Privacy Policy

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws as well as other data protection provisions is:

2. General Information on Data Processing

This website is aimed at children and young people between the ages of 4 and 16. The protection of personal data is our highest priority. We only process personal data to the extent necessary to provide a functional website and our content.

We collect no personal data such as names, email addresses, phone numbers, or addresses of our users. There are no user accounts and no registration.

3. Hosting and Website Provision

This website is hosted on a dedicated server in Germany. When you visit our website, the web server automatically processes temporary access data. This includes:

• IP address of the requesting device
• Date and time of access
• Page/URL accessed
• Amount of data transferred
• Browser type and version
• Operating system

This data is processed solely to ensure the smooth operation of the website and to improve our services. It is not possible for us to associate this data with specific individuals. This data is not merged with other data sources.

Server log files are automatically deleted after 7 days.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the stable and secure provision of the website).

4. Cookies and Local Storage

This website uses no tracking cookies, no analytics cookies, and no advertising cookies.

We exclusively use your browser's localStorage (a local storage technology) to store the following data exclusively on your device:

• Privacy consent: Whether you have confirmed the privacy notice.
• Difficulty level: The selected difficulty level for the games.
• Learning progress: Completed chapters, quiz results, collected stars and badges, selected learning mode (Kids/Smart).
• Chat session: Remaining message count and session timestamp (for the daily limit).
• Accessibility Preferences: Font size, high contrast, pause animations, reading guide, link highlighting, and text spacing are stored locally (localStorage, key 'ki-lumi-a11y'). These settings help users with different accessibility needs and never leave your device.

This data never leaves your device. It is not transmitted to our servers or to third parties. You can delete this data at any time by clearing your browser data or using the 'Reset Progress' function on the 'For Adults' page.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the functionality of the website). Since the data remains exclusively on your device, no data processing by us takes place.

The language cookie (NEXT_LOCALE) set by next-intl is used exclusively to store your language preference (German/English). It is a technically necessary cookie that does not contain any personal data.

5. AI Chat (Kilumi)

On this website, children can interact with an AI-powered chatbot ('Kilumi'). The entered chat messages are sent to an external AI service (currently Anthropic Claude, OpenAI, or Google Gemini – depending on configuration) to generate a response.

Legal basis: Art. 6(1)(a) GDPR (consent through confirmation of the privacy notice before use).

The aforementioned AI providers are based in the USA. Data transfers are based on the adequacy decision of the EU Commission regarding the EU-U.S. Data Privacy Framework (Art. 45 GDPR).

You have the right to withdraw your consent at any time. The lawfulness of processing carried out before the withdrawal remains unaffected. You can exercise the withdrawal by no longer using the AI chat or by revoking your privacy consent via the 'Reset Progress' function.

Privacy policies of AI providers: Anthropic (anthropic.com/privacy), OpenAI (openai.com/privacy), Google (policies.google.com/privacy).

6. AI Image Generation

Images can be generated by AI in the chat. The entered image request (prompt) is sent to the image generation service OpenAI DALL-E. The generated image is temporarily cached and deleted after the session ends. No personal data is transmitted.

7. Abuse Protection (Rate Limiting)

To protect against abuse (e.g., automated mass requests), the IP address of the requesting device is temporarily processed in the server's memory for API requests. This data is used exclusively for detecting and preventing abuse and is automatically deleted after no more than one hour. No association with individual persons takes place.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in protecting the website from abuse).

8. Feedback Form

On our contact page, you can provide anonymous feedback. The following data is stored on our server:

• Star rating (1–5 stars)
• Comment (optional, maximum 1,000 characters)
• Timestamp of submission

No personal data is collected – neither name, email address, nor IP address is stored with the feedback. It is not possible to associate feedback with individual persons. The feedback is used exclusively to improve this platform.

To protect against abuse, the number of feedback submissions per device is limited to 3 per hour.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in improving our services).

9. No External Resources

This website loads no resources from external servers:

• Fonts: Served locally from our server (no Google Fonts).
• Analytics tools: No analytics or tracking services (Google Analytics, Matomo, etc.) are used.
• Advertising: No advertisements are displayed and no advertising networks are integrated.
• Social media plugins: No social media buttons or widgets are integrated.
• CDN services: All content is served directly from our server.

As a result, no data is transmitted to third parties when visiting this website – with the exception of the AI services described in sections 5 and 6, which are only contacted when actively using the chat.

10. Your Rights as a Data Subject

Under the GDPR, you have the following rights:

• Right of access (Art. 15 GDPR): You have the right to know whether and what personal data we process about you.
• Right to rectification (Art. 16 GDPR): You have the right to have inaccurate data corrected.
• Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your data.
• Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing.
• Right to data portability (Art. 20 GDPR): You have the right to receive your data in a commonly used format.
• Right to object (Art. 21 GDPR): You have the right to object to the processing of your data.

Since we do not collect or store any personal data, these rights are effectively moot in practice. Should you nevertheless have questions or concerns, please contact: felix@weipprecht.de

11. Special Protection of Minors

This website is aimed at children and young people. We are aware of the special responsibility that comes with this. In accordance with Art. 8 GDPR, we observe the following:

• We collect no personal data from children.
• There is no registration and no user account.
• The AI chat is protected by comprehensive content filters that ensure child-appropriate communication.
• All content is age-appropriate and educationally designed.
• We recommend that children explore this website together with an adult.

12. SSL/TLS Encryption

For security reasons and to protect the transmission of all content, this website uses SSL/TLS encryption. You can recognize an encrypted connection by the browser's address bar changing from 'http://' to 'https://' and by the lock icon in your browser bar.

13. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.

15. Anonymous Usage Statistics

We collect anonymous page view counters to understand which areas of our website are being used. Only the page visited and the date are recorded.

No IP addresses, cookies, device information, or other personal data are collected. It is not possible to identify individual users.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in improving our service).

16. AI-Generated Content

Some content on this website (particularly blog articles and images in the "AI News" section) is created with the assistance of Artificial Intelligence. All AI-generated texts are editorially reviewed before publication.

AI-generated images are labeled as such in accordance with the EU AI Act (Art. 50(2)) and carry the label "AI-generated". Image generation uses OpenAI DALL-E. No personal data is processed — only a descriptive text prompt is sent to the service.

All blog articles are based on publicly available news sources. Original sources are cited in each article.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing age-appropriate content).

17. AI Safety Section

The AI Safety section is designed to teach children about the dangers of using Artificial Intelligence. No additional personal data is collected in this section.

Quiz and test results (detective test, mini-checks) are stored exclusively in the user's browser locally (localStorage). This data never leaves the user's device.

No external tracking, analytics, or data transmission to third parties takes place for the AI Safety section.

18. Anonymous Learning Progress Statistics (Community Counters)

On our homepage, we display anonymous counters showing how many children have completed the quiz or earned the AI Detective badge. These numbers serve as motivation and contain no personal data whatsoever.

The following events are counted anonymously: quiz completions, finale completions, AI detective badges, and mode selection (Kids/Smart). No name, no IP address, and no user profile is stored — only an aggregate counter is incremented by 1.

For the optional age group selection (6–8, 9–10, 11–13, 14+), only the selected group is stored as an anonymous aggregate counter. It is not possible to trace this back to any individual.

To prevent duplicate counting, a random session ID (UUID) is generated in the browser's sessionStorage. This ID is automatically deleted when the browser tab is closed and cannot be linked to any person.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing a motivating display of platform usage).

14. Changes to This Privacy Policy

We reserve the right to update this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services. The new privacy policy will apply to your next visit.