True Moments
DE EN
Download

Privacy

Privacy Policy for the “True Moments” App

Last updated: 13 June 2026 Minimum age: 16+

This Privacy Policy explains how personal data is processed when you use the mobile app True Moments (“True Moments”, “App”).

The policy is designed primarily for the EU General Data Protection Regulation (GDPR), German privacy and telecommunications rules, the UK GDPR, the Swiss Federal Act on Data Protection and similar privacy laws. Additional information for users in other regions is included below where useful. Your exact rights depend on the laws that apply to you.

1. Controller

The controller responsible for processing personal data is:

Dennis Rösner Sole proprietorship Erlengrund 23 68789 St. Leon-Rot Germany

Email: info@hangar42.de VAT ID: DE299271960

In this Privacy Policy, “we”, “us” or “our” means Dennis Rösner as the provider of True Moments.

2. Privacy contact and data protection officer

You can contact us about privacy matters at:

info@hangar42.de

Dennis Rösner is the privacy contact for True Moments. No formal data protection officer has been appointed, because we currently do not consider such appointment legally required.

3. App overview

True Moments is an app with conversation questions and prompts for private conversations, including conversations between couples, friends, family members or other trusted people.

The App can generally be used without creating a user account with us. Some functions may require your Apple account, especially download, in-app purchases, purchase restoration, refunds, family sharing, push notification delivery and crash or diagnostic reporting provided by Apple.

4. Minimum age

The App is intended only for persons aged 16 or older.

Persons under 16 may not use the App. We do not knowingly offer the App to persons under 16 and do not knowingly collect personal data from persons under 16.

If you believe that a person under 16 has provided personal data to us, please contact us at info@hangar42.de.

5. Core privacy principles

We aim to keep processing limited and understandable:

  • No user account with us is currently required for normal App use.
  • Most App data is stored locally on your device.
  • Usage analytics is optional and starts only after your consent.
  • Analytics uses pseudonymous identifiers and avoids directly identifying information.
  • Answers to conversation questions are not sent to analytics.
  • User-created question text is not sent to analytics.
  • Contact form message contents are not sent to analytics.
  • We do not use IDFA, IDFV, Apple ID, advertising IDs or third-party advertising SDKs for analytics.
  • We do not sell personal data.
  • We do not share personal data for cross-context behavioural advertising.
  • We do not use personal data for personalised advertising, targeted advertising or cross-app advertising tracking.

6. Categories of data processed

Depending on how you use the App, the following categories of data may be processed.

6.1 Local App data

The App may store data locally on your device, especially:

  • favourites,
  • user-created questions,
  • App settings,
  • onboarding, age-confirmation and consent state,
  • selected conversation modes, categories, packs and intensity levels,
  • statistics,
  • moods selected after sessions,
  • progress, XP, levels and achievements,
  • licence, StoreKit licence, StoreKit purchase and entitlement status,
  • cached legal documents,
  • optional analytics consent status,
  • optional local analytics queue.

Local App data is primarily used to provide App functions on your device. User-created questions, favourites, statistics, achievements and settings may be synchronized and restored through Apple's private iCloud/CloudKit features across your own Apple devices if you use iCloud for this. It is not automatically sent to us just because it is stored locally.

Depending on your iOS and Apple settings, local App data may be included in device backups, iCloud sync or other Apple-controlled services. Such processing is controlled by Apple and your device settings.

If the local App database cannot be opened on launch, the App may offer a retry or a local data reset. Such a reset may remove locally stored favourites, user-created questions, statistics, achievements, progress and settings. Restoration through Apple backups or iCloud/CloudKit sync depends on your Apple settings and technical availability.

6.2 User-created questions and private content

If you create your own questions in the App, the App stores the question text and related metadata locally, such as category, intensity and creation or update time.

User-created question text is not sent to our analytics system. If analytics is enabled, the App may send only limited metadata such as a text length bucket, category and intensity.

Please do not enter personal data of other people or especially sensitive information unless you are allowed to do so and it is necessary for your private use of the App.

