Next
← Back
Legal

Privacy Policy

Version: v1.0  ·  Last updated: May 4, 2026

deeplike GmbH ("we", "us", "our") is an AI product company building reliable AI applications.

This Privacy Policy explains how we collect, use, disclose, and process your personal data when you use "Next ai" (the "service").


1. Controller and contact

The controller responsible for the processing of your personal data is:

deeplike GmbH
Rheinlanddamm 84
44139 Dortmund
Germany

For all privacy-related matters, including the exercise of your rights under this policy, you can contact us at: privacy@deeplike.ai


2. How we process your personal data

When you use our service, we process personal data for the purposes set out below. For each purpose, we identify the legal basis under Article 6(1) GDPR.

2.1 Downloading our apps

We offer our service via the Web and the Apple App Store (iOS only; no Android version is currently available).

When you download our app from the Apple App Store, Apple processes information including your Apple ID, name, email address, time of download, payment information, and device identifier. This processing takes place under your relationship with Apple and is governed by Apple's privacy policy. We have no influence over and no access to this data flow.

2.2 Categories of personal data we collect

Data you provide directly:

  • Identity and contact data: name, email address, and account credentials when you sign up. We may also generate indirect identifiers to manage your account.
  • Inputs and outputs: You can interact with our service through text, audio, and video ("Inputs"), which generate model responses ("Outputs"). If you include personal data in your Inputs, that data will be processed and may be reflected in Outputs.
  • Payment data: for paid subscriptions, payment is handled by Apple (App Store). We receive subscription state updates from Apple via App Store Server Notifications and StoreKit. We do not store full payment card details. For iOS subscriptions, we receive transaction receipts from Apple via StoreKit (see below).

Data we receive automatically (technical information):

  • Device information: device type, operating system, time zone, IP address (and approximate location derived from it), and device or app identifiers.
  • Usage information: dates, times, and patterns of access; features used.
  • Log and troubleshooting information: application logs, error reports, the state of the application at the time of an error, and related diagnostic data. On iOS, this includes crash reports that you have chosen to share with app developers via your device settings; these are delivered to us by Apple in a symbolicated form.

2.3 Purposes and legal bases

Purpose Type of Data Legal basis
Providing the service to you, creating and administering your account, processing your Inputs to generate Outputs Identity and Contact Data · Inputs and Outputs · Technical Information Art. 6(1)(b) GDPR — performance of the contract (our Terms of Service)
Processing and managing subscriptions Identity and Contact Data · Payment Data Art. 6(1)(b) GDPR — performance of the contract and Art. 6(1)(c) GDPR — legal obligation under §147 AO, §257 HGB
Ensuring the security, stability, and integrity of the service; debugging; identifying and repairing errors; preventing abuse and fraud Inputs and Outputs · Technical Information Art. 6(1)(f) GDPR — legitimate interest in operating a secure and reliable Service
Investigating and resolving disputes; establishing, exercising, or defending legal claims Identity and Contact Data · Inputs and Outputs · Technical Information · Payment Data Art. 6(1)(f) GDPR — legitimate interest in protecting our rights
Improving the service and analyzing aggregated usage patterns, using de-identified Inputs and Outputs from free-tier users only Inputs and Outputs · Technical Information Art. 6(1)(f) GDPR — legitimate interest in improving our products. We take steps to aggregate and de-identify data for analytical purposes.
Complying with statutory obligations (e.g., German tax and commercial law) Identity and Contact Data · Inputs and Outputs · Technical Information Art. 6(1)(c) GDPR — legal obligation

For users with paid subscriptions on iOS, we receive transaction receipts from Apple via StoreKit when a subscription is purchased, renewed, modified, or cancelled. These receipts contain information such as transaction identifier, the product purchased, purchase and expiration dates, and subscription status. We use this information to grant, maintain, and revoke access to paid features and to comply with statutory record-keeping obligations. Receipts do not contain your payment card details or Apple ID credentials. To link these transactions to your account, we generate an opaque identifier (Apple's appAccountToken) that we send to Apple at purchase time and receive back in the receipt. This identifier is not derived from and cannot be used to recover your name, email, or other account details.

Important — AI model training:
  • For users with a paid subscription, we do not use your Inputs or Outputs to train AI models or improve the service.
  • For users on the free tier, we may use de-identified and aggregated Inputs, Outputs, and usage data to analyze usage patterns and improve the service. This information is not intended to identify individual users unless explicitly disclosed otherwise.
  • We do not train our own foundation models. Inputs are processed by our model providers (see Section 3) under contractual terms that prohibit them from using your Inputs to train their models, unless explicitly disclosed otherwise.

3. Recipients and international transfers

3.1 Categories of recipients

We share personal data only with the following categories of recipients:

  • Infrastructure provider: Amazon Web Services (AWS), for hosting and storage.
  • AI model providers: Anthropic and OpenAI, who process your Inputs to generate Outputs.
  • Professional advisors and authorities: lawyers, accountants, auditors, or public authorities, where required by law.

A complete and current list is maintained in Annex A — Subprocessor List.

3.2 International transfers

Some of our processors are located outside the European Economic Area, including in the United States.

We have entered into Data Processing Agreements (DPAs) with both Anthropic and OpenAI that include the EU Standard Contractual Clauses (SCCs) under Commission Implementing Decision (EU) 2021/914 as the transfer mechanism under Art. 46(2)(c) GDPR, together with supplementary measures as appropriate. AWS transfers are similarly governed by SCCs and AWS's published GDPR DPA.

