Dafne

Privacy Policy

Privacy at Dafne

This Privacy Policy explains which data is processed when you use the Dafne app, website, and related services. It applies to Dafne on iOS, Android, web, and backend services.

Last updated: May 7, 2026

1. Controller

Michael Reimer

Am Langenbach 10

48308 Senden

Germany

You can send privacy requests by post to the address above. Dafne is the name of the app and service this Privacy Policy refers to.

2. Data we process

Account and profile data

For example user ID, email address, display name, language setting, login provider, account status, and plan.

Conversation data

Conversations, messages, conversation titles, mode, timestamps, transcripts of your voice input, and transcripts of AI responses.

Voice processing

Microphone audio is processed to provide realtime speech input and AI speech output. Based on the current implementation, we do not permanently store raw audio files; we store transcripts and conversation metadata.

Usage and billing data

For example available voice minutes, consumed minutes, session timestamps, plan, promotion codes, store product IDs, transaction or purchase status data, and hashed store tokens.

Security and device data

For example IP-related security data, user-agent data, installation identifiers, hashed device integrity data, challenge status, error messages, and technical server logs.

Voluntary content

Dafne is designed for open conversations. If you voluntarily share sensitive information, it may be included in the transcript. We do not require you to actively avoid sensitive topics.

3. How we use data

  • Providing AI voice and text conversations.
  • Storing and showing past conversations so you can read and manage them later.
  • Managing accounts, login, plans, voice minutes, promotion codes, subscriptions, and purchases.
  • Protecting against abuse, manipulation, unauthorized access, and repeated misuse of free allowances.
  • Improving conversation quality where this is permitted under the provided features and applicable legal bases.
  • Meeting legal obligations, enforcing claims, and responding to privacy requests.

4. Legal bases

Where the General Data Protection Regulation applies, we process data in particular on the basis of Art. 6(1)(b) GDPR (performance of a contract and pre-contractual measures), Art. 6(1)(f) GDPR (legitimate interests, especially security, abuse prevention, product stability, and improvement), Art. 6(1)(c) GDPR (legal obligations), and, where required, Art. 6(1)(a) GDPR (consent).

If you voluntarily mention special categories of personal data in open conversations, these contents may be included in the transcript. Such contents are not used for advertising profiling and are processed only as required to provide the conversation feature you started, maintain security, delete data, or comply with legal obligations.

5. Conversations, transcripts, and audio

Dafne uses realtime voice features. During a voice session, your microphone audio may be transmitted to technical service providers so speech can be recognized, understood, and answered with spoken AI output.

Based on the current implementation, we permanently store the resulting transcripts, messages, roles, timestamps, conversation mode, and technical metadata. Raw audio files are currently not stored permanently.

Conversations are not automatically continued like an open chat history. They may be shown in the app so you can read previous conversations again.

6. Third-party providers and recipients

We use technical service providers that process data on our behalf or as part of their respective store, login, or payment function. These include in particular:

OpenAI

Providing AI and realtime voice features, including processing conversation content and transcripts to answer your requests.

Supabase

Database hosting and backend-related storage, including user accounts, conversations, transcripts, billing status, and technical status data.

Fly.io

Hosting the Dafne API and processing server requests for app features.

Vercel

Hosting the website, privacy policy, and internal admin surfaces.

Apple and Google

Sign in with Apple/Google, app distribution, in-app purchases, subscription status, store receipts, and device integrity checks where these features are used.

We do not sell personal data and do not use third-party advertising networks. We currently do not use analytics tools or Sentry crash tracking. Server and security logs may still be created to operate the service securely and reliably.

7. In-app purchases, subscriptions, and promotion codes

Purchases and subscriptions are processed through the Apple App Store or Google Play. We do not receive full payment details such as full credit card data. We process store receipts, product IDs, transaction status, terms, plan status, top-ups, promotion-code redemptions, and resulting voice-minute credits to verify purchases, prevent abuse, and keep your balance correct.

8. Retention and deletion

We store conversations and transcripts until you delete them, object to further storage, or storage is no longer necessary. Unless longer retention is required, we generally delete or anonymize conversations and transcripts no later than after 12 months.

A function for deleting individual conversations will be provided in the app. If an account is deleted, data connected to that account is generally deleted as well, unless we need to retain it longer for legal reasons, fraud prevention, billing, or defending legal claims.

Billing, purchase, and tax data may be retained longer because of legal obligations. Security logs, device integrity data, and abuse-prevention data are retained only as long as required for security, traceability, and abuse prevention.

9. Security

We protect data through technical and organizational measures, including encrypted transmission, server-side access controls, Row-Level Security, database hardening, role-based admin access, hashed tokens, and device integrity checks for abuse prevention. No system is absolutely secure; we limit data access to what is necessary.

10. International transfers

Our service providers may process data in countries outside the European Union or the European Economic Area. Where required, we use appropriate safeguards such as adequacy decisions, standard contractual clauses, or other legally provided mechanisms.

11. Local storage, cookies, and device permissions

The app may store data locally, such as session status, login status, resume notices, installation identifiers, and settings, so the app can work reliably.

Dafne requires microphone access for voice features. Permission is requested through your operating system and can be revoked in the system settings.

The website may use technically necessary cookies or comparable local storage mechanisms. We currently do not use advertising or tracking cookies.

12. Minors

Dafne is not directed at children below the age at which they may independently use digital services or consent to data processing under applicable law. In Germany, the relevant age for data-protection consent by children is generally 16 unless parental consent is available. Users may use Dafne only if they meet the applicable minimum age or have the required consent.

13. Your rights

Depending on applicable law, you may have the following rights in particular:

  • Access to personal data stored about you
  • Correction of inaccurate data
  • Deletion of your data, unless legal retention obligations apply
  • Restriction of processing
  • Objection to processing based on legitimate interests
  • Withdrawal of consent with effect for the future
  • Data portability where the legal requirements are met
  • Complaint with a competent data protection supervisory authority

There is currently no automatic export function in the app. Legal access and data portability rights remain unaffected.

14. App Store and Google Play disclosures

The information in App Store Connect and Google Play Console must match this Privacy Policy and the actual app behavior. Based on the current implementation, relevant categories include in particular user content, transcripts, identifiers, purchase data, usage data, diagnostics/security logs, and device integrity data. We do not use this data for tracking across apps or websites of other providers and we do not sell it.

15. Changes

We may update this Privacy Policy if Dafne, technical service providers, the legal situation, or data processing changes. The current version will be published on this page.