6.3 Contact and support data

If you contact us by email or through an App or website contact form, we process the information needed to handle your request, especially:

  • email address,
  • subject,
  • message content,
  • optional name if you provide one,
  • source of the request, such as iOS app or landing page,
  • technical metadata required for transmission, security, spam prevention and troubleshooting.

The contact form may also use a honeypot field, message length checks, link-count checks and rate limits to prevent abuse.

Contact and support data is used to receive, process and answer your request, to document the communication where necessary and to prevent misuse.

6.4 Waitlist and download notification data

If a waitlist, download notification or similar sign-up is offered and you use it, we process in particular:

  • email address,
  • normalised email address,
  • status such as pending, confirmed or unsubscribed,
  • double-opt-in token hash,
  • unsubscribe token or signature,
  • timestamps for registration, confirmation, email sends and unsubscription,
  • source and language of the sign-up,
  • technical data and rate-limit hashes used for abuse prevention.

Waitlist emails use double opt-in where required or appropriate. You may unsubscribe through the unsubscribe link where provided or by contacting us at info@hangar42.de.

Pending waitlist entries that are not confirmed are deleted after 21 days. Confirmed entries are kept until you unsubscribe, request deletion or the purpose no longer applies, unless longer storage is necessary for legal proof, abuse prevention or legal obligations.

6.5 In-app purchases, licences and entitlements

The App uses Apple StoreKit for in-app purchases, product display, licence and entitlement verification, restoration and unlocking digital content. The App and digital content are licensed, not sold. Terms such as “purchase” and “in-app purchase” refer to Apple StoreKit transaction terminology and the unlocking of paid licences.

The App may process:

  • available product IDs,
  • product display name and price as provided by Apple,
  • product IDs of licensed or unlocked content,
  • StoreKit purchase, licence and entitlement status,
  • restoration status,
  • information about whether a StoreKit transaction, licence or entitlement has been revoked, expired or remains valid,
  • technical StoreKit transaction information where needed for verification and unlocking.

We do not receive complete payment data such as credit card numbers, bank account details or Apple account credentials. Payment processing, invoicing, taxes and refunds are handled by Apple as a separate controller.

6.6 Optional push notifications and reminders

If the App offers push notifications or reminders, they are used only after your prior permission in iOS or after you enable them in the App where applicable.

For push notifications, Apple Push Notification service (APNs) may process data such as:

  • push token or technical delivery identifier,
  • platform and App version,
  • notification settings,
  • send time,
  • delivery and error status,
  • content of the notification to the extent required for delivery.

Notifications should not contain sensitive conversation content. You can disable notifications at any time in the iOS system settings or, where available, in the App.

Push tokens are deleted or no longer used when you disable notifications, the App is uninstalled, the token becomes invalid or you request deletion, unless legal obligations require further storage.

6.7 Crash and diagnostic data through Apple

The App currently does not use its own external crash-reporting SDK.

Apple may provide technical crash and diagnostic data to us through App Store Connect if this is permitted under Apple’s terms and your Apple settings. Such data may include:

  • App version,
  • iOS version,
  • device model,
  • time of crash,
  • crash logs,
  • stack traces,
  • technical diagnostic information.

We use such data, where available, only for troubleshooting, stability improvement and quality assurance. Apple is responsible for Apple’s own collection and processing of such data.

6.8 Server logs and security data

To provide, secure and troubleshoot server-based functions, technical data may be processed, including:

  • IP address,
  • date and time,
  • requested resource or function,
  • HTTP method and status code,
  • technical headers,
  • error and security events,
  • hash values for rate limits,
  • technical App and platform information.

Server logs are limited to 30 days. Rate-limit entries for contact and waitlist functions are deleted after 21 days. Longer storage may occur in individual cases if necessary to investigate abuse, defend against attacks, enforce rights or comply with legal obligations.

7. Self-hosted Appwrite backend

We operate a self-hosted Appwrite backend at:

`https://appwrite.hangar42.de/v1`

The Appwrite instance is hosted on STRATO infrastructure in Germany.

