The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data includes all information that can be used to identify you.
Data processing on this website is carried out by the site operator. The contact details can be found in the legal notice.
We host this site on Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA. Vercel processes IP addresses, browser data, and page requests on our behalf. Processing is based on Art. 6 (1) lit. f GDPR (legitimate interest in secure and efficient hosting). A data processing agreement and EU Standard Contractual Clauses are in place.
More info: https://vercel.com/legal/privacy-policy
Uploaded photos and generated story assets are stored in Vercel Blob Storage exclusively to deliver the requested content.
We take the protection of your personal data seriously. All data is handled confidentially and in accordance with statutory regulations and this privacy policy.
Dr. Timo Machmer
Odenwaldring 20
67141 Neuhofen
Email: info@holidaystorys.com
The controller is the natural or legal person who decides alone or jointly with others on the purposes and means of processing personal data.
We use technically necessary cookies to provide the service. Server logs provided by Vercel include browser type, referrer URL, hostname, IP address, and timestamps. Logs are deleted automatically after short retention periods.
You may request information about stored personal data, its origin, recipients, and purpose at any time free of charge. You also have the right to rectification, erasure, or restriction of processing as well as data portability. Contact us via the address listed above.
We use Clerk Inc., 201 Mission Street, Suite 1900, San Francisco, CA 94105, USA for authentication. Clerk processes your email address, name, optional avatar, login timestamps, and IP addresses for security purposes. Processing is based on Art. 6 (1) lit. b GDPR (contract performance) and Art. 6 (1) lit. f GDPR (secure authentication). Transfers rely on EU Standard Contractual Clauses.
Convex Inc. (USA) powers our backend. Convex stores user profiles (ID, name, email via Clerk), created stories, metadata, and usage timestamps. Processing is required to fulfill the contract (Art. 6 (1) lit. b GDPR). Standard Contractual Clauses apply to transfers.
Credit card payments are handled by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Stripe processes names, email addresses, customer IDs, checkout session IDs, purchased packages, payment status, amount, and technical data (IP, browser) for fraud prevention. Card data is stored exclusively by Stripe. Processing is based on Art. 6 (1) lit. b GDPR (contract) and Art. 6 (1) lit. f GDPR (secure payment processing). Transfers rely on EU Standard Contractual Clauses.
Users can generate shareable links for individual stories. A randomly generated token is stored together with the story ID, user ID, and expiration date (default 30 days). Anyone with the token can view the shared content. Sharing is voluntary and based on Art. 6 (1) lit. a GDPR (consent) or Art. 6 (1) lit. b GDPR (requested functionality). Links can be revoked at any time.
We use Google Gemini AI to generate story text plans and images. The prompts contain the selected destination, style, captions, and the uploaded reference image. Google processes this data exclusively to fulfill the generation request; generated content is not reused for model training. Processing is based on Art. 6 (1) lit. b GDPR (contract performance).
Personal data is stored only as long as necessary to fulfill contractual obligations or legal retention requirements. User account data persists until the account is deleted. Story content remains until you delete it or remove your account. Payment information is retained for tax obligations (usually up to 10 years).
You may revoke any consent you previously granted, effective for the future. You may also object to processing based on Art. 6 (1) lit. f GDPR if there are reasons relating to your particular situation. Simply contact us via the address above.
You have the right to lodge a complaint with a supervisory authority. The competent authority for Rhineland-Palatinate (Germany) is: The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate, Hintere Bleiche 34, 55116 Mainz, Germany.