Privacy Policy

Kugelblitz FlexCo (“Kugelblitz”, “we”, “us”) operates the platform at kugelblitz.ai. We transform passive content consumption into interactive voice experiences using AI avatars of content creators.

Kugelblitz FlexCo
Kegelgasse 24/25, 1030 Vienna, Austria
Email: samuel@kugelblitz.ai
Phone: +43 676 9430077
Commercial Court Vienna, FN 653502 h

We collect the following categories of personal data:

Account data. When you sign up via email, Google, or LinkedIn, we collect your name, email address, and profile information provided by the authentication provider (such as profile picture).

Profile data. Information you provide to set up your profile, including your display name, username, avatar image, and bio.

Content and memories. Text content you create or upload to train your AI avatar, including memories, content transcripts, and related metadata.

Conversation data. Messages and transcripts from voice sparring sessions between you and creator AI avatars, including text transcripts of spoken interactions.

Voice data. Audio from your microphone during live sparring sessions is streamed in real time for speech-to-text processing. We do not store raw audio recordings of your voice.

Usage data. Functional data such as login timestamps and briefing view timestamps required to operate the service. We do not use analytics or tracking tools.

We process your data for the following purposes:

• Creating and managing your account (legal basis: contract performance)
• Generating personalized AI briefings when creators release new content (contract performance)
• Enabling interactive voice sparring sessions with creator AI avatars (contract performance)
• Creating and maintaining vector embeddings of your content for semantic search and AI context retrieval (contract performance)
• Generating voice audio of briefings using text-to-speech (contract performance)
• Converting your spoken words to text during voice sessions (contract performance)
• Improving our AI systems and debugging issues (legitimate interest)

To provide our AI-powered features, we share data with the following third-party processors:

OpenAI (San Francisco, USA) — receives your content, conversation messages, and memories to generate AI avatar responses and briefings. Also generates vector embeddings of your content for semantic search.

ElevenLabs (New York, USA) — receives briefing text to generate voice audio for creator AI avatars.

Deepgram (San Francisco, USA) — receives real-time audio streams from your microphone during voice sparring sessions for speech-to-text conversion.

LiveKit — provides real-time voice communication infrastructure for sparring sessions.

Supabase — hosts our database, authentication system, and file storage.

Hetzner (Germany) — hosts our application servers within the European Union.

For services based in the USA, data transfers are covered by the EU-U.S. Data Privacy Framework or Standard Contractual Clauses as applicable.

Your data is stored in a PostgreSQL database hosted by Supabase. All user data is protected by row-level security policies that ensure you can only access your own data. Vector embeddings are partitioned per user for data isolation.

File uploads (avatars, briefing audio) are stored in secure cloud storage with access controls. All connections are encrypted in transit via TLS.

We retain your personal data for as long as your account is active. When you delete specific content (such as memories), the associated data and vector embeddings are automatically removed from our systems.

Third-party services may retain processing logs according to their own retention policies. We select processors that minimize data retention where possible.

As a data subject under the GDPR, you have the following rights:

• Access — request a copy of the personal data we hold about you
• Rectification — correct inaccurate data via your profile settings or by contacting us
• Erasure — request deletion of your account and all associated data
• Data portability — receive your data in a structured, machine-readable format
• Restriction — request that we limit processing of your data
• Objection — object to processing based on legitimate interest
• Withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at samuel@kugelblitz.ai. We will respond within 30 days.

You also have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehorde, dsb.gv.at).

We use only essential cookies required for authentication and session management. We do not use advertising, analytics, or tracking cookies. No cookie consent banner is required as we only use strictly necessary cookies.

Kugelblitz is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

We may update this privacy policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised “last updated” date.

For any privacy-related questions or requests, contact us at:

Kugelblitz FlexCo
Kegelgasse 24/25, 1030 Vienna, Austria
Email: samuel@kugelblitz.ai