Version: v1.0 · Last updated: May 4, 2026
deeplike GmbH ("we", "us", "our") is an AI product company building reliable AI applications.
This Privacy Policy explains how we collect, use, disclose, and process your personal data when you use "Next ai" (the "service").
The controller responsible for the processing of your personal data is:
deeplike GmbHFor all privacy-related matters, including the exercise of your rights under this policy, you can contact us at: privacy@deeplike.ai
When you use our service, we process personal data for the purposes set out below. For each purpose, we identify the legal basis under Article 6(1) GDPR.
We offer our service via the Web and the Apple App Store (iOS only; no Android version is currently available).
When you download our app from the Apple App Store, Apple processes information including your Apple ID, name, email address, time of download, payment information, and device identifier. This processing takes place under your relationship with Apple and is governed by Apple's privacy policy. We have no influence over and no access to this data flow.
Data you provide directly:
Data we receive automatically (technical information):
| Purpose | Type of Data | Legal basis |
|---|---|---|
| Providing the service to you, creating and administering your account, processing your Inputs to generate Outputs | Identity and Contact Data · Inputs and Outputs · Technical Information | Art. 6(1)(b) GDPR — performance of the contract (our Terms of Service) |
| Processing and managing subscriptions | Identity and Contact Data · Payment Data | Art. 6(1)(b) GDPR — performance of the contract and Art. 6(1)(c) GDPR — legal obligation under §147 AO, §257 HGB |
| Ensuring the security, stability, and integrity of the service; debugging; identifying and repairing errors; preventing abuse and fraud | Inputs and Outputs · Technical Information | Art. 6(1)(f) GDPR — legitimate interest in operating a secure and reliable Service |
| Investigating and resolving disputes; establishing, exercising, or defending legal claims | Identity and Contact Data · Inputs and Outputs · Technical Information · Payment Data | Art. 6(1)(f) GDPR — legitimate interest in protecting our rights |
| Improving the service and analyzing aggregated usage patterns, using de-identified Inputs and Outputs from free-tier users only | Inputs and Outputs · Technical Information | Art. 6(1)(f) GDPR — legitimate interest in improving our products. We take steps to aggregate and de-identify data for analytical purposes. |
| Complying with statutory obligations (e.g., German tax and commercial law) | Identity and Contact Data · Inputs and Outputs · Technical Information | Art. 6(1)(c) GDPR — legal obligation |
For users with paid subscriptions on iOS, we receive transaction receipts from Apple via StoreKit when a subscription is purchased, renewed, modified, or cancelled. These receipts contain information such as transaction identifier, the product purchased, purchase and expiration dates, and subscription status. We use this information to grant, maintain, and revoke access to paid features and to comply with statutory record-keeping obligations. Receipts do not contain your payment card details or Apple ID credentials. To link these transactions to your account, we generate an opaque identifier (Apple's appAccountToken) that we send to Apple at purchase time and receive back in the receipt. This identifier is not derived from and cannot be used to recover your name, email, or other account details.
We share personal data only with the following categories of recipients:
A complete and current list is maintained in Annex A — Subprocessor List.
Some of our processors are located outside the European Economic Area, including in the United States.
We have entered into Data Processing Agreements (DPAs) with both Anthropic and OpenAI that include the EU Standard Contractual Clauses (SCCs) under Commission Implementing Decision (EU) 2021/914 as the transfer mechanism under Art. 46(2)(c) GDPR, together with supplementary measures as appropriate. AWS transfers are similarly governed by SCCs and AWS's published GDPR DPA.
You can request a copy of the relevant transfer safeguards by emailing privacy@deeplike.ai.
Please be aware that data protection standards in the United States may differ from those in the EU, and US public authorities may access personal data under applicable surveillance laws.