You can request a copy of the relevant transfer safeguards by emailing privacy@deeplike.ai.

Please be aware that data protection standards in the United States may differ from those in the EU, and US public authorities may access personal data under applicable surveillance laws.


4. Data retention

We retain your personal data only for as long as necessary for the purposes described in this policy.

Category Retention period
Account data (name, email, account ID) For the duration of your account. Deleted when you delete your account, except where retention is legally required (see below).
Inputs and Outputs Until you delete them via "Delete data" in Account Overview, or until you delete your account, whichever is earlier.
Log and troubleshooting data Up to 90 days, then deleted or anonymized.
Data subject to statutory retention obligations (e.g., invoices, tax records) Up to 10 years pursuant to §147 AO and §257 HGB.
Aggregated or de-identified data May be retained indefinitely, as it no longer constitutes personal data.

Deleting your data. You have two options in your Account Overview:

  • "Delete data" — removes all of your Inputs and Outputs from your conversation history. Your account remains active.
  • "Delete account" — removes your account and all associated personal data, including your name, email address, account ID, and all Inputs and Outputs.

In both cases, deletion takes effect immediately in your conversation history and is propagated to our backend systems without undue delay, subject to backup rotation cycles. Personal data subject to statutory retention obligations (such as billing records under German tax and commercial law) will be retained for the legally required period and then deleted.

If your account remains inactive for 36 months, we will delete your Inputs and Outputs and notify you in advance.

4.1 Data retention from Subprocessors

Subprocessor Retention Period More information
Anthropic Ireland, Limited Anthropic automatically deletes inputs and outputs on their backend within 30 days of receipt or generation, except: when a service with longer retention under your control (e.g. Files API) is used; if Anthropic need to retain them for longer to enforce their Usage Policy or in compliance with the law. Anthropic Privacy Center
OpenAI Ireland Ltd OpenAI abuse monitoring logs may contain certain customer content, such as prompts and responses, as well as metadata derived from that customer content. By default, abuse monitoring logs are generated for all API feature usage and retained for up to 30 days, unless longer retention is required by law, or is reasonably necessary to protect their services or any third party from harm. Data Processing Addendum

5. Your rights

Subject to the conditions and exceptions set out in the GDPR, you have the following rights:

  • Right of access (Art. 15) — to obtain confirmation of and a copy of the personal data we process about you.
  • Right to rectification (Art. 16) — to have inaccurate personal data corrected. Note: due to the technical nature of large language models, we cannot guarantee the factual accuracy of Outputs, and correction of inaccurate personal data within Outputs may not always be technically feasible. We will make reasonable efforts.
  • Right to erasure (Art. 17) — to have your personal data deleted, subject to legal retention obligations.
  • Right to restriction of processing (Art. 18).
  • Right to data portability (Art. 20) — to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21) — including the right to object at any time to processing based on legitimate interest (such as our use of de-identified free-tier data for Service improvement).
  • Right to withdraw consent (Art. 7(3)) — where processing is based on consent. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please email privacy@deeplike.ai. We may need to verify your identity before responding. We will respond within one month of receiving your request, as required by Art. 12(3) GDPR.

Automated decision-making. Our service does not engage in decision making based solely on automated processing or profiling in a manner which produces a legal effect (i.e., impacts your legal rights) or significantly affects you in a similar way (e.g., significantly affects your financial circumstances or ability to access essential goods or services).

No service to children. Our service is not intended for, and we do not knowingly process personal data of, individuals under the applicable age of digital consent in your jurisdiction. If you become aware that a minor has provided us with personal data, please contact us so we can delete it.


6. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement (Art. 77 GDPR).

Our lead supervisory authority is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
Postfach 20 04 44
40102 Düsseldorf
www.ldi.nrw.de

7. Security

We implement appropriate technical and organizational measures to protect personal data against loss, misuse, and unauthorized access, disclosure, alteration, or destruction. These include:

  • TLS encryption for all data transmitted between your device and our service.
  • Encryption at rest for stored personal data.
  • Access limited to personnel who require it for their role.
  • Contractual safeguards with all processors (DPAs under Art. 28 GDPR).

No system can be guaranteed to be completely secure. We will notify you and the competent supervisory authority of any personal data breach as required under Art. 33 and 34 GDPR.


8. Cookies and tracking

We do not use analytics, advertising, or tracking cookies on our website or in our app. We use only cookies and local storage that are strictly necessary to operate the service (e.g., to keep you signed in).

This does not include diagnostic data such as iOS crash reports, which are described in Section 2.2 and are not delivered via cookies.


9. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our processing or legal requirements. The current version is always available at our website. Where changes are material, we will notify you in advance through the service or by email. You can request a copy of the current version at any time by emailing privacy@deeplike.ai.


Annex A — Subprocessor List

Subprocessor Purpose Location of processing Transfer mechanism More information
Amazon Web Services EMEA SARL Cloud infrastructure and storage EU EU SCCs + AWS GDPR DPA AWS Privacy
Anthropic Ireland, Limited AI model inference (processing of Inputs to generate Outputs) United States EU SCCs (Art. 46(2)(c) GDPR) Data Processing Addendum
OpenAI Ireland Ltd AI model inference (processing of Inputs to generate Outputs) United States EU SCCs (Art. 46(2)(c) GDPR) Data Processing Addendum

Version v1.0 · Last updated: May 4, 2026

Next
Better decisions. Clearer living.
Privacy Policy Terms of Use Imprint Contact
© 2026 Next. All rights reserved.