AI Act · Transparency
Which AI models HillcrownAI uses, where the training and content data come from, how we moderate, and which parental and protection mechanisms keep children safe from risk - openly documented in line with the EU AI Act and the German Youth Protection Act (JuSchG).
As of: May 2026
The HillcrownAI platform relies exclusively on open-source foundation models that are operated on European infrastructure in Germany. No requests are forwarded to proprietary hosted-model providers.
Open-source foundation model, fine-tuned for German-language children's conversations, curriculum context and age-appropriate behaviour. Hosted in HillcrownAI's own data centres in Germany. The specific model selection is reviewed with each release cycle and may evolve along with the open-source landscape; it is disclosed to procurement bodies and auditors on request.
Our own classification models for pre- and post-filtering, aligned with JuSchG categories and age-graded risk clusters. Not generative. Specific architecture and training data disclosed to procurement bodies and auditors on request.
HillcrownAI's own multiguard pipeline with classifying pre- and post-filtering, JuSchG-compliant categorisation and a pedagogically trained escalation tier for sensitive topics. Moderation models are not trained on children's conversation data.
Open-source diffusion model, complemented by HillcrownAI's own LoRA fine-tunings for GDPR-compliant brand and character image generation without rights risk. Specific model selection disclosed on request, as for the language model.
HillcrownAI strictly separates foundation-model pre-training (open source, documented by the respective provider), our own fine-tuning (curated and licensed data) and inference data (children's conversations - not used for training).
Open-source data sets of the respective foundation models. Provider model cards and training disclosures are linked from our technical documentation and updated with every model upgrade.
Licensed content from our publishing, education and research partners and curriculum context produced in-house. Every training batch is reviewed for source provenance, age-appropriateness and JuSchG compliance before it enters a model update.
Conversations that children have with KinderGPT are not used to train the model. In anonymous use, no conversation data is permanently stored; it remains only within the current session. If parents activate a parent account on the Basis or Premium tier, conversations are surfaced in the parent console for the legal duty of care and deleted within the retention windows defined in the privacy policy.
Parents and legal guardians sit as the legal and operational layer above every use of KinderGPT. The app is installed via the parents' app-store account - consent is therefore structurally ensured before any use. By default KinderGPT can be used anonymously; a parent account with console, topic filters and history export is optional from the Basis or Premium tier onwards.
KinderGPT is listed in the app stores with an age rating of 4+. Installation is performed via the Apple or Google account of a legal guardian - children can only install the app after the parents' active approval. Parental consent is therefore structurally ensured before any use.
After installation KinderGPT can be used without an account. No names, e-mail addresses or place of residence are requested. Sessions are isolated, no profiling takes place, and no identification is built up across uses.
Parents who want to use the parent console, topic filters or history export on the Basis or Premium tier can create an account. The account requires only an e-mail address for authentication - no names, no address data, no demographic profiles. Data-minimal under GDPR Art. 5 c.
Parents always see conversation histories and topic clusters, and can disable individual topics, time windows or features.
On sensitive topics (self-harm, bullying, sexualised content), KinderGPT is intended to respond in a pedagogically de-escalating tone and refer to established counselling services in age-appropriate form. This escalation and help chain is currently being implemented.
HillcrownAI is built around the EU AI Act's obligation regime: GPAI and governance obligations from 2 August 2026, and the high-risk obligations for education and child-facing applications from 2 December 2027.
KinderGPT is classified as an AI system intended for children with elevated risk; we align our architecture and processes fully with the requirements from the chapters on high-risk systems and GPAI transparency.
HillcrownAI maintains complete model and data documentation, a risk-management file and a change log for all production models and moderation rules.
Escalations, moderation hits and unclear cases are handled by a pedagogically trained operations team with clear response deadlines - no full automation on critical topics.
Sources
HillcrownAI aligns KinderGPT's safety routines with publicly available recommendations from recognised bodies in German and European child and youth media protection. Specifically citable:
2nd edition, March 2026, published by klicksafe (German Safer Internet Centre, run by the Medienanstalt Rheinland-Pfalz) in cooperation with the Federal Centre for Child and Youth Media Protection (BzKJ) and Nummer gegen Kummer e. V. The brochure names ten risks for children interacting with AI chatbots. HillcrownAI has adopted these risks as an internal review framework. Unlike AI companions that sit directly on proprietary model APIs, KinderGPT runs entirely on self-hosted open-source models in DACH data centres.
Examples of design measures implemented in KinderGPT:
Examples of design measures currently being implemented:
Additional public references:
klicksafe and the BzKJ do not award partner or certification status to HillcrownAI. The reference identifies exclusively the publicly accessible sources that inform our internal review routines.
Procurement bodies, supervisory authorities, school and data-protection officers, research partners and parent boards receive our complete model, data and moderation documentation on request - including AI Act mapping, JuSchG risk assessment and parent-flow documentation. Write to partner@hillcrownai.com.
partner@hillcrownai.com