PRIVACY POLICY

Last updated:

Translation note: This statement may be localized into other languages. The German original version (de-DE) is legally binding. Original: rattlestork.org/de-DE/PrivacyPolicy.

SUMMARY OF KEY POINTS

This summary highlights key points. See details below.

  • What data we process.Depends on use and features. SeeWhat data we collect.
  • Sensitive data.May arise from UGC; we only process withexplicit consent. SeeSpecial categories.
  • How we use data.Core features, security, obligations; marketing/analytics only with consent. SeeProcessing.
  • Sharing.To processors (hosting, analytics, payments). No 'sale' and no sharing for cross-context behavioural advertising. SeeSharing.
  • Security.TOMs are appropriate, but no system is 100% secure. SeeSecurity.
  • Your rights.Access, rectification, erasure, objection, portability, withdrawal. SeeRights.

1. CONTROLLER and CONTACT

Data controller: RattleStork UG (limited liability), Sternstraße 23, 39104 Magdeburg, Germany.
E-mail: rattlestork[at]gmail.com · Contact form: rattlestork.org/contact
Data protection officer: currently not appointed (not legally required).
Supervisory authority: State Data Protection Commissioner of Saxony-Anhalt.

2. WHAT DATA DO WE COLLECT?

Information you provide

  • Account information (email, username, password).
  • Profile and UGC (texts, images, preferences, messages, matches, reports).
  • Support (requests, attachments, diagnostic data).
  • Billing metadata (plan, renewal status, transaction IDs; no full card numbers are stored with us).

Automatically collected information

  • Log and usage data (timestamps, pages/screens, feature usage, crashes/errors).
  • Device data (Identifiers, OS, App version, Language, Network).
  • Location (approximate, IP-based; precise only with app permission).
  • Cookies/SDKs in accordance with the Cookie Policy.

3. SPECIAL CATEGORIES (SENSITIVE DATA)

Our services may enable you to share information about health, sexual orientation, or family planning. We do not require this information. If you voluntarily disclose it, we will process it only with explicit consent (Art. 9(2)(a) GDPR) to provide the services (matching, messaging, safety/moderation) and to fulfil legal obligations. You may withdraw consent at any time in the Settings; processing remains lawful until withdrawal.

4. HOW DO WE PROCESS YOUR DATA?

  • Provisioning: Account, Profiles, Matching, Messaging, Moderation, Support.
  • Improvement and security: troubleshooting, Analytics (with consent), anti-spam/fraud, abuse prevention.
  • Communication: Service emails, transactional messages, push notifications (opt-out in device settings).
  • Compliance: Tax/Accounting, Consumer law,DSA, government requests.
  • Marketing only with consent; you can withdraw consent at any time.

5. LEGAL BASES (DSGVO/UK GDPR/CANADA)

  • Contract (Art. 6(1)(b)): Provision of requested core functions.
  • Consent (Art. 6 para. 1 lit. a): non-essential cookies/SDKs, marketing, special categories (Art. 9 para. 2 lit. a).
  • Legal obligation (Art. 6(1)(c)): tax, consumer law, DSA, retention.
  • Legitimate interests (Art. 6(1)(f)): security, fraud prevention, product-related analytics with safeguards.

Canada: Processing with explicit or tacit consent; consent may be withdrawn at any time.

6. PAYMENTS and SUBSCRIPTIONS

Purchases/subscriptions made through the Apple App Store, Google Play, or web payment providers. We do not store full card numbers. We receive limited billing metadata (plan, status, transaction IDs) to manage access. Prices/plans are in the app or on the subscription page.

7. COOKIES and SIMILAR TECHNOLOGIES

Strictly necessary cookies (legitimate interests); analytics/advertising only with consent. Managed via the banner. Details in the Cookie Policy.

8. SOCIAL LOGINS

When registering or logging in via social networks we receive profile data according to your settings with the provider; we use it solely for account/login. Please review the privacy notices of the respective provider.

9. GOOGLE-APIs and ANALYTICS

Use of Google APIs in accordance with the Google API Services User Data Policy (including Limited-Use). Google Analytics: Opt out, e.g. via browser add-on, NAI opt-out and mobile options.

10. NOTICE-AND-ACTION (EU-DSA)

Reports of suspected unlawful content via contact form or in-app reporting. We review, take appropriate action and notify in accordance with legal requirements.

11. HOW LONG DO WE RETAIN DATA?

Retention until the purpose is fulfilled or as long as the account is active; thereafter deletion or anonymization, unless longer statutory retention periods apply (e.g., tax/accounting). Typical: operational logs/analytics 90–365 days; security logs as required. Deletion requests in the Settings.

12. HOW DO WE PROTECT DATA?

Appropriate technical and organizational measures (transport encryption, access controls, backups). Nevertheless, no electronic transmission or storage can be absolutely secure.

13. CHILDREN and MINORS

Adult services 18+. We do not knowingly collect data from individuals under 18. If you become aware of any such data, please contact us to request its deletion.

14. YOUR PRIVACY RIGHTS

Depending on your place of residence (EEA/UK/CH/Canada/US states): rights to access, rectification, erasure, restriction, objection, data portability, and withdrawal of consent. Exercise via Settings, contact form or rattlestork[at]gmail.com. Right to lodge a complaint with your supervisory authority.

15. US STATE PRIVACY NOTICES

Residents of certain US states have specific rights (notice/access, rectification, deletion, copy, opt-out of targeted advertising/'sale'/profiling). We do not sell/share personal data for cross-context behavioural advertising.

CategoryExamplesCollected
A. IdentifiersContact, IP, email, account nameYES
B. Customer data (CA)Name, contact, billing metadataYES
C. Protected characteristicsProvided by youYes
D. Commercial informationTransactions/PurchasesNO (via stores/providers; metadata YES)
E. BiometricsFingerprints/voiceprintsNO
F. Internet/NetworkBrowsing, UseYES
G. GeolocationDevice locationYES (with permission/IP)
H. Audio/VisualImages/Recordings for SupportNO (UGC by you)
I. Work-relatedJob/ApplicationNO (except application)
J. EducationStudent recordsNO
K. InferencesProfiles/AttributesNO (only security indicators)
L. Sensitive dataHealth/sexual orientation (UGC)YES (only with explicit consent)

Exercise of US state rights

Requests via Settings, contact form or email to rattlestork[at]gmail.com. Identity verification in accordance with law; authorised representatives possible (proof required). If denied: appeal by email; also contact the public prosecutor's office.

Sources: You, devices, cookies/SDKs, service providers (hosting, analytics, payments, email, crash reporting, moderation).
Disclosure: Disclosure to service providers for business purposes (contractual). No sales/'sharing' in the last 12 months and not intended in the future.

16. INTERNATIONAL TRANSFERS

For transfers outside the EEA/UK/CH we use appropriate safeguards (EU standard contractual clauses/UK IDTA) and conduct transfer impact assessments. Copies available on request (with redactions).

17. DO-NOT-TRACK

In the absence of an accepted industry standard, we currently do not respond to DNT signals. We will update this notice if a standard is established.

18. UPDATES TO THIS NOTICE

Changes will be dated above; material changes may be highlighted in the app or otherwise. Please check regularly.

19. CONTACT

RattleStork UG (limited liability)
Sternstraße 23, 39104 Magdeburg, Germany
E-Mail: rattlestork[at]gmail.com
Contact and reports: rattlestork.org/contact