Zum Hauptinhalt springen
Manuel Fessen

Conductor - Privacy Policy

1. Introduction

This privacy policy explains how personal data is processed when using the Conductor app in accordance with the General Data Protection Regulation (GDPR) and applicable German data protection laws.

2. Controller

The controller within the meaning of data protection laws is:

Manuel Fessen c/o Secato GmbH Ungelsheimer Weg 7 40472 DĂĽsseldorf Email: litze.pasten.0i@icloud.com

3. Types of Data Processed

We process the following categories of personal data:

Conversation and knowledge base content (local / your iCloud):

  • Conversation history (messages, assistant responses, and optionally tool outputs), attachments (e.g. images/files), and knowledge base content are stored on your device.
  • If iCloud sync is enabled, this data is stored and synchronized via your personal iCloud (CloudKit).
  • We do not have access to the contents of your personal iCloud. Apple generally acts as an independent controller for iCloud/CloudKit.

AI Processing – Three Usage Modes

The app offers three different modes for AI features:

Mode 1: Bring Your Own Keys (BYOK)

  • You configure your own API keys for providers of your choice (OpenAI, Anthropic, Google, OpenRouter, etc.)
  • API keys are stored exclusively locally on your device and/or in your personal iCloud
  • We have NO ACCESS to your API keys, prompts, or responses
  • Data transmission occurs directly from your device to the provider you selected
  • You are the data controller for this processing
  • You pay providers directly via your own accounts

Mode 2: Credit Points (Using Our OpenRouter Access)

  • You purchase credit points via in-app purchase
  • The app uses our OpenRouter API key (stored locally on your device)
  • Flow: Your device → Our backend (credit check) → Your device → OpenRouter → Provider
  • We see only: Usage metadata (token consumption, credit consumption)
  • We do NOT see: Your prompts, responses, or chat content
  • OpenRouter forwards your requests to the provider you selected (20+ providers available)
  • Legal basis: Article 6(1)(b) GDPR (contract performance for credit billing)
  • OpenRouter’s Privacy Policy: https://openrouter.ai/privacy

Mode 3: Local Models (On-Device)

  • You download models that run entirely on your device
  • No external data transmission
  • No third parties involved
  • Maximum privacy

Mode 4: Conductor AI & Conductor Search (Free App-Provided Services)

  • The app provides free AI and search functionality through pre-configured API access
  • Conductor AI: Free AI model access via OpenRouter (managed by the app developer)
  • Conductor Search: Free web search via LangSearch (managed by the app developer)
  • Flow: Your device → OpenRouter/LangSearch → Provider
  • We see only: Aggregated usage metrics for service management
  • We do NOT see: Your prompts, responses, search queries, or chat content
  • These services are enabled by default but can be disabled in settings
  • Legal basis: Article 6(1)(b) GDPR (contract performance for providing core app functionality)
  • OpenRouter Privacy: https://openrouter.ai/privacy
  • LangSearch Privacy: https://docs.langsearch.com/legal/privacy-policy

You choose which mode to use in the app settings.

AI Provider Privacy Policies

When using BYOK or Credit Points modes, your data may be processed by the AI provider you select. Each provider has different data retention and usage policies.

Major Global Providers:

Specialized Providers:

Regional Providers (China):

Search & Tool Providers:

Local/Self-Hosted (No External Transmission):

  • On-device models: No data leaves your device
  • LAN providers (LM Studio, Ollama): Data stays on your local network

Important: Privacy practices vary significantly by provider. We recommend reviewing each provider’s privacy policy before use, especially regarding:

  • Data retention periods
  • Use of data for model training
  • International data transfers
  • Business vs. consumer tier differences

Note: Some providers (particularly regional Chinese providers) may only offer privacy policies in their native language.

Optional tools and device permissions:

  • Depending on the tools you use and the permissions you grant, the app may access and process data such as location (maps), calendar data (EventKit), reminders (EventKit), health data (HealthKit), URLs and website content (web read), or code snippets (code execution).
  • Voice and Audio: If you use the voice input feature, the app processes your audio recordings and uses device-based speech recognition to convert your speech into text. This text is then processed by the AI.
  • Images and Photos: If you share images from your camera or photo library, these are processed by the AI to provide descriptions, summaries, or identification.
  • If required to fulfill your request, such data may be transmitted to third-party services (e.g. search providers/websites, weather/map providers, code execution services) and may be included in the context sent to your selected AI provider.

