Last updated: March 2025
The data controller within the meaning of the GDPR is the provider named in the app's legal notice (Impressum). Full contact details can be found there.
Our App communicates with a proprietary server backend. This backend and the associated database (PostgreSQL) are hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. The server location is Frankfurt am Main, Germany.
Processing is based on our legitimate interest in the secure and efficient provision of the App (Art. 6(1)(f) GDPR). We have entered into a data processing agreement (DPA) with Hetzner.
On our servers we store the following data:
All of the above data is stored until your account is deleted. For security purposes, server log files (including IP addresses) may be temporarily processed and are automatically deleted after a few days.
We use Firebase Authentication for user authentication, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
When you sign in with your Google or Apple account, we receive access to the email address stored in your account and a unique authentication ID (UID) to create and manage your profile. This data processing is carried out for the performance of the user agreement pursuant to Art. 6(1)(b) GDPR.
The Firebase UID is stored until your account is deleted. Firebase may process data on servers in the USA. Google is certified under the EU-US Data Privacy Framework, which ensures an adequate level of data protection.
When you enable push notifications, a unique, anonymised device ID (push token) is generated and stored on our server in Germany. Our server sends the notification via the Expo Push API (BriteSnow LLC) and Firebase Cloud Messaging (FCM), which delivers it to your device. The legal basis is your explicit consent (Art. 6(1)(a) GDPR).
The push token is stored until your account is deleted. You can disable push notifications at any time in the app settings; your token will be deactivated immediately.
To improve stability and fix errors, we use Firebase Crashlytics, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
In the event of an app crash or error, technical diagnostic data is automatically transmitted to Firebase Crashlytics, including device type, operating system version, app version, error messages, and stack traces. No personal content (e.g. watchlist data, email addresses) is transmitted. Firebase Crashlytics uses a randomly generated installation ID to associate crash reports.
The legal basis is our legitimate interest in the stability and error correction of the App (Art. 6(1)(f) GDPR). Google is certified under the EU-US Data Privacy Framework, ensuring an adequate level of data protection pursuant to Art. 45 GDPR. Crash data is automatically deleted after 90 days.
When you purchase premium features, payment processing is handled directly by the Google Play Store or Apple App Store. To manage premium access, we use RevenueCat (RevenueCat Inc., USA).
RevenueCat processes pseudonymised app user IDs and purchase receipts to activate your premium status. We do not process or store any bank or credit card data.
Data transfer to the USA is based on EU Standard Contractual Clauses (SCC) pursuant to Art. 46(2)(c) GDPR. RevenueCat is additionally certified under the EU-US Data Privacy Framework, ensuring an adequate level of data protection pursuant to Art. 45 GDPR. The legal basis for processing is the performance of the user agreement (Art. 6(1)(b) GDPR).
We do not share your personal data with third parties for advertising purposes. Data is only shared with the service providers named in this policy and only to the extent necessary for providing the App.
You can delete your account and all associated data (watchlist, settings, push tokens, Firebase UID) at any time. To do so, go to the app settings and select the account deletion option. Your data will be immediately removed from our database at Hetzner and from Firebase Auth.
You have the right at any time to:
For enquiries, please contact the email address provided in the imprint.
This privacy policy was originally written in German. In the event of any contradictions or discrepancies between the translated and the German version, the German version shall be exclusively legally binding.