Privacy Policy

Last updated: May 23, 2026

This Privacy Policy explains how PatrologiX collects, uses, and protects your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Who We Are

Data Controller: Jan Banholzer, operating as PatrologiX
Contact: You can reach us through the support inbox accessible via the platform.

PatrologiX is a theological research platform providing access to patristic literature, Aquinas, Scripture, and related scholarly resources.

2. What Data We Collect

We collect and process the following categories of personal data:

Account Data

• Email address (required for registration)
• Display name
• Optional profile information (bio, links)

Subscription Data

• Subscription plan and billing status
• Payment processing is handled by Stripe — we do not store your card details

AI Query Content

• Your prompts and the AI-generated responses
• Stored for service improvement and abuse prevention

User-Generated Content

• Blog posts and other content you author on the platform

Usage Data

• Page views and feature usage patterns
• Server-side logs only — we do not use third-party analytics services

3. Why We Process Your Data

We process your personal data on the following legal bases:

Contract Performance (Art. 6(1)(b) GDPR)

• To provide the PatrologiX platform and its features
• To manage your account and subscription
• To deliver AI-powered research assistance

Legal Obligation (Art. 6(1)(c) GDPR)

• To retain billing records as required by tax law

Legitimate Interest (Art. 6(1)(f) GDPR)

• Platform security and fraud prevention
• Abuse prevention and terms enforcement
• Platform improvement and bug fixing

4. Data Processors

We use the following third-party services to operate PatrologiX:

Supabase

Database hosting and authentication services. Data is stored on EU servers.
Supabase Privacy Policy

Stripe

Payment processing. Stripe handles all payment card data directly — we never see or store your card details.
Stripe Privacy Policy

Anthropic / OpenAI

AI model providers for our research assistant features. Your queries are sent to these providers to generate responses.
Anthropic Privacy Policy · OpenAI Privacy Policy

5. Data Retention

We retain your data for the following periods:

• Account data: Retained while your account is active, plus 30 days after account deletion
• AI query logs: 90 days
• Billing records: 7 years (as required by German tax law)
• Server logs: 30 days

6. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate data
• Right to erasure:Request deletion of your data ("right to be forgotten")
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to restriction: Request limitation of processing in certain circumstances
• Right to object: Object to processing based on legitimate interests

To exercise any of these rights, please contact us through the support inbox on the platform. We will respond within 30 days.

7. Cookies

PatrologiX uses essential cookies only for authentication and security. We do not use tracking or analytics cookies without your consent.

For detailed information, please see our Cookie Policy.

8. International Data Transfers

Our AI providers (Anthropic, OpenAI) are based in the United States. When you use AI features, your queries are transferred to these providers. These transfers are conducted under Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of data protection.

9. Updates to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via email or a prominent notice on the platform before the changes take effect.

10. Supervisory Authority

If you believe we have not handled your data in accordance with data protection law, you have the right to lodge a complaint with a supervisory authority. In Germany, this is:

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153
53117 Bonn
Germany
www.bfdi.bund.de

We encourage you to contact us first if you have concerns — we are committed to resolving any issues promptly and fairly.