Cookie Settings

    We use essential cookies to run the site and optional analytics cookies to understand how SHOWZ is used. You can change your choice at any time via "Cookie settings" in the footer.

    Essential: Required for the service to function

    Functional: Improve your experience with personalization

    Learn More

    Privacy Policy

    Last Updated: February 17, 2026

    1. Responsibility

    Controller within the meaning of Art. 4 Nr. 7 DSGVO is:
    Showrooming GmbH, Torstraße 207, 10115 Berlin, Germany
    E-Mail: hello@showz.ai

    2. Data protection contact / Data protection officer

    You can reach us at privacy@showz.ai

    SHOWROOMING GMBH, Torstraße 207, 10115 Berlin
    Phone: +49 30 23998570 · Mobile: +49 176 83288141
    Managing Director: Ayan Yuruk
    Website: SHOWZ.ai

    3. General notes & legal bases

    We process personal data only insofar as this is necessary to provide our website/platform, to communicate, to perform the contract, or based on your consent.
    Legal bases (depending on processing):

    • Art. 6 Abs. 1 lit. b DSGVO (contract / pre-contractual measures)
    • Art. 6 Abs. 1 lit. f DSGVO (legitimate interest: IT security, error analysis, abuse prevention, economic operation)
    • Art. 6 Abs. 1 lit. a DSGVO (consent: e.g., marketing, optional cookies, possibly training/development)

    Special categories of personal data (Art. 9 DSGVO) are not intended to be processed.
    Please do not enter such data in prompts/uploads. If this nevertheless occurs in individual cases, special requirements apply.

    4. Data processing when visiting the website (server logs)

    When you access our website, the web server automatically processes data that your browser transmits:
    IP address, date/time, page accessed, referrer URL, browser type/version, operating system, if applicable provider Purposes: delivery of the website, stability, security (e.g., defense against attacks), error analysis.
    Legal basis: Art. 6 Abs. 1 lit. f DSGVO.
    Retention period: 90 days or longer if security-relevant.

    5. Hosting

    Our website is hosted by the external service provider Lovable (lovable.dev). In doing so, personal data may be processed on the hoster's servers.
    Hoster: Lovable Labs Incorporated, 1111B South Governors Avenue, Dover, DE 19904, USA
    Legal basis: Art. 6 Abs. 1 lit. f DSGVO (efficient, secure provision) and, if applicable, Art. 6 Abs. 1 lit. b DSGVO (contract performance).
    Third-country transfer: If processing occurs in the USA, we base the transfer on appropriate safeguards (e.g., EU Standard Contractual Clauses) and additional measures.

    6. Contact (email, phone, forms)

    When you contact us, we process your details (e.g., name, email, message) to handle your request and for follow-up questions. Legal basis: Art. 6 Abs. 1 lit. b DSGVO (pre-contractual/contractual) or Art. 6 Abs. 1 lit. f DSGVO (efficient handling).
    Retention period: until final processing; possibly longer retention in case of legal obligations.

    7. Newsletter / Marketing communication

    If you subscribe to a newsletter, we process your email address and possibly other voluntary information.
    Legal basis: Art. 6 Abs. 1 lit. a DSGVO (consent). Revocation at any time with effect for the future (e.g., unsubscribe link).
    Retention period: until unsubscription, thereafter deletion/blocking after 90 days, provided no verification obligations exist.

    8. User account & contract performance (platform / studio)

    When you create an account or order services, we process contract and account data (e.g., name, email, company data, login, billing). Purposes: account creation, authentication, provision of services, billing, support, abuse prevention.
    Legal basis: Art. 6 Abs. 1 lit. b DSGVO; additionally Art. 6 Abs. 1 lit. f DSGVO (security/operation).
    Retention period: contract term; thereafter according to retention periods (commercial/tax law) and deletion concept.

    9. AI content creation (prompts, uploads, outputs, metadata)

    When using the AI Photo Studio, the following data may be processed: inputs (prompts, parameters), uploaded assets (e.g., product images), generated outputs (images/variants), technical metadata and logs. Purposes: generation of the requested content, quality assurance, error analysis, abuse and security prevention, support.
    Legal basis: Art. 6 Abs. 1 lit. b DSGVO (contract) and Art. 6 Abs. 1 lit. f DSGVO (operation/security).
    Training/development: We do not use customer inputs/outputs for training our own or third-party AI models, except where (a) this is contractually agreed or (b) explicit consent is given (opt-in).
    Note: Please do not upload personal data of third parties for which you do not have an appropriate legal basis/consent.**

    10. Recipients / processors

    We use service providers (e.g., hosting, email, newsletter, monitoring, payment service providers, AI models/API).
    These process data as processors (Art. 28 DSGVO) or as independent controllers (e.g., payment service providers).

    Current list of service providers:

    Processors:

    Independent controllers:

    11. Cookies, consents & tracking (TTDSG/DSGVO)

    Our website uses cookies or similar technologies. Necessary cookies: for basic functions, security, settings. Legal basis: § 25 Abs. 2 TTDSG; Art. 6 Abs. 1 lit. f DSGVO.
    Optional cookies (analysis, marketing, personalization): are set only with your consent. Legal basis: § 25 Abs. 1 TTDSG; Art. 6 Abs. 1 lit. a DSGVO.
    Cookie banner/preferences: You can revoke or change consents at any time via cookie settings/footer link.

    12. Social media links/plugins

    If we link to social media profiles, no data is initially transmitted to the platform operator by clicking the link alone. Only when accessing the respective platform do their data protection provisions apply.

    13. Third-country transfers

    If data are transferred to third countries (e.g., USA), we ensure appropriate safeguards (e.g., adequacy decision, EU Standard Contractual Clauses) and review additional measures (encryption, access controls).

    14. Storage duration & deletion

    Unless otherwise stated, we delete personal data as soon as the purpose no longer applies and no statutory retention obligations conflict.
    Concrete periods:

    • Server logs: 90 days
    • Contact inquiries: 6–12 months
    • Account data: contract term + statutory retention Prompts/Uploads/Outputs: 90 depending on product setting, then deletion/anonymization

    15. Your rights

    Under the DSGVO, you have in particular the following rights: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21).
    Revocation of consents at any time (Art. 7 Abs. 3). Complaint to a supervisory authority (Art. 77). As a rule, the supervisory authority of your place of residence/workplace or our company's seat in Berlin is responsible.

    16. Objection to direct advertising

    If we process your data for direct advertising, you can object at any time; then your data will no longer be processed for this purpose.

    17. Security

    We implement appropriate technical and organizational measures pursuant to Art. 32 DSGVO (e.g., encryption, access controls, logging, incident response).

    18. Changes to this privacy policy

    We update this privacy policy if the legal situation or processing changes. The current version can be found here.