socialix
Draft — pending legal review. This text is a working draft and is not yet legally binding. It is excluded from search indexing until reviewed by counsel.

Privacy Policy

Draft — not yet in effect.

This Privacy Policy explains how we process your personal data when you use Socialix, in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1. Controller

The controller responsible for processing your personal data is The Lucas Agency GmbH, whose full details are set out in our Impressum. For data-protection enquiries you can reach us at [email protected]. We have not appointed a data protection officer.

2. Categories of data we process

  • Account data — email address and authentication identifiers, plan and role, and (if you connect them) your Telegram or Discord identifiers.
  • Content data — the links you submit, files you upload, templates you create, and the outputs generated for you.
  • Usage and billing data — jobs you run, resource-usage records, subscription and payment status (we do not store full card data; this is handled by our payment processor).
  • Technical data — IP address, device/browser information, and log data, processed for security and operation.

3. Purposes and legal bases

  • Providing the service (account, rendering, delivery) — performance of a contract, Art. 6(1)(b) GDPR.
  • Billing and accounting — contract and legal obligation, Art. 6(1)(b) and (c) GDPR.
  • Security, abuse prevention, and service improvement — legitimate interests, Art. 6(1)(f) GDPR.
  • Optional analytics and error monitoring — your consent, Art. 6(1)(a) GDPR (see the Cookie Policy).

4. Processors and recipients

We use carefully selected service providers who process personal data on our behalf under data-processing agreements (Art. 28 GDPR). The current principal sub-processors are:

ProcessorPurposeRegion
ClerkAuthentication & account managementUSA (SCCs)
StripePayments, subscriptions & invoicingEU / USA (SCCs)
ApifyRetrieval of source media you referenceEU / USA (SCCs)
Bright DataRetrieval of source media & analyticsEU / USA (SCCs)
OpenAIAI text & image generationUSA (SCCs)
xAI (Grok)AI image generationUSA (SCCs)
Google (Cloud Vision)Optical character recognitionEU / USA (SCCs)
CloudflareCDN, DNS, edge security & object storage (R2) backupsEU / USA (SCCs)
SentryError monitoring (consent-gated)EU / USA (SCCs)
Hetzner Online GmbHServer hostingGermany (Frankfurt)
Telegram / DiscordDelivery of outputs to destinations you connectVaries

When you choose to deliver outputs to a connected destination (e.g. a Telegram or Discord chat), that content is transmitted to the relevant platform and becomes subject to that platform's own processing and terms.

5. International transfers

Our servers are located in the European Union. Some processors listed above may process data outside the EU/EEA. Where that occurs, the transfer is safeguarded by an adequacy decision or by the European Commission's Standard Contractual Clauses together with appropriate additional measures.

6. Cookies and tracking

We use strictly necessary cookies to operate the service, and optional analytics/monitoring only with your consent. Details and your controls are in the Cookie Policy.

7. Retention

We keep personal data only as long as necessary for the purposes above. Account and content data are deleted when you delete your account, subject to a short grace period for recovery and to our standard backup rotation. Invoices and other records subject to statutory retention (e.g. § 147 AO / GoBD, generally up to 10 years) are retained for the required period even after account deletion. Old job artefacts and uploads are purged automatically under our retention schedule.

8. Your rights

Under the GDPR you have the right to:

  • access your data (Art. 15);
  • rectify inaccurate data (Art. 16);
  • erase your data (Art. 17);
  • restrict processing (Art. 18);
  • data portability (Art. 20);
  • object to processing based on legitimate interests (Art. 21); and
  • withdraw consent at any time, without affecting prior processing.

You can export your data and delete your account at any time from your account settings, or contact us using the details above.

9. Automated processing and AI

We use AI to generate and modify content at your request. We do not make decisions producing legal or similarly significant effects about you based solely on automated processing within the meaning of Art. 22 GDPR.

10. Right to complain

You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your residence or place of the alleged infringement. The authority competent for us is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW).

11. Security

We implement appropriate technical and organizational measures to protect personal data, including encryption in transit, access controls, and ownership checks on stored files.

12. Children

Socialix is not directed to children under 16 and we do not knowingly process their data.

13. Changes

We may update this Policy to reflect changes in our processing or the law. We will post the updated version here and, where appropriate, notify you.