Privacy Policy

StayTrue with Kyaro
Effective Date: 19 March 20261. Introduction
This Privacy Policy explains how personal data is processed when you use:
- the AI-based reflection chatbot StayTrue with Kyaro (the “Service”)
- our website
- our newsletter and related digital services
The Service is operated by:
matterius GmbH
Werinherstr. 3
81541 Munich
Germany
Email: service (at) matterius.com
We are committed to protecting your privacy and handling personal data in accordance with applicable laws, including:
the General Data Protection Regulation (GDPR)
applicable U.S. child privacy laws (COPPA)2. Nature of the Service
StayTrue with Kyaro is a guided reflection chatbot designed to support teenagers (14+) in:
- organizing thoughts
- reflecting on emotions
- building self-awareness,
- confidence, and resilience
The Service:
- does not provide
therapy or medical services
- does not diagnose or treat mental health conditions
- is intended for educational and reflective purposes only3. How the Service Works
The chatbot operates using artificial intelligence systems provided by third-party platforms (e.g., ChatGPT / OpenAI).
When a user interacts with the chatbot:
text entered by the user is processed by the AI system
a response is generated in real time
this processing may occur on external servers
⚠️ Important distinction:
The AI system processes user input to generate responses
The operator of StayTrue with Kyaro does not access, store, or review these conversations4. Data Processing Overview
4.1 No Access or Storage by the Operator
We do not store, retain, or access individual chatbot conversations.
This means:
- we cannot read chat messages
- we cannot identify users through chatbot content
- we do not build user profiles based on conversations4.2 Processing by Third-Party AI Providers
User input is processed by third-party AI systems (e.g., OpenAI) solely for the purpose of generating responses.
This includes:
- temporary processing of text inputs
- technical handling required to deliver responses
We do not control how these providers process data internally.
Users should review the privacy policies of these providers for further details.4.3 Types of Data Processed
Depending on how the Service is used, the following data may be processed:
-text input actively provided by users during chatbot interactions(e.g., thoughts, questions, or reflections voluntarily shared)
- general interaction data
- technical data (e.g., device, browser, IP address via platform providers)
👉 This data is processed by the underlying AI systems solely to generate responses.
👉 The operator of StayTrue with Kyaro does not store, access, or review this data.4.4 Website Data Processing
When visiting our website, certain data is automatically processed:
IP address (where possible anonymized)
browser type and version
operating system
referrer URL
date and time of access
This is necessary to:
ensure technical functionality
maintain security
improve user experience
Legal basis:Art. 6(1)(f) GDPR – legitimate interest4.5 Analytics and Tracking (if applicable)
We may use analytics tools to understand website usage.
These tools may collect:
anonymized usage data
interaction patterns
Where required, consent is obtained via a cookie banner.
Legal basis:
Art. 6(1)(a) GDPR – consent
Art. 6(1)(f) GDPR – legitimate interest4.6 Newsletter and Email Communication
If you subscribe to our newsletter, we process:
your email address
your name (if provided)
interaction data (e.g., opens, clicks)
Purpose:
to send updates and relevant content
to improve communication
We may use external email service providers.
Legal basis:Art. 6(1)(a) GDPR – consent
You can unsubscribe at any time.4.7 Third-Party Services and Interfaces
We use third-party providers for:
- AI functionality (e.g., OpenAI / ChatGPT)
- hosting
- website infrastructure
- email and newsletter delivery
analytics
These providers may process data independently under their own policies.5. Purpose of Processing
We process data to:
- provide access to the Service
- ensure website functionality and security
- improve usability and performance
- send newsletters (with consent)
- understand general usage patterns6. Data Minimization & User Responsibility
The Service is designed according to data minimization principles.
Users are not required to provide personal identifying information.
The chatbot encourages reflection without requiring identification.
Users should avoid sharing sensitive personal data, including:
- full name
- address
- phone number
- passwords
- financial data
- private data about others
If unsure, users should consult a parent or trusted adult.7. Legal Basis for Processing (GDPR)
Processing is based on:
Art. 6(1)(a) GDPR – consent (newsletter, tracking)
Art. 6(1)(b) GDPR – provision of the Service
Art. 6(1)(f) GDPR – legitimate interest
Third-party providers rely on their own legal bases.8. International Data Transfers
Data processing may occur outside the EU, including the United States.
Transfers may rely on:
Standard Contractual Clauses (SCCs)
safeguards implemented by providers9. Children’s Privacy (COPPA Compliance)
The Service:
is intended for users aged 14+
is not directed to children under 13
We do not knowingly collect data from children under 13.
If identified, such data will be deleted where possible.
Users under 18 should involve a parent or guardian.10. Role of Parents and Guardians
Parents and guardians are responsible for:
- supervising usage
- guiding responsible behavior
- supporting teens in digital interactions
The Service does not replace parental guidance.11. Data Security
We implement reasonable security measures.
However:
no system is fully secure
third-party systems operate independently12. Data Retention
We do not retain chatbot conversation data.
Third-party providers may retain data according to their own policies.13. Your Rights (GDPR)
Users may have rights to:
- access
- rectification
- erasure
- restriction
- portability
- objection
You also have the right to lodge a complaint with a supervisory authority.14. Transparency About AI
The chatbot:
is an AI system
generates responses automatically
does not understand users like a human
User input is processed temporarily to generate responses.15. Important Limitations
The Service:
- cannot guarantee accuracy
- cannot detect all risks
- cannot identify emergencies
It must not be used for:
- medical advice
- psychological diagnosis
- crisis situations16. Updates to This Policy
This Privacy Policy may be updated at any time.
Continued use of the Service implies acceptance.17. Third-Party Services Notice
StayTrue with Kyaro relies on third-party infrastructure and AI technologies.
These providers may process data independently.
We recommend reviewing their policies.18. Contact
matterius GmbH
Email: service (at) matterius.com