The backend currently includes, in particular:

  • the TrueMoments project for functional App and website services,
  • the Analytics project for optional usage analytics,
  • functions for contact, waitlist, health, server status and events,
  • scheduled cleanup functions for waitlist, rate limits and analytics retention,
  • private database tables for contact rate limits, waitlist sign-ups, server status and analytics events,
  • a public storage bucket for legal documents.

Public clients call functions. Database tables are not publicly writable by clients.

8. Legal documents and local caching

The App may load current Terms and Privacy Policy documents from the Appwrite storage bucket `legal-documents`.

To make legal documents available even if the network is unavailable, the App may cache legal documents locally on your device. If remote loading fails, the App may use a cached remote version or a bundled fallback version.

For this process, technical request data such as IP address, time, requested file and technical headers may be processed by the server. Local caching is used to provide the legal documents and improve reliability.

9. Contact form and email delivery through SMTP2GO

Contact, support and waitlist emails may be sent through SMTP2GO, operated by SAND DUNE MAIL LIMITED, 96–106 Manchester Street, Christchurch 8011, New Zealand.

SMTP2GO processes email delivery data for providing the email service. Depending on the type of email, this may include sender and recipient email addresses, email content, message IDs, technical delivery metadata, bounce information, timestamps and related logs.

We have documentation for SMTP2GO’s data processing agreement. SMTP2GO’s services are not designed for special categories of data. Please avoid sending especially sensitive information through contact forms or email unless necessary.

10. Optional pseudonymous usage analytics

The App may use our own usage analytics. Analytics is voluntary and starts only after you consent in the App. Without consent, analytics is disabled.

If you consent, pseudonymous usage data is transmitted to and processed in our Appwrite Analytics project.

10.1 Purpose of analytics

Analytics helps us:

  • identify technical issues,
  • improve App stability,
  • understand which functions are useful,
  • improve question packs and product flows,
  • improve purchase and restoration flows,
  • make the App easier to use.

Analytics is not used for advertising tracking. Data is not shared with advertising networks, data brokers or external analytics providers.

10.2 Data processed when analytics is enabled

When analytics is enabled, the following data may be processed:

  • pseudonymous App identifier,
  • session identifier,
  • event name, such as consent changed, app started, coarse page viewed, age confirmed as 16+, onboarding completed or skipped, session started, session start failed, session abandoned, session completed, favourite removed, user-created question created/updated/deleted, aggregated achievement result, successful in-app purchase, successful restore or contact request outcome,
  • client time of the event,
  • platform, device language (`device_language`), device region or regional setting (`device_region`) and time zone,
  • App version and build number,
  • technical user agent containing App version, device model identifier and iOS version,
  • current App area or screen, except that the Accessibility Settings screen is excluded from page-view tracking,
  • categories, intensities, pack IDs and selected counts,
  • question ID, technical question key, question source, category and intensity,
  • information whether a question is user-created,
  • for user-created questions, only coarse metadata such as length bucket, category and intensity, not the question text,
  • session metadata such as planned or answered question count, mode, progress or duration,
  • aggregated achievement, progress, XP and level events where XP is awarded, a level changes or a milestone is unlocked,
  • product ID and pack ID for successful in-app purchases, licence unlocks or restorations,
  • technical error or result types where these do not contain free-text content.

The device region or regional setting is a technical locale/region setting from the device. It is used for coarse product, language and regional analytics and is not a precise location request. Analytics does not collect GPS coordinates or the user’s precise whereabouts.

10.3 Data not sent through analytics

The following data is not sent through analytics:

  • answers to conversation questions,
  • free message texts,
  • contact form contents,
  • user-created question text,
  • raw built-in question text,
  • name,
  • email address,
  • phone number,
  • address or postal code,
  • precise location data,
  • Apple ID,
  • IDFA,
  • IDFV,
  • advertising IDs,
  • accessibility preference values such as text size mode, Reduce Motion, contrast, haptics or similar accessibility settings,
  • App Store payment data.

