Privacy Policy
itsreal.media GmbH
Effective date: 13/04/2026 | Version: 0.3 | Replaces: version dated 09.12.2025
This English version is a convenience translation of the German original. In case of discrepancy, the German version prevails.
We, the operators of this website and platform, take the protection of your personal data very seriously. We treat your data confidentially and in accordance with applicable data protection regulations and this Privacy Policy.
This Privacy Policy informs you about the nature, scope, and purpose of the collection, use, and processing of personal data. It also explains your rights as a data subject.
1. Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) is:
itsreal.media GmbH
Geschäftsführer / Managing Director: Christoph Behl
Julius-Hatry-Straße 1, 68163 Mannheim, Germany
E-Mail: contact@itsreal.media
Website: https://www.itsreal.media
The organization is not required to appoint a Data Protection Officer under Art. 37 GDPR or § 38 BDSG. For all data protection inquiries, please contact us at the email address above.
2. Scope
This Privacy Policy applies to the website itsreal.media, the platform app.itsreal.media, and other services and applications operated by the Provider under the itsreal.media domain, insofar as personal data is collected or processed through them.
3. Accessing Our Website
When you access our website, your browser automatically sends information to our server. This information is temporarily stored in a log file and includes:
- IP address of the requesting device
- Date and time of access
- Name and URL of the retrieved file
- Referrer URL
- Browser type and operating system
- Name of your access provider
This data is processed to ensure a smooth connection, comfortable use of the website, system security and stability, and for administrative purposes. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure operation of our services).
4. Use of the Platform and Content Analysis
When you create a user account or use our software, we process the master data you provide (e.g., email address) as well as the image files you upload and the associated analysis results. Authentication and user management is handled via Auth0 (Okta); passwords are not stored directly by itsreal.media.
Processing is carried out exclusively for the initiation and performance of the service contract and the provision of our services; legal basis: Art. 6(1)(b) GDPR. Uploaded content is stored only for as long as necessary for the analysis and brief technical interim storage, unless statutory retention obligations apply.
5. Contact Form
When you contact us via the contact form, the following information is collected:
- First name, last name
- Company
- Role / title
- Email address
- Area of interest (selection)
- Free-text message
This data is stored for processing your inquiry and any follow-up questions. It will not be shared without your consent. Friendly Captcha is used to protect the form from automated abuse; this service processes technical metadata (e.g., device information) but does not use cookies or track users. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures at your request).
6. Cookies
We use cookies to enhance your user experience. Cookies are small files automatically created by your browser and stored on your device. They contain no viruses, trojans, or other malware and do not directly identify you.
Necessary cookies are processed under Art. 6(1)(f) GDPR (legitimate interest). All other cookies require your explicit consent under Art. 6(1)(a) GDPR and are only activated once consent is given. You may withdraw consent at any time via the cookie settings panel or by email to contact@itsreal.media.
Cookies used on our websites:
| Cookie | Category | Purpose | Duration |
|---|---|---|---|
itsreal_session |
Necessary | Session management for authenticated users | Session |
itsreal_consent |
Necessary | Stores your cookie preferences | 1 year |
csrf_token |
Necessary | Protects against cross-site request forgery | Session |
user_lang |
Functional | Stores your language preference | 1 year |
_ga |
Analytics | Google Analytics — distinguishes unique users for site usage statistics | 2 years |
_gid |
Analytics | Google Analytics — distinguishes users for session-level analytics | 24 hours |
Note: Analytics cookies (_ga, _gid) are only set if you consent to the Analytics category in the cookie settings panel. No data is sent to Google until consent is given.
7. Third-Party Service Providers
We use specialized third-party providers for technical operations, user communication, authentication, hosting, and content analysis. Processing is governed by data processing agreements pursuant to Art. 28 GDPR where applicable.
| Provider | Purpose | Data Processed | Legal Basis | Country |
|---|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure and hosting | All service data (database, storage, compute, logs) | Art. 6(1)(b) | EU (Frankfurt) |
| Auth0 (Okta) | User authentication | Email addresses, credentials, session tokens | Art. 6(1)(b) | EU / USA |
| Brevo (ex-Sendinblue) | Transactional emails | Email addresses (signup, password reset, verification) | Art. 6(1)(b) | EU (DE/FR) |
| Vercel | Frontend hosting | IP addresses, access logs, browser metadata | Art. 6(1)(f) | USA |
| RunPod | AI model compute | Image data during inference (ephemeral) | Art. 6(1)(b) | USA |
| Google Analytics | Website analytics | IP address (anonymized), browsing behavior, device info | Art. 6(1)(a) | USA |
| Proton AG | Corporate email | Email communications with users and support | Art. 6(1)(b)/(f) | Switzerland |
| Friendly Captcha | Anti-bot protection | Device metadata (no cookies, no tracking) | Art. 6(1)(f) | EU (DE) |
8. Data Transfers to Third Countries
Where service providers process personal data outside the European Union or the European Economic Area, we ensure an adequate level of data protection prior to any such transfer.
For transfers to the United States, we rely on the EU-U.S. Data Privacy Framework (where the provider is certified) or standard contractual clauses (SCCs) as adopted by the European Commission pursuant to Art. 46(2)(c) GDPR. Transfers to Switzerland are covered by the European Commission's adequacy decision.
We take all reasonable technical and organizational measures to protect your data regardless of jurisdiction.
9. Data Retention
We retain personal data only for as long as necessary for the purposes outlined, unless statutory retention obligations apply.
- Server logs: retained for up to 90 days for security and operational purposes, then deleted.
- Contact form submissions: retained for the duration of the business relationship or inquiry, then deleted unless required for legal or contractual purposes.
- User account data: retained for the duration of the service contract. Upon termination, account data is deleted within 30 days unless longer retention is required by law.
- Analysis results and uploaded content: stored only for as long as necessary for the analysis and brief technical interim storage.
- Statutory retention: Where German commercial or tax law requires longer retention (§ 257 HGB, § 147 AO: up to 10 years for accounting records), the relevant data is retained accordingly and restricted from further processing.
10. Your Rights as a Data Subject
Under GDPR, you have the following rights:
- Right of access (Art. 15 DSGVO/GDPR)
- Right to rectification (Art. 16 DSGVO/GDPR)
- Right to erasure (Art. 17 DSGVO/GDPR)
- Right to restriction (Art. 18 DSGVO/GDPR)
- Right to data portability (Art. 20 DSGVO/GDPR)
- Right to object (Art. 21 DSGVO/GDPR)
- Right to withdraw consent (Art. 7 Abs. 3 DSGVO/GDPR)
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data pursuant to Art. 6(1)(e) or (f) GDPR. We will cease processing unless compelling legitimate grounds override your interests, or if processing serves the establishment, exercise, or defense of legal claims.
Where processing is based on consent, you may withdraw it at any time with effect for the future, without affecting the lawfulness of processing prior to withdrawal.
Please direct your requests to: contact@itsreal.media
11. Right to Lodge a Complaint
If you believe that the processing of your personal data infringes applicable law, you have the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR). The supervisory authority responsible for itsreal.media GmbH is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI)
Königstraße 10a, 70173 Stuttgart, Germany
https://www.baden-wuerttemberg.datenschutz.de
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or operational practices. The current version is always available on our website. Material changes will be communicated to registered users via email.