Privacy Policy

This privacy policy applies to services provided by the Provider operating under German law. Key points:

• Services are provided on a professional basis.
• Data processing activities follow industry standards.
• Service continuity is maintained through professional operations.
• All obligations are subject to operational capabilities and technical circumstances.

By using our services, you irrevocably and unconditionally grant the Provider comprehensive rights to:

• Process your data for legitimate business purposes, including but not limited to service provision, improvement, and development.
• Use data for machine learning and AI training based on our legitimate interest in service improvement and research, with appropriate safeguards.
• Create, use, and monetize derivative works from aggregated and anonymized data, ensuring no individual identification is possible.
• Transfer data to jurisdictions with adequate data protection standards or appropriate safeguards, including outside of the European Union.
• Modify data processing practices with reasonable notice, as required for service updates and technical improvements.
• Store data for as long as necessary for legitimate business purposes and in compliance with applicable law.
• Combine your data with other sources where there is a legitimate basis for such processing.
• License or transfer derived insights in anonymized form to third parties for commercial purposes.

Processing Limitations

Data processing is explicitly subject to:

• Provider's available technical and operational resources, with reasonable efforts to maintain processing capacity.
• Third-party service provider limitations, with appropriate oversight of their data handling practices.
• Practical feasibility considerations, balanced with data protection requirements.
• Provider's discretion regarding methods and means, within the bounds of data protection law.
• Best-effort commitments regarding processing speed and data accessibility.
• Temporary suspension of processing obligations in case of legitimate technical or operational constraints.

Data Subject Rights

While we respect and implement data subject rights under the GDPR, please note:

• Rights will be honored within reasonable timeframes considering our operational capacity.
• Technical limitations may affect the manner in which rights can be exercised.
• Complex requests may require extended processing times.
• Repeated or excessive requests may incur reasonable administrative fees.
• We maintain records of data processing activities as required by law.

We do not sell, trade, or rent your personal information to third parties. However, we may share your information with trusted third-party service providers who assist us in operating our app, conducting our business, or providing services to you. These service providers are contractually obligated to keep your information confidential and secure within the limitations of their own service.

We may also disclose your information if required by law or in response to a valid legal request, such as a court order or government investigation. The scope of legal compliance is subject to the Provider’s limited resources.

Data sharing may also occur in the course of a potential service transfer, assignment, or sale, without any need for explicit user consent, as per section 6 of the Terms of Service.

While we respect GDPR principles, our implementation is subject to practical limitations due to resource constraints and the nature of our operation as a freelance developer.

Legal Basis

We process your personal data on the following legal grounds:

• Contract: Processing is necessary for the performance of our contract with you to provide the service.
• Legitimate Interests: Processing is necessary for our legitimate business interests, including service improvement, research, and development.
• Consent: Processing based on your explicit consent when specifically required by law, and when it's not covered under legitimate interest.

Data Subject Rights

Rights are honored within practical limitations:

• Requests for access, rectification, or erasure will be handled based on available resources and technical feasibility.
• Response times may vary based on operational capacity and workload of the Provider.
• Technical limitations may restrict full compliance with specific requests in some cases. Alternative solutions may be offered where appropriate.
• Users acknowledge and accept that the Provider, as a sole freelance developer, may not be able to meet all GDPR requirements to the extent of larger corporations.

International Transfers

Data may be processed globally based on:

• Available infrastructure and services to maintain the service effectively.
• Operational requirements and costs related to data storage and processing.
• Provider's discretion regarding data processing locations for optimal service and efficiency.
• Data may be stored in any jurisdiction, including outside of the EU, as the Provider deems necessary and appropriate.

Liability Limitations

Users explicitly acknowledge and agree that:

• Provider's liability is strictly limited to the statutory minimum liability as prescribed by German law for freelance service providers.
• Security measures are implemented to the best of the Provider's abilities and within the available technical and financial resources.
• No guarantees are made regarding the complete effectiveness of data protection measures, as no system can be entirely secure.
• Provider is not liable for security incidents or data breaches caused by third-party service providers or factors beyond the Provider's direct control.
• The Provider is not liable for indirect damages, consequential damages, or loss of profit.

Force Majeure

Data processing obligations may be affected by:

• Technical limitations or failures, including server downtime, software bugs, and hardware issues.
• Resource constraints or availability, including limitations in server capacity, bandwidth, and staff availability.
• Provider's personal circumstances, including illness, vacation, or other personal commitments that may affect service provision.
• Factors beyond Provider's direct control, such as natural disasters, pandemics, political instability, or other unforeseen circumstances.

We take the security of your personal information seriously and have implemented appropriate technical and organizational measures to protect it from unauthorized access, use, disclosure, alteration, or destruction. These measures are implemented within the resources and capabilities of an independent freelance developer.

However, please note that no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. Security measures are implemented on a best-effort basis.

The Provider is not liable for data breaches or security incidents caused by third-party service providers or factors beyond the Provider's control.

Provider reserves the right to:

• Modify data processing practices at any time without prior notice, based on service evolution, legal changes, or practical necessity.
• Change service providers without notice, to maintain, improve, or optimize the service.
• Update this privacy policy unilaterally at any time, with such changes effective immediately upon posting on the service.
• Transfer or assign data processing rights to any third party, as part of a business transfer, sale, or other transaction.
• Terminate services based on the Provider's sole discretion, subject to the Terms of Service.

If you have any questions, concerns, or requests regarding this privacy policy or our practices, please contact us at:

Contact responses are provided during standard business hours.

Authentication & Security

• Google Sign-In: We receive and store your Google email and basic profile information, subject to Google's privacy policies.
• Sessions are valid for 14 days, with automatic re-authentication as required for service availability.
• We use industry-standard encryption for data in transit and at rest, within the limitations of available technology and resources.

Cookies & Tracking

We use essential cookies for:

• Session management to maintain user sessions and access control.
• Security purposes, to protect against fraud and unauthorized access.
• User preferences, to personalize the service experience.

Third-Party Services

We use the following third-party services:

• Google OAuth for authentication, subject to Google's terms and privacy policy.
• Hosting providers for infrastructure, selected based on availability and technical suitability.
• Analytics tools for usage tracking, to enhance service performance and user experience.
• The Provider is not responsible for the privacy practices of these third parties.

Third-party services may change at any time without prior notice.

For specific data protection inquiries, contact our Data Protection Officer:

Responses from the Data Protection Officer will be provided within practical limitations and available resources.