What file formats can I upload for audiobook conversion?

Tontaube supports PDF, TXT, DOCX, EPUB, and other popular document formats. Our AI processes these files to extract text for high-quality audio conversion.

How does the credit system work for generation?

Credits are our in-app currency for text-to-speech and cloning. Pricing depends on text processing and voice selection. Expect an equivalent of $0.20-$2 per hour of audio.

Can I use my audiobooks commercially?

Yes! You retain full rights. Audiobooks created from your own texts can be downloaded, used commercially, or published elsewhere without restrictions.

What is AI text optimization?

Our optional AI enhancement uses AI models to optimize text for audio by removing metadata and formatting headers for a better listening flow.

How does Voice Cloning work?

By providing a short audio sample, Tontaube creates a digital clone of your voice. You can then use this voice to narrate any document or book. Your voice will stay private and only you have access to it.

Privacy Policy for tontaube.ai

Version: 19 March 2026

We, Cremer & Cremer Technologies UG (haftungsbeschränkt), located in Berlin, Germany, take the protection of your personal data seriously. This Privacy Policy informs you how we collect, process, and protect your data when you visit our website tontaube.ai (the “Website”). The processing is carried out in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

In this Privacy Policy, we use the term “Personal Data” as defined by the GDPR, meaning any data that is or can be potentially attributed to an identifiable individual.

1. Controller

The controller responsible for data processing within the meaning of the GDPR is:

Jonathan Cremer
Herderstraße 22, 12163 Berlin, Germany
data-protection@craitech.io

2. Legal Bases for Processing

We base every processing of your personal data on one of the following legal bases of the GDPR (Art. 6):

Consent — Art. 6(1)(a) You have given your explicit consent to the processing for a specific purpose (e.g., analytics). You may withdraw your consent at any time with effect for the future.
Contract — Art. 6(1)(b) Necessary to fulfill the user agreement and to provide you with the Website’s features.
Legitimate Interest — Art. 6(1)(f) Serves security purposes (abuse and fraud prevention), website improvement, and internal analysis, provided your interests do not override ours.
Legal Obligation — Art. 6(1)(c) Required to comply with tax and commercial law retention obligations, as well as other legal requirements.

3. Categories of Personal Data We Collect

(a) Data Provided by You

Category	Examples
Communication & Feedback	Support requests, error reports, feature requests submitted via contact forms or email

(b) Automatically Collected Data

Category	Examples
Server Log Data	IP address (stored max. 30 days), browser type and version, operating system, referring URL, pages visited, timestamps
Analytics Data	Pseudonymous usage profiles: session duration, interaction paths, page views (via Google Analytics 4)
Diagnostic Data	Error logs, performance metrics

4. Purposes of Processing and Legal Bases

Purpose	Description	Legal Basis (Art. 6 GDPR)
Website Delivery	Serve pages, load balancing, technical stability	lit. b / lit. f
Security & Abuse Prevention	Analyze server logs, IP logs	lit. f
Reach Measurement & Improvement	Pseudonymous usage statistics via Google Analytics 4 (no advertising remarketing)	lit. a
Customer Support & Communication	Respond to your inquiries	lit. b / lit. f
Error Analysis	Crash reports, performance monitoring	lit. f

Where we rely on consent (lit. a), you may withdraw it at any time via our cookie banner or by contacting us — this does not affect the lawfulness of processing before withdrawal. Where we rely on legitimate interest (lit. f), you can object to the processing at any time (see “Your Rights”).

5. Recipients of Your Data

Service Provider	Location / Data Centers	Purpose	Guarantees
Google Cloud Platform / Firebase (Google Ireland Ltd.)	EU / worldwide	Website hosting (Firebase Hosting), backend infrastructure	DPA + DPF / SCCs
Google Analytics 4 (Google Ireland Ltd.)	EU / USA	Reach measurement, website statistics (no ads remarketing activated)	DPA + DPF / SCCs

All processors handle personal data exclusively according to our instructions and are contractually bound to confidentiality and appropriate technical and organizational measures (Art. 28(3) GDPR).

5.2 Other Recipients

Authorities / Courts — exclusively when legally required or for the enforcement of rights.
Successors in the context of a merger, acquisition, or similar transaction.

6. International Data Transfers

Some of our service providers operate servers in third countries, particularly in the USA. Transfers of personal data only occur if one of the following protective measures is in place:

Standard Contractual Clauses (SCCs) of the EU Commission (Art. 46(2)(c) GDPR).
EU–US Data Privacy Framework (DPF) for certified US companies (e.g., Google LLC).

Copies of the SCCs or proof of DPF certification are available upon request at data-protection@craitech.io.

7. Storage Periods

Data Type	Retention Period	Reason
Server Log Files (IP, browser)	Up to 30 days	Website security and technical stability. Automatic rotation; longer storage only in case of security-relevant incidents.
Analytics Data	90 days (pseudonymized)	Reach measurement and product improvement. Fully anonymized statistics may be retained indefinitely.
Support Correspondence	6 years	Mandatory retention under German commercial law (§ 257 HGB).

Unless legal obligations prevent it, we will also delete or anonymize data earlier if you request it.

8. Cookies

We do not currently use cookies or similar tracking technologies that would require consent. Google Analytics 4 is configured to operate without setting consent-requiring cookies.

9. Your Rights

As a data subject, you have the following rights under the GDPR:

Right of access (Art. 15 GDPR) – You can request a copy of your stored personal data.
Right to rectification (Art. 16 GDPR) – You can have incorrect or incomplete data corrected.
Right to erasure (Art. 17 GDPR) – You can request that your data be deleted, provided no legal retention obligations prevent it.
Right to restriction of processing (Art. 18 GDPR) – You can restrict the processing of your data under certain conditions.
Right to data portability (Art. 20 GDPR) – You have the right to receive your data in a machine-readable format.
Right to object (Art. 21 GDPR) – You can object to processing based on legitimate interest (Art. 6(1)(f)).

To exercise your rights, please contact us at data-protection@craitech.io.

If you believe that the processing of your personal data violates the GDPR, you can contact a supervisory authority. The authority responsible for us is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59–61, 10555 Berlin, Germany
Website: https://www.datenschutz-berlin.de

10. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy to adapt it to legal or technical changes. Material changes will be published on our website. Changes take effect upon publication, unless otherwise specified.