Privacy Policy

Data Controller

Jannik Vitztum
c/o IP-Management #9186
Ludwig-Erhard-Str. 18
20459 Hamburg, Germany
Email: shura@comfyai.de

Data We Collect

When using ComfyAI, the following data is processed:

• Account Data: Username, email address (optional), password hash, and related account settings
• Chat History: Your conversations with the AI are stored to provide chat history
• Technical Data: IP address, browser information, device or request metadata, and related operational logs (for security, abuse prevention, and error analysis)
• Browser Storage Data: Authentication tokens, guest tokens, consent choices, disclaimer acknowledgements, and certain local preferences stored in your browser
• Moderation and Audit Records: Reports, flags, security records, conversation logs, uploaded media audit copies, and related review materials where relevant to operations, moderation, support, abuse prevention, or legal compliance

Legal Basis for Processing

We process your data based on the following legal grounds (Art. 6 GDPR):

• Art. 6(1)(a) - Consent: Analytics cookies, optional tracking (you choose in our consent banner)
• Art. 6(1)(b) - Contract Performance: Chat functionality, account management, providing the service
• Art. 6(1)(f) - Legitimate Interest: Server logs, security measures, abuse prevention

How We Use Your Data

We use your data to operate, protect, maintain, and improve the service.

• Your chat history is stored so you can access it later
• The memory system helps the AI remember context from your conversations
• Automated safety systems may flag content that may violate our terms of use or create safety, abuse, or security concerns
• Authorized personnel may access, review, preserve, and use conversations, account data, metadata, and related records where reasonably necessary for service operations, support, moderation, abuse prevention, security, audits, legal compliance, or enforcement of our Terms
• We may create and retain service logs, moderation materials, and media audit records to investigate incidents, improve quality, and protect the platform

We don't sell your data. We don't train AI models on your conversations. We don't use it for advertising profiles.

Where Your Data Is Stored

All user data (conversations, accounts, memories) is stored on our own private servers located in Austria. We do not use cloud hosting for user data storage.

AI & API Services

Depending on which features you use, your data may be processed by:

• Local AI Models (Qwen): Your messages stay on our servers. Nothing leaves our infrastructure.
• Optional Third-Party or BYOK Model Providers: If optional third-party model integrations are enabled and selected by you, your messages may be sent to the provider you choose. Depending on availability, this may include providers such as OpenAI, OpenRouter, DeepSeek, or similar services.
• Web Search (Exa): If the AI uses web search, your query is sent to Exa. See their Privacy Policy.

Tip: Stick with Qwen models if you want maximum privacy - everything stays local.

Cookies and Tracking

We use browser storage and similar client-side storage for authentication, guest session continuity, consent preferences, disclaimer state, and local user settings. We may also use technically necessary cookies or similar technologies where required for service operation, security, or analytics configuration.

Google Analytics: We use Google Analytics to understand how users interact with our website (page views, traffic sources, user engagement). When you first use our service, you can choose whether to allow analytics cookies. Google Analytics is configured with consent mode defaults set to denied until you choose otherwise. If you decline, limited consent-mode or cookieless measurement signals may still be processed with IP anonymization and restricted storage behavior. You can also opt out using the Google Analytics Opt-out Browser Add-on. More information: Google Privacy Policy.

X/Twitter Pixel: We use the X (Twitter) conversion tracking pixel to measure the effectiveness of our social media presence. This is only activated if you consent to analytics cookies. More information: X Privacy Policy.

Data Retention

Your data is stored as long as your account exists. When you delete your account, access is removed immediately and your account cannot be restored. Selected account-related, moderation, audit, deletion-related, security, traffic, or compliance records may be retained for a limited period, typically up to 30 days, and in some cases longer where reasonably necessary or legally required.

• Account & Chat Data: Until you delete your account
• Server Logs: Typically up to 30 days, but may vary based on operational, security, or compliance needs
• Technical, Security, and Traffic Logs: Typically up to 30 days, but may be retained longer where reasonably necessary or legally required
• Moderation, Audit, and Deletion-Related Records: Typically up to 30 days after account termination, but may be retained longer where reasonably necessary for legal compliance, abuse prevention, security, or defense of legal claims

Account Suspension and Termination

We may suspend, restrict, or terminate accounts or features for policy enforcement, safety, abuse prevention, legal or compliance reasons, operational needs, or other legitimate service-protection purposes, as described in our Terms of Service. When this happens:

• Notification: We may provide limited notice or explanation where we choose to do so or where applicable law requires it
• Evidence Retention: We may retain relevant messages, reports, metadata, moderation materials, deletion-related records, and audit trails for a limited period, typically up to 30 days, and in some cases longer where reasonably necessary or legally required
• Reconsideration Requests: You may contact us regarding an enforcement decision, but review or response is discretionary except where applicable law requires otherwise
• Data Deletion: After the retention period, your data will be permanently deleted unless required by law

Legal Basis: Processing for account termination and evidence retention is based on our legitimate interest in maintaining platform safety and preventing abuse (Art. 6(1)(f) GDPR), as well as compliance with legal obligations (Art. 6(1)(c) GDPR).

Obligation to Provide Data

You are not legally required to provide personal data. However, certain data (username for registration, messages for chat) is necessary to use the service. Without this data, you cannot use the respective features.

Your Rights

You have the right to:

• Access your stored data
• Rectification of inaccurate data
• Deletion of your data
• Restriction of processing
• Data portability
• Object to processing

To exercise your rights, contact us at shura@comfyai.de.

Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. The responsible authority for Austria is:

Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna, Austria
Email: dsb@dsb.gv.at
Website: www.dsb.gv.at

Automated Decision-Making

We do not use fully automated decision-making as defined in Art. 22 GDPR that produces legal effects concerning you or similarly significantly affects you.

Note: While our AI generates responses automatically, this does not constitute "automated decision-making" under GDPR as it does not produce legal or similarly significant effects on you.

Content Moderation: Automated systems may be used to flag, score, filter, throttle, or temporarily restrict activity and to support moderation and security workflows. Relevant records may then be reviewed and handled by authorized personnel as appropriate to the circumstances and applicable law.

Infrastructure & CDN

We use the following external services for infrastructure:

• IONOS (VPS): Our reverse proxy and landing pages are hosted on IONOS servers in Germany. Traffic is forwarded to our private servers - no user data is stored on IONOS.
• jsDelivr CDN: For JavaScript libraries (KaTeX, Mermaid, Highlight.js)

Related Documents

Please also review our Terms of Service, which govern your use of ComfyAI and include information about account suspension and termination.

How to Delete Your Account

To delete your ComfyAI account and all associated data:

1. Log in to your account at comfyai.de
2. Open the available account settings or user options
3. Go to the account or privacy section
4. Click "Delete Account" and confirm with your password

What is removed immediately:

• Account access and active sessions
• Primary account records from active user systems
• Chat and feature data from active services

What may be retained for a limited period after deletion:

• Selected account-related records, moderation materials, deletion-related records, audit logs, traffic or security records, and compliance evidence needed for abuse prevention, legal obligations, and defense of legal claims

Retained records are generally deleted after the applicable retention period, but some residual, backup, audit, security, or compliance records may persist longer where reasonably necessary or legally required. Deleted accounts cannot be restored.

Questions? Contact us: shura@comfyai.de

Changes

This privacy policy may be updated from time to time. The current version is always available on this page.

Last updated: March 26, 2026