PRIVACY POLICY

Last updated:

Translation note: This statement may be localised into other languages. The legally binding version is the German original (de-DE). Original: rattlestork.org/de-DE/PrivacyPolicy.

SUMMARY OF KEY POINTS

This summary highlights the key points. See details below.

  • What data we process.Depends on use and features. SeeWhat data we collect.
  • Sensitive data.May arise from UGC; we process only withexplicit consent. SeeSpecial categories.
  • How we use data.Core functionality, security, obligations; marketing/analytics only with consent. SeeProcessing.
  • Sharing.To processors (hosting, analytics, payments). No "sale" and no sharing for cross-context behavioural advertising. SeeSharing.
  • Security.TOMs are appropriate, but no system is 100% secure. SeeSecurity.
  • Your rights.Access, rectification, erasure, objection, portability, withdrawal. SeeRights.

1. CONTROLLER and CONTACT

Controller: RattleStork UG (limited liability), Sternstraße 23, 39104 Magdeburg, Germany.
Email: rattlestork[at]gmail.com · Contact form: rattlestork.org/contact
Data protection officer: currently not appointed (not legally required).
Supervisory authority: State Commissioner for Data Protection of Saxony-Anhalt.

2. WHAT DATA DO WE COLLECT?

Information you provide

  • Account data (email, username, password).
  • Profile and UGC (texts, images, preferences, messages, matches, reports).
  • Support (requests, attachments, diagnostic data).
  • Billing metadata (plan, renewal status, transaction IDs; we do not store full card numbers).

Automatically collected information

  • Log and usage data (timestamps, pages/screens, feature usage, crashes/errors).
  • Device data (identifiers, OS, app version, language, network).
  • Location (approximate, IP-based; precise only with app permission).
  • Cookies/SDKs as described in the Cookie Policy.

3. SPECIAL CATEGORIES (SENSITIVE DATA)

Our services may allow you to share information about health, sexual orientation or family planning. We do not require this information. If you disclose it voluntarily, we process it only with explicit consent (Art. 9(2)(a) GDPR) to provide the services (matching, messaging, safety/moderation) and to fulfil legal obligations. You can withdraw consent at any time in the Settings; processing remains lawful until withdrawal.

4. HOW DO WE PROCESS YOUR DATA?

  • Service provision: accounts, profiles, matching, messaging, moderation, support.
  • Improvement and security: troubleshooting, analytics (with consent), anti-spam/fraud, abuse prevention.
  • Communications: service emails, transactional messages, push (opt-out in device settings).
  • Compliance: tax/accounting, consumer law,DSA, government requests.
  • Marketing only with consent; withdraw at any time.

5. LEGAL BASES (GDPR/UK GDPR/CANADA)

  • Contract (Art. 6(1)(b)): provision of requested core functions.
  • Consent (Art. 6(1)(a)): non-essential cookies/SDKs, marketing, special categories (Art. 9(2)(a)).
  • Legal obligation (Art. 6(1)(c)): tax, consumer law, DSA, retention.
  • Legitimate interests (Art. 6(1)(f)): security, fraud prevention, product-related analytics with safeguards.

Canada: Processing with express or implied consent; withdrawal possible at any time.

6. PAYMENTS AND SUBSCRIPTIONS

Purchases/subscriptions are via Apple App Store, Google Play or web payment providers. We do not store full card numbers. We receive limited billing metadata (plan, status, transaction IDs) to manage access. Prices/plans are in the app or on the subscription page.

7. COOKIES AND SIMILAR TECHNOLOGIES

Strictly necessary cookies (legitimate interests); analytics/advertising only with consent. Managed via the banner. Details in the Cookie Policy.

8. SOCIAL LOGINS

When registering/logging in via social networks we receive profile data according to your settings with the provider; used only for account/login. Please check the privacy notices of the respective provider.

9. GOOGLE APIs AND ANALYTICS

Use of Google APIs in accordance with the Google API Services User Data Policy (including Limited Use). Google Analytics: Opt-out is available, e.g., via the browser add-on, NAI opt-out and mobile options.

10. NOTICE-AND-ACTION (EU DSA)

Reports of alleged unlawful content via the contact form or in-app reporting. We will review, act appropriately and notify as required by law.

11. HOW LONG DO WE RETAIN DATA?

Data is retained until the purpose is fulfilled or the account is active; afterwards deleted or anonymised unless longer statutory periods apply (e.g. tax/accounting). Typical: operational logs/analytics 90–365 days; security logs as needed. Deletion requests via the Settings.

12. HOW DO WE PROTECT DATA?

Appropriate technical and organisational measures (transport encryption, access controls, backups). However, no electronic transmission or storage can be absolutely secure.

13. CHILDREN AND MINORS

Services for adults 18+. We do not knowingly collect data from anyone under 18. If you become aware, please contact us to request deletion.

14. YOUR DATA PROTECTION RIGHTS

Depending on where you live (EEA/UK/CH/Canada/US states): the rights to access, rectify, erase, restrict, object, data portability, and to withdraw consent. You can exercise these via Settings, Contact form or rattlestork[at]gmail.com. You also have the right to lodge a complaint with your supervisory authority.

15. US STATE PRIVACY NOTICES

Residents of certain US states have specific rights (access, correction, deletion, data copies, and the right to opt out of targeted advertising, 'sale', or profiling). We do not sell or share personal data for cross-context behavioural advertising.

CategoryExamplesCollected
A. IdentifiersContact, IP, email, account nameYES
B. Customer Records (CA)Name, contact, billing metadataYES
C. Protected CharacteristicsProvided by youYES
D. Commercial InformationTransactions/purchasesNO (via stores/providers; metadata YES)
E. BiometricsFingerprint/voiceprintsNO
F. Internet/NetworkBrowsing, usageYES
G. GeolocationDevice locationYES (with permission/IP)
H. Audio/VisualImages/recordings for supportNO (UGC by you)
I. ProfessionalJob/applicationNO (except application)
J. EducationStudent recordsNO
K. InferencesProfiles/characteristicsNO (only security indicators)
L. Sensitive DataHealth/sexual orientation (UGC)YES (only with explicit consent)

Exercising US state rights

Requests via Settings, Contact form or email to rattlestork[at]gmail.com. Identity verification as required by law; authorised representatives allowed (proof required). If denied: appeal by email; also contact the Attorney General's office.

Sources: You, devices, cookies/SDKs, service providers (hosting, analytics, payments, email, crash reporting, moderation).
Sharing: Disclosure to service providers for business purposes (under contract). No sales/'sharing' in the last 12 months and none planned going forward.

16. INTERNATIONAL TRANSFERS

Where transfers occur outside the EEA/UK/CH, we use appropriate safeguards (EU standard contractual clauses/UK IDTA) and carry out transfer impact assessments. Copies are available on request (with redactions).

17. DO-NOT-TRACK

Due to the lack of an accepted industry standard, we currently do not respond to DNT signals. We will update this notice if a standard is established.

18. UPDATES TO THIS NOTICE

Changes are dated above; material changes may be highlighted in the app or elsewhere. Please check regularly.

19. CONTACT

RattleStork UG (limited liability)
Sternstraße 23, 39104 Magdeburg, Germany
Email: rattlestork[at]gmail.com
Contact and reports: rattlestork.org/contact