Privacy Policy

1. Controller

Controller: Dr. Philipp Muench – AI Software & SaaS (sole proprietorship), c/o COCENTER, Koppoldstr. 1, 86551 Aichach, Germany. Contact and privacy inquiries: contact@firstauthor.ai.

2. Data Categories

We process: facial photo (selfie); AI output such as recommendations and rankings; technical metadata (IP address, timestamps, browser/device info) for security and rate limiting.

3. Purpose of Processing

To generate automated eyewear recommendations, show product suggestions/links, enable sharing via link, and protect the service against abuse.

4. Legal Basis

The legal basis for processing your photo is your consent (Art. 6(1)(a) GDPR). We do not use the photo for identification and do not create biometric profiles. You can withdraw consent at any time.

5. Recipients and Processors

We host the service on Vercel. Server-side processing (functions) runs in Frankfurt, Germany (EU). Static files are delivered via Vercel's CDN globally. We process your photo on our servers and forward it to Google Gemini (Google LLC) for analysis. Face detection for the camera runs locally in your browser via MediaPipe. For product images/links we use the Brave Search API (Brave Software, Inc.). We do not use advertising or tracking providers.

6. Third-Country Transfers

Our server-side processing runs in the EU (Frankfurt). Some providers may still process data outside the EU/EEA (e.g., the United States). Where a transfer to a third country occurs, it is based on the provider's Standard Contractual Clauses or an adequacy decision, as applicable.

7. Storage and Deletion

Photos are processed in memory and are not stored on our servers. They are discarded immediately after analysis. If you share results, recommendations (no photos) are kept in memory for up to 24 hours and removed on the next access after expiry. Rate-limiting data (IP address) is kept in memory for up to 1 minute. We do not use tracking cookies.

8. Security

We use TLS encryption in transit, restrict access, avoid storing photos in logs, and apply automated deletion routines.

9. Your Rights

You have rights to access, rectification, erasure, restriction, data portability, and to object, as well as the right to lodge a complaint with a supervisory authority. You can withdraw consent at any time. Contact us to exercise your rights.