Privacy Policy (GDPR)

Last updated: March 29, 2026

1. Controller

Responsible for data processing:
Niklas Bretz
Cartesiusstraße 48, 89075 Ulm
Email: toyornot.com@gmail.com
Phone (optional): +4915567138522

2. Data We Process

• Uploaded image files that you submit for rating.
• Rating cache records in rating_scores, including timestamps, request id, image-hash cache identity, and rating result metadata.
• Successful rating request-event records in rating_events, including timestamps, request id, total score, judgement engine id, rating schema version, a guest or signed-in owner, and a local activity day key.
• Server-side rating history records, including the judged image copy, timestamp, request id, and the rating result returned to you.
• Authenticated daily-entitlement and share-bonus records, including day key, usage counters, bonus status, and related audit timestamps.
• Optional limit-reset reminder preference records for signed-in accounts, including enabled state, delivery hour, local time zone, capped-day key, next scheduled reminder timestamp, and last-sent day key.
• Optional browser push-subscription records for limit-reset reminders, including the push endpoint, cryptographic subscription keys, expiration time when provided by the browser, user-agent string, delivery success or failure timestamps, and disablement metadata.
• TOYORNOT Plus billing records, including Stripe customer and subscription references, presentment currency, subscription status, amount, renewal-period end, cancellation state, and related audit timestamps.
• Billing checkout-consent records, including legal-version identifiers, market profile, market country code, UI locale, checkbox acceptance states, Stripe Checkout session id, Stripe customer id, request id, and timestamp.
• Billing notice-event records, including purchase/cancellation notice type, delivery status, recipient email, subject, related subscription id, payload metadata, error details, and timestamps.
• Technical request metadata (for example IP address, user agent, timestamps, and best-effort hosting-platform geolocation headers such as country and time zone).
• Consent preferences stored in your browser (toyornot-consent-v1).
• Guest daily judgement-limit state stored in your browser (toyornot-daily-judgement-cap-v1) to enforce the local guest usage cap.
• A necessary guest identifier stored in your browser (toyornot-guest-id-v1) so anonymous result flows and guest-only server features can recognize the same browser without retaining guest upload history.
• Optional analytics events, anonymous analytics identifiers, client-side exception diagnostics, and session replay data for PostHog only if you consent to analytics and sponsored content.
• Optional sponsored-content selection, viewable-impression, and click-through data for consent-gated Amazon affiliate offers in the waiting overlay, including assignment metadata and hashed anonymous session identifiers used to optimize which offers are shown.

3. Purposes and Legal Bases (Art. 6 GDPR)

• Provide the rating feature, including score caching, streak tracking, and secure service operation: Art. 6(1)(b) GDPR (contract/performance).
• Provide and administer TOYORNOT Plus subscriptions and billing support: Art. 6(1)(b) GDPR (contract/performance).
• Provide optional sharing and referral features: Art. 6(1)(b) GDPR (contract/performance) and Art. 6(1)(f) GDPR (legitimate interests).
• Provide the optional browser reminder that tells signed-in free users when their next daily rating window is available: Art. 6(1)(b) GDPR (contract/performance for the requested reminder feature).
• Service stability and abuse prevention: Art. 6(1)(f) GDPR (legitimate interests).
• Analytics and sponsored content technologies: Art. 6(1)(a) GDPR (consent).
• Legal obligations (for example legal retention): Art. 6(1)(c) GDPR.

4. TOYORNOT Plus Billing and Stripe

If you buy TOYORNOT Plus, checkout and recurring billing are handled through Stripe. We process billing-status records and Stripe references so we can activate TOYORNOT Plus, restore billing state, handle cancellations, respond to payment issues, and show you the correct subscription status in the app. Full payment card details are collected and processed by Stripe and are not stored by us.

Before checkout begins, we record the legal-review acceptance data required for the TOYORNOT Plus purchase flow. We also keep billing-notice audit records so we can show whether a purchase confirmation, cancellation confirmation, or later pricing/terms notice was sent, skipped, or failed.

Where billing email delivery is configured, transactional billing emails are sent through Resend. These emails can include contract-summary information, cancellation confirmation details, and support contact information. The billing support address currently used by the site is toyornot.com@gmail.com.

5. Optional Limit Reset Reminders

If you choose the optional browser reminder for signed-in free accounts, we store the reminder preference and one or more browser push-subscription records so we can deliver the reminder on the next local day after you hit your free limit. Browser notification permission is requested by your browser and can be revoked there at any time. Reminder delivery is skipped when your refreshed quota has already been used, when your account has TOYORNOT Plus access, when reminders are disabled, or when no active push subscription remains for the account.

6. Optional Sharing

If you choose to use the optional sharing flow, you decide whether to post outside this site. We do not connect to your social-media account or post on your behalf.

7. Third-Party Services and Transfers

This site may use third-party processors, including cloud hosting, Supabase for authentication and data storage, Stripe for checkout, payment processing, recurring billing, and billing portal management, Resend for transactional billing-email delivery when configured, analytics infrastructure such as PostHog, Amazon when you intentionally open an optional Amazon affiliate link for your visitor market, and model/API providers for rating. The in-app Amazon sponsored cards are static and do not load Amazon scripts before click-through. If personal data is transferred outside the EEA, we rely on appropriate safeguards such as EU Standard Contractual Clauses where required.

8. Retention

• Uploaded images used only for live scoring without a history owner: retained only as long as needed to generate the requested rating.
• Cache rows in rating_scores: retained as long as needed to support duplicate-image reuse, benchmark calculations, and related operational records.
• Owned rating_events rows with guest or user ownership and local activity day keys: retained as long as needed to operate streaks, benchmarks, abuse prevention, stats, and related operational records.
• Signed-in rating history entries and their stored judged-image copies: kept until you delete them or until they are automatically trimmed to the newest 25 entries for the signed-in account.
• Authenticated entitlement and share-bonus records: retained as long as needed to enforce limits, prevent abuse, and maintain operational records.
• Social proof screenshots and verification records: retained as long as needed to operate the bonus campaign, prevent duplicate claims or abuse, and maintain operational records.
• Limit-reset reminder preference and push-subscription records: retained as long as needed to operate the reminder feature, suppress duplicate reminder sends, remove expired browser subscriptions, and maintain operational records.
• TOYORNOT Plus billing records: retained as long as needed to administer the subscription, comply with accounting or tax obligations, resolve disputes, prevent abuse, and maintain operational records.
• Billing checkout-consent records and billing notice-event logs: retained as long as needed to document contract formation, support consumer-law workflows, respond to disputes, and comply with accounting, tax, or legal-retention obligations.
• Server/security logs: retained only as long as needed for service security and operational monitoring.
• Consent record in browser: stored until changed by user or removed from local browser storage.
• Guest identifier in browser storage: stored until you clear browser storage or the identifier is rotated by the application.
• Optional anonymous analytics identifiers in browser storage: retained until consent is withdrawn or browser storage is cleared.

9. Your Rights

Under GDPR, you may have rights to access, rectification, erasure, restriction, portability, and objection, plus the right to withdraw consent at any time for future processing. You also have the right to lodge a complaint with a supervisory authority, especially in your EU member state of residence.

10. Contact for Privacy Requests

Send privacy requests to: toyornot.com@gmail.com

This document is a practical template and does not replace legal advice.