Legal notice

Privacy Policy

Last updated: 17 July 2026

This privacy policy applies both to this website (Part A) and to the "Geborgen" mobile app for iOS and Android (Part B).

Part A — This website

1. Controller

The controller decides alone on the purposes and means of processing personal data (e.g. names, contact details or similar).

2. Withdrawal of your consent to data processing

Some data-processing operations are only possible with your explicit consent. You can withdraw consent you have already given at any time. An informal notification by email is sufficient. The lawfulness of the data processing carried out until the withdrawal remains unaffected.

3. Right to lodge a complaint with the competent supervisory authority

In the event of a breach of data protection law, you have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority is the data protection commissioner of the federal state in which the controller is based. A list of data protection commissioners and their contact details is available at: bfdi.bund.de.

4. Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party. It is provided in a machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

5. Right to information, correction, blocking, deletion

Within the framework of the applicable statutory provisions, you have the right at any time to free information about your stored personal data, its origin and recipients, and the purpose of the data processing, and, where applicable, a right to correction, blocking or deletion of this data. Regarding this and for further questions on the subject of personal data, you can contact me at any time using the contact options listed in the imprint.

6. SSL / TLS encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL / TLS encryption. This means that data you transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the "https://" address line of your browser and the padlock symbol in the browser bar.

7. Server log files

The provider of this website automatically collects and stores information that your browser transmits to me:

This data is not merged with other data sources. The basis for the data processing is Art. 6(1)(b) GDPR.

8. Contact form

Data transmitted via the contact form, including your contact details, is stored in order to process your enquiry or to be available for follow-up questions. This data is not passed on without your consent. Processing is carried out exclusively on the basis of your consent (Art. 6(1)(a) GDPR). Data transmitted via the contact form remains with me until you request its deletion, withdraw your consent to its storage, or the need to store the data no longer applies.

9. Cookies

This website uses exclusively technically necessary cookies that are required for the operation of the site. No tracking or analytics cookies are set. Technically necessary cookies are set on the basis of Art. 6(1)(f) GDPR.

10. Content Delivery Network (Cloudflare)

This website uses the content delivery network (CDN) and security services of Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA ("Cloudflare"). Cloudflare acts as a reverse proxy between your browser and our server, speeds up the delivery of content and protects the site against automated attacks (DDoS, bots).

When you access this website, technically necessary data is transmitted to Cloudflare, in particular:

Cloudflare may set only technically necessary cookies (e.g. __cf_bm, cf_clearance) to distinguish human traffic from bot traffic and to ward off attacks. These cookies contain no personal profile data.

The legal basis is Art. 6(1)(f) GDPR — the legitimate interest in the secure and performant provision of this website. A data processing agreement (DPA) pursuant to Art. 28 GDPR is in place with Cloudflare. Cloudflare is headquartered in the USA and is certified under the EU-US Data Privacy Framework, so an adequate level of data protection is ensured.

Further information can be found in Cloudflare's privacy policy.

11. Google Web Fonts

This website uses web fonts from Google. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The use of these web fonts ensures a uniform presentation of fonts. When you access a page, your browser loads the required fonts, whereby your IP address is transmitted to Google. Google Web Fonts are used on the basis of Art. 6(1)(f) GDPR. Further information can be found in Google's privacy policy.

Part B — The Geborgen app (iOS & Android)

1. Local data storage

Sleep, growth, note and settings data are stored in your device's local storage. They only leave your device if you actively share them yourself (e.g. PDF export or share function) or if your operating system creates a device backup (see section 6).

2. Crash reports (Firebase Crashlytics)

To improve stability, anonymised crash and error reports may be collected via Firebase Crashlytics (Google Ireland Limited). This only happens if you explicitly opt in on first launch. Technical diagnostic data is transmitted: error stack trace, app version, device model, operating system version and a random installation identifier. No content you have entered and no real names are transmitted. You can withdraw your consent at any time in the settings under “Diagnostics & Improvement”. The legal basis is Art. 6(1)(a) GDPR in conjunction with § 25(1) TTDSG (consent).

3. Push notifications (Firebase Cloud Messaging)

Only if you actively allow notifications is an anonymous push token generated and processed via Firebase Cloud Messaging (Google) so that we can send you reminders and notices. If you do not grant permission, no token is created. You can revoke notifications at any time in your device settings. The legal basis is Art. 6(1)(a) GDPR (consent).

4. Abuse protection (Firebase App Check)

To protect against abuse, we use Firebase App Check. Your device attests the authenticity of the app via Apple DeviceCheck or Google Play Integrity. Only attestation tokens are processed, no personal content. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in protection against abuse).

5. In-app purchases (RevenueCat & app stores)

Optional, one-time in-app purchases at fixed prices are managed via RevenueCat, Inc. (USA). RevenueCat uses only a random, anonymous identifier — no real names, email addresses or payment data are transmitted to us or to RevenueCat. The actual purchase and payment processing take place via the Apple App Store or Google Play; their privacy policies apply. The legal basis is Art. 6(1)(b) GDPR (performance of a contract).

6. Device backups (iCloud / Google)

If enabled in your operating system, app data may be included in your personal iCloud or Google backup. This backup resides in your own Apple or Google account; we have no access to it. It is managed via your device settings.

7. Content from the network (images, audio, videos)

When retrieving article images, narration and embedded videos, this content is loaded from content servers; for technical reasons your IP address is transmitted in the process. For embedded YouTube videos, Google/YouTube receives corresponding data; Google's privacy policy applies. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in providing the content).

8. No advertising, no tracking

The app contains no advertising, no ad tracking and no analytics or tracking services. In particular, Firebase Analytics is not used. No cross-device tracking takes place.

9. Recipients & transfers to third countries

The services mentioned, Firebase (Google) and RevenueCat, may also process data in the USA. Google is certified under the EU-US Data Privacy Framework; for RevenueCat, standard contractual clauses pursuant to Art. 46 GDPR are used, so an adequate level of data protection is ensured.

10. Your rights

You are entitled to the data subject rights set out in Part A (sections 3–5): information, correction, deletion, restriction of processing, data portability and objection. Since the app content is stored locally on your device, you can delete it yourself in the app at any time or remove the app entirely. For enquiries, you can reach us using the contact details given in the imprint.

11. Feedback & support

When you send us feedback or a support request through the app, an email is prepared in your mail app. Technical details are attached automatically: app version, operating system, device model, app language, premium status and your anonymous support ID. These details contain no names and no sleep data and help us understand your request technically. Sleep data is only included if you explicitly choose to attach it when sending — you see the full content of the email before it is sent.