Poem Diary

Privacy Policy

Last updated: February 2026

1. Data Controller

The data controller responsible for data processing under the General Data Protection Regulation (GDPR) is: Jens Eden Dorotheenstraße 64 53111 Bonn Deutschland Email: admin@poemdiary.com

2. General Information on Data Processing

Poem Diary is an iOS app that uses artificial intelligence to create personalized poems and wisdoms from your photos. This privacy policy informs you about what personal data we collect, how we use it, and what rights you have.

3. Data Collected and Purpose of Processing

We collect and process the following data:

3.1 Sign in with Apple

Poem Diary uses Sign in with Apple for user authentication. Your email address is transmitted - either your real Apple-ID email address or a private relay address generated by Apple, depending on your choice. This email address is stored in our database for managing your user account. Legal basis: Art. 6(1)(b) GDPR (performance of contract)

3.2 Images

The photos you upload are processed to generate personalized poems using artificial intelligence. The AI analyzes the general image content (scenery, mood, colors, objects) as creative inspiration – no face detection, facial recognition, or other biometric processing takes place. The images are stored in cloud storage (Hetzner, Germany) and are automatically deleted when you remove the associated poem or delete your account. Legal basis: Art. 6(1)(b) GDPR (performance of contract)

3.3 Generated Poems

The poems created by the AI are associated with your user account and stored so that you can access them at any time. Legal basis: Art. 6(1)(b) GDPR (performance of contract)

3.4 Device ID

We use an anonymous device ID for technical assignment of your data and to enable offline functionality. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in technical functionality)

3.5 Location Data

If you grant location permission, we store the capture location (coordinates and place name) together with your poem. This is voluntary - without location permission, only the date is stored. Legal basis: Art. 6(1)(a) GDPR (consent) in conjunction with iOS location permission

3.6 Usage History

To prevent abuse and ensure service quality, we store the following data, which is retained even after account deletion:

  • For free users: A non-reversible hash value (SHA256) of your identity together with the number of your remaining free poems. Upon re-registration, your previous quota is restored. Users who have previously had a subscription will not receive free poems upon re-registration.
  • For subscribers: Your subscription ID (provided by Apple) together with your usage counter per billing period. This data is linked to your subscription and serves to enforce our fair use policy (see Terms of Service).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in abuse prevention and ensuring service quality)

4. Data Storage and Retention Period

Your data is stored on secure servers within the European Union or Germany:

  • Supabase (EU servers): User accounts, email addresses, generated poems
  • Hetzner (Germany): Image storage

Your data is stored as long as your user account exists. When you delete your account, all associated data (email address, images, poems) is irreversibly deleted. Images are also deleted when you remove individual poems.

5. Third-Party Providers and Data Transfer

We use the following third-party providers to deliver our services:

5.1 Anthropic Claude API (USA)

For AI-based poem generation, your images are transmitted to the Claude API by Anthropic (USA). The transfer to the USA is based on Art. 49(1)(b) GDPR (performance of contract) and on Standard Contractual Clauses (SCCs) implemented by Anthropic. Anthropic processes the images solely for generating the poem and does not store them permanently.

5.2 Vercel (USA)

Our API servers are operated by Vercel (USA). Each time you use the app, technical requests are processed through Vercel servers. The transfer to the USA is based on Art. 49(1)(b) GDPR (performance of contract) and on Standard Contractual Clauses (SCCs).

5.3 Supabase

Supabase is used for authentication (in conjunction with Sign in with Apple) and data storage. The servers are located in the EU.

5.4 PowerSync

PowerSync enables offline synchronization of your data, allowing you to use the app without an internet connection.

5.5 RevenueCat (USA)

We use RevenueCat (USA) for processing in-app purchases. RevenueCat receives information about your purchases but no direct payment data, as this is handled exclusively through Apple. The transfer to the USA is based on Art. 49(1)(b) GDPR (performance of contract) and on Standard Contractual Clauses (SCCs).

5.6 Apple

To ensure the integrity of our app, we use Apple App Attest. Technical data is transmitted to Apple for device verification. No personal data is shared with Apple.

6. iOS Permissions

Poem Diary requests the following permissions, for which iOS displays a separate consent dialog:

  • Photo Library Access: To select and upload photos for poem generation
  • Camera Access: To take photos directly for poem generation
  • Location Access: To optionally store the capture location with your poem. The app works without this permission - in that case, only the date is stored.

You can revoke these permissions at any time in iOS Settings.

7. Use by Minors

The app is rated 4+ in the App Store, meaning the content is suitable for all age groups. However, under Art. 8 GDPR, consent for data processing by children under 16 years requires parental or guardian approval. We do not knowingly collect personal data from children under 16 without parental consent. If we become aware that a child under 16 has provided us with personal data without parental consent, we will delete this data immediately.

8. Your Rights as a Data Subject

Under the GDPR, you have the following rights:

  • Right of Access (Art. 15 GDPR): You have the right to obtain information about your personal data stored by us.
  • Right to Rectification (Art. 16 GDPR): You can request the correction of inaccurate data.
  • Right to Erasure (Art. 17 GDPR): You can request the deletion of your data. The easiest way is to delete your account directly in the app.
  • Right to Restriction (Art. 18 GDPR): Under certain conditions, you can request restriction of processing.
  • Right to Data Portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used, and machine-readable format.
  • Right to Object (Art. 21 GDPR): You can object to the processing of your data insofar as it is based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on your consent, you can withdraw it at any time with effect for the future, e.g., by revoking iOS permissions or deleting your account.

9. Right to Lodge a Complaint

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). You can contact the supervisory authority of your place of residence, your workplace, or the place of the alleged violation.

10. Data Security

We implement technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security measures are continuously improved in line with technological developments. Data transmission is encrypted via HTTPS/TLS.

11. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in legal requirements or changes to the app or data processing. The current version is always available at https://poemdiary.com/privacy.

12. Contact

For questions about data protection or to exercise your rights, please contact us at: Email: admin@poemdiary.com