We retain your personal data only for as long as necessary for the purposes described in this policy.
| Category | Retention period |
|---|---|
| Account data (name, email, account ID) | For the duration of your account. Deleted when you delete your account, except where retention is legally required (see below). |
| Inputs and Outputs | Until you delete them via "Delete data" in Account Overview, or until you delete your account, whichever is earlier. |
| Log and troubleshooting data | Up to 90 days, then deleted or anonymized. |
| Data subject to statutory retention obligations (e.g., invoices, tax records) | Up to 10 years pursuant to §147 AO and §257 HGB. |
| Aggregated or de-identified data | May be retained indefinitely, as it no longer constitutes personal data. |
Deleting your data. You have two options in your Account Overview:
In both cases, deletion takes effect immediately in your conversation history and is propagated to our backend systems without undue delay, subject to backup rotation cycles. Personal data subject to statutory retention obligations (such as billing records under German tax and commercial law) will be retained for the legally required period and then deleted.
If your account remains inactive for 36 months, we will delete your Inputs and Outputs and notify you in advance.
| Subprocessor | Retention Period | More information |
|---|---|---|
| Anthropic Ireland, Limited | Anthropic automatically deletes inputs and outputs on their backend within 30 days of receipt or generation, except: when a service with longer retention under your control (e.g. Files API) is used; if Anthropic need to retain them for longer to enforce their Usage Policy or in compliance with the law. | Anthropic Privacy Center |
| OpenAI Ireland Ltd | OpenAI abuse monitoring logs may contain certain customer content, such as prompts and responses, as well as metadata derived from that customer content. By default, abuse monitoring logs are generated for all API feature usage and retained for up to 30 days, unless longer retention is required by law, or is reasonably necessary to protect their services or any third party from harm. | Data Processing Addendum |
Subject to the conditions and exceptions set out in the GDPR, you have the following rights:
To exercise any of these rights, please email privacy@deeplike.ai. We may need to verify your identity before responding. We will respond within one month of receiving your request, as required by Art. 12(3) GDPR.
Automated decision-making. Our service does not engage in decision making based solely on automated processing or profiling in a manner which produces a legal effect (i.e., impacts your legal rights) or significantly affects you in a similar way (e.g., significantly affects your financial circumstances or ability to access essential goods or services).
No service to children. Our service is not intended for, and we do not knowingly process personal data of, individuals under the applicable age of digital consent in your jurisdiction. If you become aware that a minor has provided us with personal data, please contact us so we can delete it.
You have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement (Art. 77 GDPR).
Our lead supervisory authority is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)We implement appropriate technical and organizational measures to protect personal data against loss, misuse, and unauthorized access, disclosure, alteration, or destruction. These include:
No system can be guaranteed to be completely secure. We will notify you and the competent supervisory authority of any personal data breach as required under Art. 33 and 34 GDPR.
We do not use analytics, advertising, or tracking cookies on our website or in our app. We use only cookies and local storage that are strictly necessary to operate the service (e.g., to keep you signed in).
This does not include diagnostic data such as iOS crash reports, which are described in Section 2.2 and are not delivered via cookies.
We may update this Privacy Policy from time to time to reflect changes in our processing or legal requirements. The current version is always available at our website. Where changes are material, we will notify you in advance through the service or by email. You can request a copy of the current version at any time by emailing privacy@deeplike.ai.
| Subprocessor | Purpose | Location of processing | Transfer mechanism | More information |
|---|---|---|---|---|
| Amazon Web Services EMEA SARL | Cloud infrastructure and storage | EU | EU SCCs + AWS GDPR DPA | AWS Privacy |
| Anthropic Ireland, Limited | AI model inference (processing of Inputs to generate Outputs) | United States | EU SCCs (Art. 46(2)(c) GDPR) | Data Processing Addendum |
| OpenAI Ireland Ltd | AI model inference (processing of Inputs to generate Outputs) | United States | EU SCCs (Art. 46(2)(c) GDPR) | Data Processing Addendum |
Version v1.0 · Last updated: May 4, 2026