Privacy Policy

Datenschutzerklärung

1. Controller

Matthias Grawinkel
Wilmersdorfer Str. 154
10585 Berlin
Deutschland

[email protected]

2. Overview of Data Processing

We process personal data only to the extent necessary to provide our services. The following types of data may be processed:

  • · Contact data (email address)
  • · Usage data (pages visited, interactions)
  • · Device data (browser type, operating system)
  • · Connection data (IP address, access times)
  • · Payment data (when purchasing premium features)

3. Legal Bases

We process your data based on the following legal grounds:

  • · Art. 6(1)(a) GDPR — Consent - for analytics cookies (PostHog)
  • · Art. 6(1)(b) GDPR — Contract performance - to provide our service, process payments, and send authentication emails
  • · Art. 6(1)(f) GDPR — Legitimate interests - for security, fraud prevention, and service improvement

4. Cookies and Local Storage

We use the following types of cookies and storage:

Essential (always active)

  • · sessionid — Session cookie for authentication (expires after 1 year)
  • · csrftoken — Security token to prevent cross-site request forgery
  • · django_language — Stores your language preference
  • · sondersync_consent — Stores your cookie consent preference (localStorage)
  • · analytics_consent — Stores your analytics consent choice (expires after 1 year)

Analytics (requires consent)

  • · PostHog — Usage analytics to improve the app. Only loaded with your explicit consent.

5. Services We Use

Fly.io — Hosting

Our application is hosted on Fly.io servers in Frankfurt, Germany (EU). Fly.io processes server logs containing IP addresses and request metadata for security and operational purposes.

Art. 6(1)(f) GDPR · fly.io/legal/privacy-policy

Amazon Web Services SES — Email

We use AWS Simple Email Service (Frankfurt region, EU) to send transactional emails, including magic link authentication emails. AWS processes your email address and email content for delivery.

Art. 6(1)(b) GDPR · aws.amazon.com/privacy

Cloudflare — CDN, DNS, Security

We use Cloudflare for DNS management, content delivery, and security protection. Cloudflare may process IP addresses and request metadata to provide these services and protect against attacks.

Art. 6(1)(f) GDPR · cloudflare.com/privacypolicy

PostHog — Analytics

We use PostHog (EU Cloud) for analytics to understand how users interact with our app. PostHog is only loaded after you give explicit consent. PostHog collects usage patterns, device information, and anonymized IP addresses.

Art. 6(1)(a) GDPR · posthog.com/privacy

Stripe — Payments

We use Stripe to process payments for premium features. When you make a payment, your payment information is processed directly by Stripe. We do not store your full credit card details. Stripe acts as an independent data controller for payment processing.

Art. 6(1)(b) GDPR · stripe.com/privacy

Google Sign-In — Authentication

You may choose to sign in using your Google account. When you do, Google shares your email address and basic profile information with us to create or link your account. We do not receive your Google password or access any other Google services. Google acts as an identity provider for authentication purposes.

Art. 6(1)(b) GDPR · policies.google.com/privacy

6. Data Retention

We retain your personal data only as long as necessary for the purposes described above or as required by law. Account data is retained until you request deletion. Server logs are typically retained for 30 days.

7. Your Rights

Under GDPR, you have the following rights:

  • · Art. 15 — Right of access - request a copy of your data
  • · Art. 16 — Right to rectification - correct inaccurate data
  • · Art. 17 — Right to erasure - request deletion of your data
  • · Art. 18 — Right to restriction - limit how we process your data
  • · Art. 20 — Right to data portability - receive your data in a portable format
  • · Art. 21 — Right to object - object to processing based on legitimate interests
  • · Art. 7(3) — Right to withdraw consent - withdraw consent at any time (e.g., via Cookie Settings)

To exercise these rights, please contact us at [email protected].

8. Right to Complain

You have the right to lodge a complaint with a supervisory authority if you believe your data is being processed unlawfully. The competent authority in Berlin is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61
10555 Berlin
datenschutz-berlin.de

9. Changes to this Policy

We may update this privacy policy from time to time. We will notify you of significant changes by posting a notice on our website. Please check this page periodically for updates.

Cookie Settings

Essential Cookies

Required for the app to function. Cannot be disabled.

Analytics Cookies

Help us understand how you use the app to improve it.