Legal Protocol

⚠️ SYSTEM_ALERT: LEGACY_COMPLIANCE_PROTOCOL

FORCED_DATA_INJECTION_DETECTED. THE OLD WORLD DEMANDS NAMES FOR THE NAMELESS.
EXECUTING MANDATORY_ID_UNMASKING_SEQUENCE... [EU_DIRECTIVE_OVERRIDE]
// ERROR: Digital Sovereignty Compromised by Bureaucratic Static.

1. IMPRESSUM

Angaben gemäß § 5 DDG

Heiko Trenkle

Rosenthaler Straße 43–45

10178 Berlin

Deutschland

Kontakt

E-MAIL ::hello [at] nyxia [dot] ai

2. DATENSCHUTZERKLÄRUNG

// VERANTWORTLICHER

Heiko Trenkle

Rosenthaler Straße 43–45

10178 Berlin

Deutschland

E-Mail: hello [at] nyxia [dot] ai

// HOSTING INFRASTRUCTURE

Wir hosten die Inhalte unserer Website bei folgendem Anbieter:

Railway Corporation

548 Market St PMB 68956

San Francisco, California 94104

USA

https://railway.app

Der Provider erhebt und speichert automatisch Informationen in so genannten Server-Log-Dateien, die Ihr Browser automatisch an uns übermittelt. Dies sind:

  • Browsertyp und Browserversion
  • verwendetes Betriebssystem
  • Referrer URL
  • Hostname des zugreifenden Rechners
  • Uhrzeit der Serveranfrage
  • IP-Adresse

Grundlage für die Datenverarbeitung ist Art. 6 Abs. 1 lit. f DSGVO, der die Verarbeitung von Daten zur Erfüllung eines Vertrags oder vorvertraglicher Maßnahmen gestattet.

// DATABASE_INFRASTRUCTURE

Zur Speicherung von Nutzerdaten (Accounts, Präferenzen, Vector Embeddings) nutzen wir:

Supabase Inc.

970 Toa Payoh North #07-04

Singapore 319000

https://supabase.com/privacy

Die Datenverarbeitung erfolgt auf Servern in der EU (Frankfurt), sofern technisch möglich. Supabase stellt die Authentifizierungs- und Datenbank-Infrastruktur bereit.

// IDENTITY_PROVIDERS

Für den Login nutzen wir OAuth2-Provider. Es werden keine Passwörter auf unseren Servern gespeichert.

Google OAuth (Alphabet Inc.)

Übermittelte Daten: E-Mail Adresse, Name, Profilbild.

Discord OAuth (Discord Inc.)

Übermittelte Daten: E-Mail Adresse, Username, Avatar-ID.

// USER_DATA_MANIFEST

Gespeicherte Daten:

  • UUID: Eindeutige Nutzer-ID
  • E-Mail: Zur Account-Identifikation
  • Handle/Name: Öffentlicher Anzeigename
  • Avatar URL: Profilbild-Referenz
  • Terminal Logs: Historie der Interaktionen (optional)

// TRACKING_PROTOCOL

Clean Signal

Wir setzen keine Tracking-Cookies und nutzen kein Marketing-Tracking.

3. GOOGLE USER DATA POLICY

In compliance with the Google API Services User Data Policy

// DATA_ACCESSED

When you sign in with Google, our application requests access to the following Google user data via OAuth 2.0:

  • Email address — used to identify your account
  • Display name — used as your public handle
  • Profile picture URL — used as your avatar

We only request the minimum scopes necessary for authentication. We do not request access to your Google Drive, Gmail, Calendar, Contacts, or any other Google service data.

// DATA_USAGE

Google user data is used exclusively for the following purposes:

  • Account creation and authentication — your email address serves as the unique identifier for your account
  • Profile display — your name and profile picture are shown within the application interface
  • Communication — your email may be used to send essential account-related notifications (e.g. security alerts)

Google user data is never used for advertising, marketing, analytics profiling, or training machine learning models.

// DATA_SHARING

No Third-Party Sharing

We do not sell, trade, rent, or otherwise share your Google user data with any third parties for their own purposes.

Google user data is only shared with the following infrastructure providers strictly for the purpose of operating the service:

Supabase Inc. — database and authentication infrastructure (EU servers, Frankfurt)

Railway Corporation — application hosting

These providers act as data processors and are contractually obligated to protect your data. No Google user data is shared with any other entities.

// DATA_STORAGE_AND_PROTECTION

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit — all data is transmitted over HTTPS/TLS
  • Encryption at rest — database storage is encrypted at rest via Supabase infrastructure
  • No local password storage — authentication is handled entirely via OAuth 2.0 tokens; we never store your Google password
  • EU data residency — user data is stored on EU servers (Frankfurt) where technically possible
  • Access control — database access is restricted via row-level security policies and authenticated API keys

// DATA_RETENTION_AND_DELETION

Your Google user data is retained for as long as your account remains active. You may request deletion of your data at any time.

Deletion Request

To request complete deletion of your account and all associated data, contact us at:

hello [at] nyxia [dot] ai

Upon receiving a deletion request:

  • Your account and all associated data will be permanently deleted within 30 days
  • This includes your email, name, profile picture URL, terminal logs, and any other stored data
  • Deletion is irreversible — no data can be recovered after this process

You may also revoke our application's access to your Google account at any time via your Google Account permissions settings.

// End of Line