Special Note on Health Data (Article 9 GDPR)

If you grant the app access to HealthKit, the app may process special categories of personal data within the meaning of Article 9 GDPR (health data).

Important:

  • Health data is NOT automatically transmitted to AI providers
  • Transmission occurs only when you explicitly use a Health tool AND make a request that requires health data
  • We advise against sharing sensitive health information with AI models, especially with providers that lack a BAA (Business Associate Agreement) or similar HIPAA guarantees
  • The app displays a warning before health data is transmitted to external services

Legal Basis: Article 9(2)(a) GDPR (explicit consent) and Article 6(1)(a) GDPR. You can withdraw consent at any time by disabling HealthKit access in your iOS settings.

Credit Points System (When Using Our OpenRouter Access)

If you purchase credit points, we process the following data:

What we process:

  • Number of credits purchased (in-app purchase via Apple)
  • Token consumption per request (metadata from OpenRouter)
  • Credit balance
  • Usage timestamps

What we do NOT process:

  • Your prompts or inputs
  • AI responses or outputs
  • Chat content or conversation history

Legal Basis: Article 6(1)(b) GDPR (contract performance for billing purposes)

Retention Period: Billing data for tax retention requirements (up to 10 years under German tax law § 147 AO)

Additional data:

  • Subscription/entitlement data (managed via Apple App Store and RevenueCat)
  • Optional diagnostics/telemetry data via PostHog (strictly opt-in)
  • Support communications (e.g. emails)

4. Purpose of Data Processing

We process personal data for the following purposes:

  • Providing and improving the app’s core functionality (chat, streaming, tools, knowledge base, storage/sync)
  • Managing subscriptions and entitlements
  • Analyzing diagnostics/usage data (only if you opt in)
  • Providing customer support
  • Enabling AI features via the providers you configure/select

The legal basis for processing personal data is:

  • Article 6(1)(b) GDPR (performance of contract) for core app functionality and subscription/entitlement management
  • Article 6(1)(a) GDPR (consent) for optional features and non-essential device access (where applicable)
  • Article 6(1)(f) GDPR (legitimate interest) for handling support requests and ensuring app security (case-by-case)

6. Data Sharing with Third Parties

We share data with the following third parties:

  • Apple Inc.: iCloud/CloudKit synchronization (your personal iCloud)
  • RevenueCat Inc.: subscription/entitlement management
  • OpenRouter (via Conductor AI): AI model aggregator for free model access
  • LangSearch (via Conductor Search): Web search for free search functionality
  • PostHog Inc.: optional anonymous telemetry (strictly opt-in)
  • AI/LLM providers: the provider you selected to generate responses (multi-provider setup)
  • Tool/API providers (depending on use): e.g. search providers/websites (web search/read), weather/map services, and code execution services

7. Data Retention

We retain personal data only as long as necessary for the purposes stated in this policy:

  • Conversation and knowledge base content: stored on your device and/or your personal iCloud until you delete it
  • Subscription/entitlement data: retained as required for subscription management and legal obligations
  • Diagnostics/telemetry (opt-in): typically up to 12 months (unless shorter retention is required)
  • AI/tool provider processing: subject to the retention policies of the respective providers

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right to access (Article 15 GDPR)
  • Right to rectification (Article 16 GDPR)
  • Right to erasure (Article 17 GDPR)
  • Right to restriction of processing (Article 18 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right to object (Article 21 GDPR)

To exercise these rights, please contact us at the email address provided in section 2.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Secure transmission (TLS) when communicating with third-party APIs
  • Local-first storage and optional iCloud/CloudKit sync under your Apple ID
  • Access controls via iOS permissions (e.g. location, calendar, health)

10. Changes to This Policy

We may update this policy from time to time. The current version is always available in the app settings.

11. Contact Information

For any questions regarding this privacy policy, please contact:

Manuel Fessen c/o Secato GmbH Ungelsheimer Weg 7 40472 DĂĽsseldorf Email: litze.pasten.0i@icloud.com

Let's create together

Ihre Vision, meine Lösung - sind Sie dabei?

Kontakt