Scribe Spark Logo

Scribe SparkPrivacy Policy

Data Privacy Policy

0. Controller and Applicability

This Privacy Policy describes how personal data is processed by:

Coderilla GmbH
Alte Kasernstrasse 16
97082 Würzburg
Germany
Email: data-privacy@coderilla.de

The responsible party decides alone or jointly with others on the purposes and means of processing personal data (e.g. names, contact details, etc.).

1. Information We Collect

We collect information you provide directly to us, such as when you create an account, use our services or contact us for support.

  • Account information (name, email address, profile picture)
  • Profile preferences
  • Communication data when you contact us
  • Usage data and analytics

Scribe Spark is not intended for minors under 16 years; we do not knowingly collect such data.

2. How We Use Your Information

We use your information to provide, maintain and improve our services, process transactions, personalize content, communicate with you, ensure security and prevent fraud.

  • Service delivery and personalization
  • Contract management
  • Support and communications
  • Usage analysis for service improvements
  • Fraud detection and security monitoring

To protect users and maintain secure use of our platform, uploaded media files (e.g. images or videos) are automatically analyzed using Google Cloud Vision services. This analysis identifies potentially unsafe content such as nudity, violence, medical content or other sensitive categories. The results are shown only within the organization to which the media was uploaded and are visible to organization administrators for review and content-management purposes. We do not use this information for advertising, profiling or unrelated purposes, and we do not manually inspect media unless strictly required for security or legal reasons.

2.1 Legal Bases for Processing

  • Art. 6(1)(a) GDPR – your explicit consent (e.g. marketing emails)
  • Art. 6(1)(b) GDPR – performance of a contract with you (e.g. account creation)
  • Art. 6(1)(c) GDPR – legal compliance obligations
  • Art. 6(1)(f) GDPR – our legitimate interests (e.g. service optimization, fraud prevention)

3. Information Sharing

We do not sell or rent your personal data. We may share your data only in the following cases:

  • With your consent
  • If required by law or legal authority
  • To protect our rights and property
  • To our trusted service providers who process your data under confidentiality agreements

For moderation purposes, organization administrators may see information about the uploader of media files (such as ID or email address) in order to manage user behavior, prevent abuse and ensure compliance with organizational policies. This access is limited strictly to the organization’s administrative users and does not expose data to other customers.

3.1 Service Providers and Data Processors

We use a limited number of trusted third-party providers to operate and improve Scribe Spark. Each provider processes personal data only on our behalf and under a data-processing agreement in accordance with Art. 28 GDPR. Where transfers occur outside the EU/EEA, they are protected by the EU–US Data Privacy Framework or by Standard Contractual Clauses (SCCs) approved by the European Commission.

ProcessorPurpose of ProcessingLocation / Safeguard
Google Cloud Platform (Google Ireland Ltd.)Hosting infrastructure, authentication, database and media storage, automatic media analysis (safe-search and labeling) for content-moderation purposesData centers in EU (Frankfurt, Saint-Ghislain) and if applicable, Google LLC (US) under EU–US Data Privacy Framework & SCCs
Stripe Payments Europe Ltd.Payment processing and subscription managementEU / US – SCCs & Data Privacy Framework
Mailgun Technologies Inc.Transactional email delivery (e.g. notifications)US – Data Privacy Framework & SCCs
OpenAI Ireland Ltd. / OpenAI LLCAI content generation featuresEU + US – SCCs & Data Privacy Framework
PostHog EU Cloud (PostHog Ltd.)Product analytics, feature usage tracking, error diagnostics and—if consented—session replayHosted in the EU (Frankfurt) – processing under GDPR Art. 28 with DPA and SCCs where applicable

When you choose to connect your Instagram or Facebook account, Scribe Spark interacts with the Meta Platforms APIs (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland). Through this connection, we access and process the information that you authorize—such as page or profile identifiers, content engagement, media captions and publishing permissions—to enable scheduling and posting features. We do not obtain any additional personal data from Meta beyond what is necessary for these features. Processing is based on your consent (Art. 6 (1)(a) GDPR) and the contractual necessity to provide the integration (Art. 6 (1)(b) GDPR). For more details on how Meta processes data, please refer to the Meta Privacy Policy.

We ensure that all processors are carefully selected, bound by confidentiality obligations and process data only to the extent necessary for their assigned purpose. The list of active processors may be updated from time to time as our services evolve.

3.2 Product Analytics (PostHog)

We use PostHog Analytics (PostHog Ltd., EU Cloud Region – Frankfurt) to analyze how our web application is used. This helps us understand which features are most valuable and improve performance. The analytics are configured to prioritize privacy: by default, PostHog runs in cookieless mode without storing personal identifiers. Only if you consent to advanced analytics or session-recording cookies will PostHog set identifiers or record anonymized usage sessions.

The legal basis for processing analytics data is Art. 6 (1)(f) GDPR (our legitimate interest in improving our service) for cookieless anonymous analytics, and Art. 6 (1)(a) GDPR (your consent) for advanced analytics and recording features.

4. Cookies and Local Storage

Our application uses only technically necessary cookies and local-storage entries by default. These ensure secure login sessions and the core functionality of our services.

We also use PostHog Analytics (EU Cloud) to understand how our platform is used and to continuously improve its performance and usability. In its basic mode, PostHog operates without cookies or personal identifiers (“cookieless analytics”), which helps us measure aggregated usage without storing any personal data.

Additional analytics features—such as cookies for persistent identification, feature-flag evaluation or session-replay recording—are only activated after you give explicit consent in our cookie settings. You can change or withdraw your consent at any time via the cookie-preferences link below.

Manage your cookie preferences and view your current consent settings:

5. Data Security

We use appropriate technical and organizational measures—such as encryption, access controls and regular security reviews—to protect your data. However, no method of data transmission or storage is fully secure. Automated content-analysis measures are used as part of our security and abuse-prevention strategy to prevent harmful use of the platform.

6. International Transfers

Your personal data may be transferred to countries outside the EU/EEA. Such transfers are protected by GDPR-approved safeguards, such as standard contractual clauses.

7. Data Retention

We retain personal data only as long as necessary to provide services, comply with legal obligations, or resolve disputes. Some data (e.g. transactional records) may be retained longer if required by law.

8. Your Rights

Under GDPR, you have the right to:

  • Access, correct or delete your personal data
  • Restrict or object to processing
  • Withdraw consent at any time
  • Request data portability
  • Lodge a complaint with a supervisory authority (e.g., Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 27, 91522 Ansbach, Germany)

You can exercise your rights by contacting us via data-privacy@coderilla.de. We will respond within one month as required by Art. 12 GDPR.

9. Changes to This Policy

We may update this policy occasionally. The most recent version will always be published here with an updated “Last updated” date.

10. Contact

For privacy-related inquiries, please contact: data-privacy@coderilla.de

Coderilla GmbH
Alte Kasernstrasse 16
97082 Würzburg
Germany

Version 0.3.0 - Last updated: 11/13/2025