PRIVACY POLICY

Last updated:

Translation note: This statement may be localised into other languages. The legally binding version is the German original (de-DE). Original: rattlestork.org/de-DE/PrivacyPolicy.

SUMMARY OF KEY POINTS

This summary highlights the key points. Details are listed below.

  • What data we process.Depends on usage and features. SeeWhat data we collect.
  • Sensitive data.May arise from UGC; we only process withexplicit consent. SeeSpecial categories.
  • How we use data.Core features, security, obligations; marketing/analytics only with consent. SeeProcessing.
  • Sharing.To processors (hosting, analytics, payments). No 'sale' and no sharing for cross-context behavioural advertising. SeeSharing.
  • Security.TOMs appropriate, but no system is 100% secure. SeeSecurity.
  • Your rights.Access, rectification, erasure, objection, portability, withdrawal. SeeRights.

1. CONTROLLER and CONTACT

Controller: RattleStork UG (haftungsbeschränkt), Sternstraße 23, 39104 Magdeburg, Germany.
E-mail: rattlestork[at]gmail.com · Contact form: rattlestork.org/contact
Data protection officer: not currently appointed (not legally required).
Supervisory authority: State Commissioner for Data Protection, Saxony-Anhalt.

2. WHAT DATA DO WE COLLECT?

Information you provide

  • Account data (E-mail, username, password).
  • Profile and UGC (texts, images, preferences, messages, matches, reports).
  • Support (requests, attachments, diagnostic data).
  • Billing metadata (plan, renewal status, transaction IDs; no full card numbers are stored with us).

Automatically collected information

  • Log and usage data (timestamps, pages/screens, feature usage, crashes/errors).
  • Device data (identifiers, OS, app version, language, network).
  • Location (approximate IP-based; precise only with app permission).
  • Cookies/SDKs according to the Cookie Policy.

3. SPECIAL CATEGORIES (SENSITIVE DATA)

Our services may allow you to share information about health, sexual orientation or family planning. We do not require these details. If you provide them voluntarily, we process them only with explicit consent (Art. 9(2)(a) GDPR) for the provision of services (matching, messaging, safety/moderation) and to fulfil legal obligations. Withdrawal at any time in the settings; until withdrawal, processing remains lawful.

4. HOW DO WE PROCESS YOUR DATA?

  • Provision: account, profiles, matching, messaging, moderation, support.
  • Improvement and security: troubleshooting, analytics (with consent), anti-spam/fraud, abuse prevention.
  • Communication: service emails, transactional messages, push (opt-out in device settings).
  • Compliance: Tax/accounting, consumer law,DSA, requests from authorities.
  • Marketing only with consent; withdrawable at any time.

5. LEGAL BASES (GDPR/UK GDPR/CANADA)

  • Contract (Art. 6(1)(b)): provision of requested core features.
  • Consent (Art. 6(1)(a)): non-essential cookies/SDKs, marketing, special categories (Art. 9(2)(a)).
  • Legal obligation (Art. 6(1)(c)): tax, consumer law, DSA, retention.
  • Legitimate interests (Art. 6(1)(f)): security, fraud prevention, product-related analytics with safeguards.

Canada: Processing with express or implied consent; withdrawal possible at any time.

6. PAYMENTS and SUBSCRIPTIONS

Purchases/subscriptions via the Apple App Store, Google Play or web payment providers. No full card numbers are stored with us. We receive limited billing metadata (plan, status, transaction IDs) to manage access. Prices/plans are shown in the app or on the subscription page.

7. COOKIES and SIMILAR TECHNOLOGIES

Strictly necessary cookies (legitimate interests); analytics/advertising only with consent. Manage via the banner. Details in the Cookie Policy.

8. Social Logins

When you register or log in using social networks, we receive profile data according to your settings with the provider; we use it solely for account/login. Please review the privacy notices of the respective provider.

9. GOOGLE APIs and ANALYTICS

Use of Google APIs in accordance with the Google API Services User Data Policy (including Limited-Use). Google Analytics: Opt-out e.g. via the browser add-on, NAI opt-out and mobile choices.

10. Notice-and-Action (EU-DSA)

Reports of allegedly unlawful content can be made via the contact form or in-app reporting. We review reports, take appropriate action and inform in accordance with legal requirements.

11. HOW LONG DO WE RETAIN DATA?

Retention until the purpose is fulfilled or the account is active; thereafter deletion or anonymisation, unless longer legal retention periods apply (e.g. tax/accounting). Typical: operational logs/analytics 90–365 days; security logs as required. Deletion requests via the settings.

12. HOW DO WE PROTECT DATA?

Appropriate technical and organisational measures (transport encryption, access controls, backups). Nevertheless, no electronic transmission or storage can be absolutely secure.

13. CHILDREN and MINORS

Services for adults 18+. We do not knowingly collect data from anyone under 18. If you become aware, please contact us to request deletion.

14. YOUR PRIVACY RIGHTS

Depending on your residence (EEA/UK/CH/Canada/US states): rights to access, rectification, erasure, restriction, objection, data portability and withdrawal of consent. Exercise these via the settings, the contact form or rattlestork[at]gmail.com. You have the right to lodge a complaint with your supervisory authority.

15. US STATE PRIVACY NOTICES

Residents of certain US states have specific rights (notice/access, rectification, deletion, copy, opt-out from targeted advertising/'Sale'/profiling). We do not sell or share personal data for cross-context behavioural advertising.

CategoryExamplesCollected
A. IdentifiersContact, IP, e-mail, account nameYES
B. Customer data (CA)Name, contact, billing metadataYES
C. Protected characteristicsProvided by youYES
D. Commercial informationTransactions/purchasesNO (via stores/providers; metadata YES)
E. BiometricsFinger/voiceprintsNO
F. Internet/networkBrowsing, usageYES
G. GeolocationDevice locationYES (with permission/IP)
H. Audio/visualImages/recordings for supportNO (UGC provided by you)
I. EmploymentJob/applicationNO (except for applications)
J. EducationStudent recordsNO
K. InferencesProfiles/attributesNO (security indicators only)
L. Sensitive dataHealth/sexual orientation (UGC)YES (only with explicit consent)

Exercise of US state rights

Requests via Settings, contact form or email to rattlestork[at]gmail.com. Identity verification in accordance with the law; authorised representatives possible (proof required). If refused: appeal by email; additionally contact the Public Prosecutor's Office.

Sources: You, devices, cookies/SDKs, service providers (hosting, analytics, payments, email, crash reporting, moderation).
Sharing: Disclosure to service providers for business purposes (contractual). No sales/"sharing" in the last 12 months and none intended in the future.

16. INTERNATIONAL TRANSFERS

For transfers outside the EEA/UK/CH we use appropriate safeguards (EU standard contractual clauses/UK IDTA) and carry out transfer impact assessments. Copies available on request (with redactions).

17. Do-Not-Track

Due to the absence of an accepted industry standard, we do not currently respond to DNT signals. If a standard is established we will update this notice.

18. UPDATES TO THIS NOTICE

Changes are dated above; significant updates may be highlighted in the app or otherwise. Please check regularly.

19. CONTACT

RattleStork UG (haftungsbeschränkt)
Sternstraße 23, 39104 Magdeburg, Germany
Email: rattlestork[at]gmail.com
Contact and reports: rattlestork.org/contact