Privacy Policy

Data controller (under GDPR)

The data controller responsible for processing on this site is:
Bartosz Michalak
Straße am Flugplatz 66A
12487 Berlin, Germany
Email: 3szympek1@gmail.com

Scope

This privacy policy applies to the use of this website and the associated mobile application (together: the "Service"). Personal data is processed exclusively within the framework of legal provisions, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

Data processed

When using the Service, the following data is processed:

  • Account data: email address and a hashed password (bcrypt). Plain-text passwords are never stored.
  • Content data you enter yourself: tasks, reminders, targets, dreams, ideas, outfits, calendar entries and shopping lists.
  • Server logs: IP address, date and time of the request, requested URL, HTTP status code, user agent. This data is stored for at most 14 days to ensure operation and defend against attacks.
  • Cookies: a strictly necessary session cookie for login and a "remember me" cookie (valid for 30 days).
  • Push tokens: when using the Android app and enabling push notifications, an FCM token (Firebase Cloud Messaging) is stored to deliver reminders to your device.

Purpose of processing

Data is processed solely to operate the Service: providing the features, authentication, sending reminders and ensuring technical operation. There is no sale of data, no disclosure for advertising purposes and no profiling.

Legal basis

Processing is based on Art. 6 (1) (b) GDPR (performance of the user agreement) and Art. 6 (1) (f) GDPR (legitimate interest in the secure operation of the Service).

Retention period

Account and content data is stored until you delete your account. After account deletion, all associated content data is removed without undue delay. Server logs are deleted after at most 14 days.

Cookies

Only strictly necessary cookies are used (session cookie and "remember me" cookie). No tracking, analytics or advertising cookies are used. Consent under § 25 TDDDG is therefore not required.

Data recipients

The following processors have access to data within the scope of their activities:

  • Hosting provider: STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany – provision of server infrastructure. Servers are located in Germany; no third-country transfer occurs as part of hosting. A data processing agreement (DPA) under Art. 28 GDPR is in place with STRATO.
  • Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) – delivery of push notifications via Firebase Cloud Messaging (FCM). Only the FCM token and the notification payload are transmitted.

Transfers to third countries

When using Firebase Cloud Messaging, data may be transferred to Google LLC servers in the USA. Google is certified under the EU-US Data Privacy Framework; transfers are made on this basis and additionally on the basis of EU Standard Contractual Clauses.

Data security

All transmission is encrypted via TLS (HTTPS). Passwords are hashed with bcrypt. Access to the database is restricted to the operator.

Your rights

You have the following rights at any time:

  • Right of access to data stored about you (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing (Art. 21 GDPR)
  • Withdrawal of any consent given, with effect for the future
  • Complaint to a data protection supervisory authority (Art. 77 GDPR), in particular the authority responsible for your place of residence.

Automated decision-making

No automated decision-making, including profiling within the meaning of Art. 22 GDPR, takes place.

Changes to this policy

We reserve the right to update this privacy policy if the Service or legal requirements change. The version available at the time of use applies.