profiling

Automated decision-making within the meaning of Art. 22 GDPR generally does not take place. Where we use technical procedures for abuse detection/moderation, these serve security and rule enforcement; decisions with significant impact (e.g., permanent bans) are generally made with human review.

21)

Data Security

We implement appropriate technical and organizational measures to protect data against loss, misuse, and unauthorized access (e.g., access controls, encryption, logging, role/rights management). Scope and status are based on risk and technical development.

22)

Changes to This Privacy Policy

We may update this privacy policy if the legal situation, services, or data processing changes. The current version is always available on the website.

Back to home