Privacy Policy
Last updated: October 2025
1. Controller
IHelp-Project e. V.
Viktor-Scheffel-Str. 20
80803 München, Deutschland
Email: aidmax@ihelpproject.org
Data Protection Contact: privacy@ihelpproject.org
Responsible Supervisory Authority: Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht - BayLDA), Promenade 18, 91522 Ansbach, Germany
2. Types of Data Processed
- Data provided voluntarily: Name or pseudonym, email address, phone number, social media profile name, chat messages.
- Data collected automatically: Shortened IP address, date and time of access, device and browser information, usage statistics.
3. Purposes and Legal Bases
| Purpose | Legal Basis |
|---|---|
| Chat communication and support | Consent (Art. 6(1)(a), Art. 9(2)(a) GDPR) |
| Technical operation and security | Legitimate Interest (Art. 6(1)(f) GDPR) |
| Responding to contact inquiries | Performance of a contract (Art. 6(1)(b) GDPR) |
| Legal obligations | Legal Obligation (Art. 6(1)(c) GDPR) |
4. Processing of Sensitive Data
Information regarding your psychological or emotional situation is classified as special category data (Art. 9 GDPR) and is processed only with your explicit consent AidMax is not a substitute for psychological or medical advice.
5. Use of AI (Transparency in accordance with the AI Act)
The AidMax chat uses AI from OpenAI via SendPulse to provide automatically generated responses. Communication is conducted in compliance with the GDPR. AidMax does not evaluate, diagnose, or offer therapy. In case of indications of a crisis, users are directed to professional support services, and a human agent will take over the chat.
6. Recipients and Data Processors
| Recipient | Purpose | Location | Safeguard / Mechanism |
|---|---|---|---|
| OpenAI, L.L.C. / OpenAI Ireland Ltd. | Provision of AI functionalities via API and Enterprise Services. | USA / Ireland | Data Processing Addendum (DPA) available: openai.com/policies/data-processing-addendum Official Policy Overview: openai.com/policies OpenAI explicitly states the use of EU Standard Contractual Clauses (SCCs) for transfers outside the EU. |
| SendPulse Inc. | Management of communication channels and transmission of messages. | Ukraine | Standard Contractual Clauses (SCC) according to SendPulse: sendpulse.com/legal/processing Privacy Policy: sendpulse.com/legal/pp |
7. Data Transfers to Third Countries
Transfers outside the EEA (European Economic Area) are conducted only on the basis of Standard Contractual Clauses (SCCs).
8. Data Retention
Personal data is stored only for as long as it is necessary for the respective purpose. Chat content is deleted regularly.
9. Security
- SSL/TLS Encryption
- Access restriction to authorized personnel
- Servers compliant with EU data protection standards
- Regular security audits
Your Rights
You have the right to access, rectification, erasure, restriction of processing, data portability, and objection (Art. 15–21 GDPR). You can revoke your consent at any time and have the right to lodge a complaint with the supervisory authority.
11. Amendments
We reserve the right to amend this policy. The current version is available at https://aidmax.org/datenschutz.
