Last updated: February 2026
The data controller responsible for data processing under the General Data Protection Regulation (GDPR) is: Jens Eden Dorotheenstraße 64 53111 Bonn Deutschland Email: admin@poemdiary.com
Poem Diary is an iOS app that uses artificial intelligence to create personalized poems and wisdoms from your photos. This privacy policy informs you about what personal data we collect, how we use it, and what rights you have.
We collect and process the following data:
Poem Diary uses Sign in with Apple for user authentication. Your email address is transmitted - either your real Apple-ID email address or a private relay address generated by Apple, depending on your choice. This email address is stored in our database for managing your user account. Legal basis: Art. 6(1)(b) GDPR (performance of contract)
The photos you upload are processed to generate personalized poems using artificial intelligence. The AI analyzes the general image content (scenery, mood, colors, objects) as creative inspiration – no face detection, facial recognition, or other biometric processing takes place. The images are stored in cloud storage (Hetzner, Germany) and are automatically deleted when you remove the associated poem or delete your account. Legal basis: Art. 6(1)(b) GDPR (performance of contract)
The poems created by the AI are associated with your user account and stored so that you can access them at any time. Legal basis: Art. 6(1)(b) GDPR (performance of contract)
We use an anonymous device ID for technical assignment of your data and to enable offline functionality. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in technical functionality)
If you grant location permission, we store the capture location (coordinates and place name) together with your poem. This is voluntary - without location permission, only the date is stored. Legal basis: Art. 6(1)(a) GDPR (consent) in conjunction with iOS location permission
To prevent abuse and ensure service quality, we store the following data, which is retained even after account deletion:
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in abuse prevention and ensuring service quality)
Your data is stored on secure servers within the European Union or Germany:
Your data is stored as long as your user account exists. When you delete your account, all associated data (email address, images, poems) is irreversibly deleted. Images are also deleted when you remove individual poems.
We use the following third-party providers to deliver our services:
For AI-based poem generation, your images are transmitted to the Claude API by Anthropic (USA). The transfer to the USA is based on Art. 49(1)(b) GDPR (performance of contract) and on Standard Contractual Clauses (SCCs) implemented by Anthropic. Anthropic processes the images solely for generating the poem and does not store them permanently.
Our API servers are operated by Vercel (USA). Each time you use the app, technical requests are processed through Vercel servers. The transfer to the USA is based on Art. 49(1)(b) GDPR (performance of contract) and on Standard Contractual Clauses (SCCs).
Supabase is used for authentication (in conjunction with Sign in with Apple) and data storage. The servers are located in the EU.
PowerSync enables offline synchronization of your data, allowing you to use the app without an internet connection.
We use RevenueCat (USA) for processing in-app purchases. RevenueCat receives information about your purchases but no direct payment data, as this is handled exclusively through Apple. The transfer to the USA is based on Art. 49(1)(b) GDPR (performance of contract) and on Standard Contractual Clauses (SCCs).
To ensure the integrity of our app, we use Apple App Attest. Technical data is transmitted to Apple for device verification. No personal data is shared with Apple.
Poem Diary requests the following permissions, for which iOS displays a separate consent dialog:
You can revoke these permissions at any time in iOS Settings.
The app is rated 4+ in the App Store, meaning the content is suitable for all age groups. However, under Art. 8 GDPR, consent for data processing by children under 16 years requires parental or guardian approval. We do not knowingly collect personal data from children under 16 without parental consent. If we become aware that a child under 16 has provided us with personal data without parental consent, we will delete this data immediately.
Under the GDPR, you have the following rights:
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). You can contact the supervisory authority of your place of residence, your workplace, or the place of the alleged violation.
We implement technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security measures are continuously improved in line with technological developments. Data transmission is encrypted via HTTPS/TLS.
We reserve the right to update this privacy policy to reflect changes in legal requirements or changes to the app or data processing. The current version is always available at https://poemdiary.com/privacy.
For questions about data protection or to exercise your rights, please contact us at: Email: admin@poemdiary.com