Privacy Policy — Chimera Law

Effective date: 4 May 2026 · Version 2.1

Translation for convenience only. The German version is the legally binding text.

1. Data Controller

Daniel Stengel-Dori
Ostendstr. 88, 60314 Frankfurt am Main, Germany
Contact: support@medienkommission.de

No Data Protection Officer is appointed because the statutory thresholds (§ 38 BDSG) are not met. Please direct all data protection enquiries to the email address above.

2. Data Processed

Chimera Law processes the following categories of data:

• Clause text and additional instructions you type, capture via OCR from images, or dictate via voice input
• Photographs of contract pages you capture or select from your library for Track Changes detection
• Voice input transcribed by Apple Speech Recognition
• Profile data (display name, consent flag) and usage/billing records (input/output tokens consumed, estimated cost per calendar month) stored in your private iCloud database
• Subscription and transaction status, managed in full by Apple StoreKit
• Local settings (e.g. selected drafting stage, appearance) in the device’s UserDefaults
• Locally stored Memory content (three manual save slots plus an optional auto-save slot) populated by you within Chimera Law (see § 6)
• Your optional Anthropic API key, stored in the iOS Keychain on your device and leaving the device only as an authentication header on outbound API calls
• Local diagnostic logs (os.Logger) that remain on the device and are not transmitted to the Provider

3. Purposes and Legal Bases

• Art. 6(1)(b) GDPR: Contract performance — providing the rephrasing, analysis (“Tell Me”), multi-variant, Track Changes detection, Memory, and export functions, and administering the subscription
• Art. 6(1)(a) GDPR: Consent — processing of camera, photo, and microphone input; revocable at any time via iOS system settings
• Art. 6(1)(f) GDPR: Legitimate interest — local diagnostic logs for error analysis and Anthropic’s short-term retention of API content for abuse prevention

4. Recipients

Anthropic, PBC (USA): When you rephrase a clause, run an analysis, generate multiple variants, or photograph a page for Track Changes detection, the respective content (text or image) is transmitted via the Anthropic API to Anthropic, PBC, San Francisco, USA. Chimera Law uses Anthropic’s standard API terms without a separate data processing agreement. Anthropic processes the transmitted content for the purpose of generating a response as a service provider and additionally retains inputs and outputs for its own trust-and-safety purposes; to that extent, Anthropic is an independent controller.

Apple Inc. / Apple Distribution International Ltd.: Profile and usage data are stored in your private iCloud via CloudKit. Subscription purchases are handled entirely by Apple; Chimera Law does not receive payment information. Voice input may be processed on-device or on Apple servers depending on your device model. For services provided in the EU, Apple Distribution International Ltd. (Ireland) is the contracting party; Apple transfers certain data to the USA on the basis of the EU Standard Contractual Clauses.

No third parties other than Anthropic and Apple, and no analytics or tracking SDKs, are used.

5. International Transfers

Anthropic processes data in the USA. As Anthropic is not currently certified under the EU-US Data Privacy Framework, we rely on the EU Standard Contractual Clauses (Implementing Decision (EU) 2021/914), which are incorporated into Anthropic’s standard terms and privacy policy. The safeguards under Art. 46 GDPR and — where applicable — the derogations under Art. 49 GDPR also apply. A copy of the Standard Contractual Clauses can be requested from the Provider.

6. Retention

• By default, clause and image content are not persistently stored by Chimera Law; they remain only transiently in memory during the API call. You may, however, use the “Memory” feature to store drafts only on this device: up to three manual slots (“Memory 1”, “Memory 2”, “Memory 3”) are written only when you explicitly tap the Memory button; a fourth slot (“Auto”) is updated automatically in the background only if you enable the “Auto-save current draft” setting. All four slots are held in a device-protected store (iOS Data Protection class “after first user authentication”). The data is transmitted to Anthropic, Apple, or other third parties only during the regular API call; no off-device copy is created, although encrypted iOS device backups may include this data. You can overwrite individual slots, disable auto-save at any time in Settings, or remove all four slots via the “Wipe all memory” button; on uninstall, the data is removed by iOS together with the app. Images are excluded from this storage.
• Anthropic retains API inputs and outputs under its privacy policy for up to 30 days by default; for detected policy violations, up to 2 years (content) or up to 7 years (safety classification scores). User feedback is retained for up to 5 years.
• Profile data and usage/billing records in your private iCloud are kept for the longer of 24 months or any retention period mandated by law, unless you delete them earlier.
• Local settings and your optional Anthropic API key remain on the device until uninstallation or manual removal in Settings.
• Local diagnostic logs are managed by the operating system and do not leave the device.

7. Your Rights

You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection (Art. 21 GDPR), as well as the right to withdraw any consent you have given with effect for the future (Art. 7(3) GDPR). Please direct requests to support@medienkommission.de.

You also have the right to lodge a complaint with a data protection supervisory authority, in particular the Hessian Commissioner for Data Protection and Freedom of Information, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, poststelle@datenschutz.hessen.de.

8. No Automated Decision-Making

No automated decision-making, including profiling within the meaning of Art. 22 GDPR, takes place. AI-generated text suggestions are proposals; the decision to use them always rests with the User.

9. IONOS WebAnalytics

This website uses IONOS WebAnalytics, a server-side, cookieless analytics tool. IP addresses are anonymized before analysis. No cookies are set. No personal profiles are created. No consent banner is required because no personal data within the meaning of Art. 4(1) GDPR is processed for this purpose.

10. Amendments

We reserve the right to amend this Privacy Policy if changes to the app or applicable law require it. The current version is available at this link at all times.

11. Version History

• Version 2.1 — 4 May 2026: Added optional local Memory feature (three manual slots plus an optional auto-save slot). Clause and image content remain non-persistent by default. No transmission to Anthropic, Apple, or other third parties beyond the regular API calls.
• Version 2.0 — 14 April 2026: Initial publication of the Chimera Law Privacy Policy (carried over from DraftKai 2.0). Inclusion of all actual data flows (Track Changes Vision, “Tell Me” analysis, BYOK key, local logs, UserDefaults, Keychain); legal bases, recipients, third-country transfers (SCCs instead of DPF), retention periods, data subject rights, and complaint right.