Login
Privacy
Policy.
Version 1.0 As of: 05/03/2026
s1 media GbR
01

Controller

The controller within the meaning of the GDPR is:

s1 media, Patrick Tangemann & Kolja Wagschal GbR
Uesener Feldstraße 20a
28832 Achim
Germany

Email: team@s1-media.de
Phone: +49 (0)42 02 – 765 09 86

02

Collection and Processing of Personal Data

2.1 Registration and User Account

When registering, we collect: email address and password (stored as a hashed value). This data is required for the performance of the contract or for pre-contractual measures (Art. 6(1)(b) GDPR).

2.2 Use of the Alt Text Generator

To use our service, you submit image data (URLs or image files) from which we automatically generate alt texts using AI. These images are processed for contract performance (Art. 6(1)(b) GDPR). Please do not submit images containing personal data of third parties.

2.3 API Usage Data

We store log data on API usage (timestamps, number of requests, credits consumed) for billing and to ensure service availability. The legal basis is Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in system security).

2.4 Server Log Files

When accessing our website, the following data is automatically collected: IP address, date and time of access, URL accessed, HTTP status code, and data transferred. Processing is based on our legitimate interest (Art. 6(1)(f) GDPR) in security and uninterrupted operation.

03

Third Parties and Data Processors

3.1 OpenAI

For AI-powered alt text generation, we use the GPT-4o Vision service of OpenAI, L.L.C., 3180 18th Street, San Francisco, CA 94110, USA. Images you submit are transferred to OpenAI for processing. We have concluded a data processing agreement with OpenAI. Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR. More information: openai.com/privacy

3.2 Hosting

Our service is hosted on servers of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. A data processing agreement has been concluded with Hetzner. More information: hetzner.com/legal/privacy-policy

3.3 Payment Processing

Payment processing is handled by Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA. Stripe processes payment data on behalf of the provider. A data processing agreement has been concluded. More information: stripe.com/privacy

3.4 No Further Disclosure

Your personal data will not be shared with third parties beyond this, unless we are legally obliged to do so or you have expressly consented.

04

Cookies and Session Data

We use only technically necessary cookies required for the operation of the platform:

  • Session Cookie: Stores your login session for the duration of your visit.
  • CSRF Token: Protects against cross-site request forgery attacks.

No tracking or marketing cookies are used. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in secure operation).

05

Data Retention

We store personal data only for as long as necessary for the respective purposes:

  • Account data: Until account deletion; data is deleted within 30 days thereafter.
  • API usage logs: 12 months from creation.
  • Server log files: 7 days, then automatically deleted.
  • Tax-relevant data: 10 years in accordance with statutory retention obligations.
06

Your Rights as a Data Subject

Under the GDPR, you have the following rights with respect to us:

  • Right of access (Art. 15 GDPR): Information about your stored data.
  • Right to rectification (Art. 16 GDPR): Correction of inaccurate data.
  • Right to erasure (Art. 17 GDPR): Deletion of your data, unless statutory retention obligations apply.
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to data portability (Art. 20 GDPR): Receipt of your data in machine-readable format.
  • Right to object (Art. 21 GDPR): Objection to processing based on legitimate interests.

To exercise your rights, contact: team@s1-media.de

07

Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data. The supervisory authority responsible for our company is the State Commissioner for Data Protection of Lower Saxony: www.lfd.niedersachsen.de

08

Data Security

We implement technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. These include encrypted transmission via TLS/HTTPS, secure password storage using bcrypt hashing, and the use of Redis for session management. Our security measures are continuously improved in line with technological developments.