Shot2Pet — Verwandle dein Haustier in Kunst

Privacy policy

Last updated: March 2026

1. Data controller

The data controller within the meaning of the DSGVO is Shot2Labs (full details in the imprint). Contact for data protection inquiries: info@shot2pet.com. Providing the data marked with * (email, password) is required for contract fulfillment; without this data, no user account can be created. All other information is voluntary.

2. Data collected

We process the following personal data:

  • Email address (registration and communication)
  • Password (stored encrypted)
  • Uploaded pet photos (for image generation)
  • Order data including shipping address (for print orders)
  • Payment data (via Stripe, Inc. as data processor)
  • IP address and technical access data (server logs)

3. Legal basis

Processing is based on the following legal grounds: Art. 6 Abs. 1 lit. b DSGVO (contract fulfillment) for registration, image generation, credit management, payment processing and email communication within the contractual relationship. Art. 6 Abs. 1 lit. c DSGVO (legal obligation) for the retention of invoices and order data (10 years pursuant to §257 HGB / §147 AO). Art. 6 Abs. 1 lit. f DSGVO (legitimate interest) for server-side usage analysis, abuse prevention (rate limiting) and IT security. Art. 6 Abs. 1 lit. a DSGVO (consent) for newsletter delivery — consent can be withdrawn at any time at info@shot2pet.com or via the unsubscribe link in every email.

4. Data processors

We use the following data processors:

  • x.AI, Inc. (Grok API): For image generation, pet photos are transmitted to the Grok API by x.AI. Processing takes place exclusively in the EU (region eu-west); no transfer to third countries occurs. According to x.AI's API terms of use, input data is not used for model training. The collaboration is based on a data processing agreement. More information: x.ai/legal/privacy-policy
  • Stripe, Inc. (payment processing): For processing payments, payment data is transmitted to Stripe. Stripe is certified under the EU-US Data Privacy Framework and additionally employs EU Standard Contractual Clauses (SCCs) pursuant to Art. 46 Abs. 2 lit. c DSGVO. More information: stripe.com/de/privacy

5. Retention period

Uploaded photos and generated images without a paid order: 30 days, then automatic deletion. Generated images with a paid order: until account deletion by the user. Account data (email, name): until account deletion, then 30-day grace period, then permanent deletion. Passwords: stored encrypted, deleted with the account. Invoices, order data and payment records: 10 years (§257 HGB / §147 AO). Server logs and IP addresses: maximum 7 days. Session cookies: 24 hours. Usage analysis data: until account deletion, stored non-personally. Failed generation jobs: 30 days (for error analysis).

6. Your rights

You have the right to:

  • Access (Art. 15 DSGVO)
  • Rectification (Art. 16 DSGVO)
  • Erasure (Art. 17 DSGVO) – via "Delete account" in settings
  • Restriction of processing (Art. 18 DSGVO)
  • Data portability (Art. 20 DSGVO)
  • Objection (Art. 21 DSGVO)

To exercise your rights, contact: info@shot2pet.com

7. Cookies and local storage

We use only technically necessary cookies: (1) «s2_session» — encrypted session cookie for login (httpOnly, secure, SameSite=Lax, lifetime 24 hours). This cookie is required for the website to function and does not require separate consent pursuant to § 25 Abs. 2 Nr. 2 TDDDG. No additional cookies (analytics, tracking, marketing) are set.

For anonymized usage analysis, we store technical access data (pages viewed, event types, referrer, UTM parameters) server-side in our database. This data does not contain cookies and is not linked to your user account unless you are logged in. Storage is based on Art. 6 Abs. 1 lit. f DSGVO (legitimate interest in improving our service). No data is shared with third parties.

8. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for us is the state data protection officer of the federal state in which our company is headquartered (see imprint). A list of all supervisory authorities can be found at: bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

9. Automated decision-making

No automated decision-making or profiling within the meaning of Art. 22 DSGVO takes place. AI image generation is not an automated individual decision with legal effect, but a creative processing operation actively requested by the user.

10. Newsletter

If you consented to receiving the newsletter during registration (Art. 6 Abs. 1 lit. a DSGVO), we use your email address to send product news and offers. Consent can be withdrawn at any time — by email to info@shot2pet.com or via the unsubscribe link in every newsletter email. After withdrawal, your email address will no longer be used for newsletter purposes.