This Privacy Statement informs you, pursuant to the EU General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG), about the processing of your personal data in connection with your use of AI·CMS.
This English version is a translation provided for convenience. The German version is the legally binding original.
The controller within the meaning of Art. 4(7) GDPR is:
David Tumer
Landesstraße 6/1, 9064 Magdalensberg, Austria
Email: david.tumer@full-staick.com
Phone: +43 670 6059758
A Data Protection Officer has not been appointed because the requirements of Art. 37 GDPR are not met. For data protection inquiries please use the email address above.
To provide the service we process your name, your email address, and a hashed password (bcrypt). These data are strictly necessary to create your account, authenticate you, and grant you access to your own content.
Legal basis: Art. 6(1)(b) GDPR (performance of the user agreement).
Within AI·CMS you can create and store projects, topics, content pieces, and related AI-generated texts, images, videos, and audio files. These contents are stored in our database and in a non-publicly-accessible file store and are only accessible from your user account.
Legal basis: Art. 6(1)(b) GDPR (contract performance).
In the Settings you may store API keys for AI providers (Anthropic, OpenAI, Google, ElevenLabs). These keys are stored on the server and used exclusively to make requests to the respective provider's API on your behalf. We do not share them with any other recipient.
Legal basis: Art. 6(1)(b) GDPR (contract performance).
We store your language, color palette, and font choice in your user account in order to render the application according to your preferences.
Legal basis: Art. 6(1)(b) GDPR.
On every request, technical data are automatically written to server logs: IP address, date and time, the URL called, HTTP status, the volume of data transferred, browser type (user agent), and referrer URL. These data are processed to ensure stable and secure operation of the service and to defend against attacks. They are deleted no later than 30 days after collection.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the security and stability of the service).
We use only strictly necessary cookies:
No tracking, analytics, or advertising cookies are used. Legal basis: § 165(3) of the Austrian Telecommunications Act 2021 (TKG) — strictly necessary storage, for which no consent is required.
The application is operated on servers of ALL-INKL.COM - Neue Medien Münnich (Germany). A data processing agreement pursuant to Art. 28 GDPR has been concluded with the hosting provider.
When you use the AI functions, your prompts, base texts, and any additional content are transmitted directly from our server to the AI provider you selected and processed by them:
The transmission is authenticated using the API key you stored. Processing by the respective provider is governed by its own privacy policy.
The AI providers listed in section 3 b) are established in the USA. Transfers of personal data to the USA are made on the basis of:
Please note that the USA does not provide a level of data protection comparable to that of the European Economic Area. In particular, there is a risk that US authorities may obtain access to your data under US law (e.g. CLOUD Act, FISA 702) without you having effective legal remedies available.
We retain your personal data for as long as your account exists. When you delete your account, all associated data — projects, topics, content pieces, assets, API keys, and preferences — are irreversibly deleted within 30 days. Server logs are deleted no later than 30 days after collection.
Any statutory retention or documentation obligations remain unaffected. Where such obligations apply, the data concerned will not be deleted but instead processed in a restricted manner (Art. 18 GDPR) until the respective period has expired.
You have the following rights vis-à-vis the controller:
An informal message to contact@full-staick.com suffices to exercise your rights. We will respond without undue delay, at the latest within one month.
Without prejudice to any other remedies, you have the right to lodge a complaint with a supervisory authority, in particular the Austrian Data Protection Authority:
Austrian Data Protection Authority
Barichgasse 40–42, 1030 Vienna, Austria
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Web: dsb.gv.at
No solely automated decision-making within the meaning of Art. 22 GDPR takes place. AI models generate content that you yourself review, edit, and approve — no decision producing legal effects concerning you is taken in an automated manner.
All connections to the application are encrypted via TLS (HTTPS). Passwords are stored hashed using the bcrypt algorithm. API keys and generated media files are stored in non-publicly-accessible storage areas and are only delivered to you after successful authentication and ownership check.
Providing the data referred to in section 2 a) (name, email, password) is required for the conclusion of the user agreement. Without these data the account cannot be created and the service cannot be provided.
We reserve the right to update this Privacy Statement to reflect changes in the legal landscape or in our service. The current version is always available at https://www.social-media-cms.com/legal/privacy?lang=en.
Effective as of: 06.06.2026