Privacy Policy / Datenschutzerklarung

1. Controller / Verantwortlicher

Matthias Grawinkel
Wilmersdorfer Str. 154
10585 Berlin
Deutschland

E-Mail: [email protected]

2. Overview of Data Processing / Ubersicht der Verarbeitungen

We process personal data only to the extent necessary to provide our services. The following types of data may be processed:

  • Contact data (email address)
  • Usage data (pages visited, interactions)
  • Device data (browser type, operating system)
  • Connection data (IP address, access times)
  • Payment data (when purchasing premium features)

3. Legal Bases / Rechtsgrundlagen

We process your data based on the following legal grounds:

  • Art. 6(1)(a) GDPR: Consent - for analytics cookies (PostHog)
  • Art. 6(1)(b) GDPR: Contract performance - to provide our service, process payments, and send authentication emails
  • Art. 6(1)(f) GDPR: Legitimate interests - for security, fraud prevention, and service improvement

4. Cookies and Local Storage

We use the following types of cookies and storage:

Essential (always active)

  • sessionid: Session cookie for authentication (expires after 24 hours)
  • csrftoken: Security token to prevent cross-site request forgery
  • django_language: Stores your language preference
  • sondersync_consent: Stores your cookie consent preference (localStorage)

Analytics (requires consent)

  • PostHog: Usage analytics to improve the app. Only loaded with your explicit consent.

5. Services We Use / Verwendete Dienste

Fly.io (Hosting)

Our application is hosted on Fly.io servers in Frankfurt, Germany (EU). Fly.io processes server logs containing IP addresses and request metadata for security and operational purposes.

Legal basis: Art. 6(1)(f) GDPR
Privacy policy: fly.io/legal/privacy-policy

Amazon Web Services SES (Email)

We use AWS Simple Email Service (Frankfurt region, EU) to send transactional emails, including magic link authentication emails. AWS processes your email address and email content for delivery.

Legal basis: Art. 6(1)(b) GDPR
Privacy policy: aws.amazon.com/privacy

Cloudflare (CDN, DNS, Security)

We use Cloudflare for DNS management, content delivery, and security protection. Cloudflare may process IP addresses and request metadata to provide these services and protect against attacks.

Legal basis: Art. 6(1)(f) GDPR
Privacy policy: cloudflare.com/privacypolicy

PostHog (Analytics)

We use PostHog (EU Cloud) for analytics to understand how users interact with our app. PostHog is only loaded after you give explicit consent. PostHog collects usage patterns, device information, and anonymized IP addresses.

Legal basis: Art. 6(1)(a) GDPR (Consent)
Privacy policy: posthog.com/privacy

Stripe (Payments)

We use Stripe to process payments for premium features. When you make a payment, your payment information is processed directly by Stripe. We do not store your full credit card details. Stripe acts as an independent data controller for payment processing.

Legal basis: Art. 6(1)(b) GDPR
Privacy policy: stripe.com/privacy

6. Data Retention / Speicherdauer

We retain your personal data only as long as necessary for the purposes described above or as required by law. Account data is retained until you request deletion. Server logs are typically retained for 30 days.

7. Your Rights / Betroffenenrechte

Under GDPR, you have the following rights:

  • Art. 15 GDPR: Right of access - request a copy of your data
  • Art. 16 GDPR: Right to rectification - correct inaccurate data
  • Art. 17 GDPR: Right to erasure - request deletion of your data
  • Art. 18 GDPR: Right to restriction - limit how we process your data
  • Art. 20 GDPR: Right to data portability - receive your data in a portable format
  • Art. 21 GDPR: Right to object - object to processing based on legitimate interests
  • Art. 7(3) GDPR: Right to withdraw consent - withdraw consent at any time (e.g., via Cookie Settings)

To exercise these rights, please contact us at [email protected].

8. Right to Complain / Beschwerderecht

You have the right to lodge a complaint with a supervisory authority if you believe your data is being processed unlawfully. The competent authority in Berlin is:

Berliner Beauftragte fur Datenschutz und Informationsfreiheit
Alt-Moabit 59-61
10555 Berlin
www.datenschutz-berlin.de

9. Changes to this Policy

We may update this privacy policy from time to time. We will notify you of significant changes by posting a notice on our website. Please check this page periodically for updates.

Last updated / Stand: December 2025

Cookie Settings

Essential Cookies

Required for the app to function. Cannot be disabled.

Analytics Cookies

Help us understand how you use the app to improve it.