10.4 Local analytics queue and withdrawal

If an analytics transmission fails, events may be stored locally in a queue on your device. The queue is limited to 500 events and is pruned after no more than 7 days. Events are sent in batches when connectivity returns.

You can withdraw analytics consent at any time in the App with effect for the future. When consent is withdrawn, the pseudonymous App identifier on your device is deleted, the local analytics queue is cleared and no further analytics events are sent.

10.5 Analytics retention and access

Server-side analytics events are deleted no later than after 24 calendar months. A scheduled cleanup function runs daily.

Access to the analytics dashboard is limited to Dennis Rösner. Analytics data is not shared with external analytics service providers.

11. Purposes of processing

We process personal data for the following purposes:

  • providing the App and its functions,
  • storing local App data on your device,
  • displaying, unlocking and restoring licensed or unlocked content,
  • providing current legal documents,
  • providing contact and support functions,
  • operating waitlists or download notifications where offered,
  • sending technical and double-opt-in emails,
  • providing optional push notifications and reminders,
  • optional pseudonymous usage analytics after consent,
  • improving App stability, usability and content,
  • preventing spam, abuse and attacks,
  • troubleshooting and security monitoring,
  • complying with legal obligations,
  • establishing, exercising or defending legal claims.

12. Legal bases under GDPR and similar laws

Where the GDPR, UK GDPR or similar laws apply, processing is based on the following legal bases:

| Processing | Legal basis | |---|---| | Providing the App and core App functions | Art. 6(1)(b) GDPR, performance of contract | | Local storage necessary for App functions | Art. 6(1)(b) GDPR; where device access rules apply, technically necessary storage | | In-app purchases, purchase checks and restoration | Art. 6(1)(b) GDPR | | Contact and support requests | Art. 6(1)(b) GDPR where related to the App; Art. 6(1)(f) GDPR for general support and documentation | | Waitlist and double opt-in | Art. 6(1)(a) GDPR where consent is used; Art. 6(1)(f) GDPR for proof and abuse prevention | | Optional analytics | Art. 6(1)(a) GDPR, consent | | Storage or access on your device for optional analytics | Consent under applicable device-access rules, including § 25(1) TDDDG in Germany where applicable | | Push notifications | Art. 6(1)(a) GDPR, consent; device-access consent where applicable | | Server logs, rate limits, security and abuse prevention | Art. 6(1)(f) GDPR, legitimate interests | | Crash and diagnostic analysis received from Apple | Art. 6(1)(f) GDPR, legitimate interests | | Legal obligations | Art. 6(1)(c) GDPR | | Legal claims | Art. 6(1)(f) GDPR, legitimate interests |

Our legitimate interests include providing a secure and stable App, preventing abuse, protecting infrastructure, responding to requests, improving the App and enforcing rights.

13. Retention periods

We store personal data only as long as necessary for the relevant purposes.

Current retention periods are:

| Data category | Retention | |---|---| | Local App data such as favourites, user-created questions, statistics, achievements and settings | Until you delete the data in the App, delete App data or uninstall the App. Apple backups and iCloud sync depend on your Apple settings. | | Locally cached legal documents | Until replaced by a newer version, removed by App data deletion or cleared through device/App mechanisms. | | Local analytics queue | Up to 7 days; maximum 500 events; deleted when analytics consent is withdrawn. | | Pseudonymous analytics events on the server | Up to 24 calendar months, then deleted by scheduled cleanup. | | Contact and support requests | As long as needed to process the request and handle follow-up questions; longer where required for legal proof, abuse prevention or legal obligations. | | Pending waitlist entries | Deleted after 21 days if not confirmed. | | Confirmed waitlist entries | Until unsubscribe, deletion request or the purpose no longer applies; longer only where needed for legal proof, abuse prevention or legal obligations. | | Contact and waitlist rate-limit entries | Deleted after 21 days. | | Server logs | Limited to 30 days; longer only in individual cases for security incidents, abuse investigations, legal claims or legal obligations. | | Licence, StoreKit purchase and entitlement status in the App | As long as needed to provide, verify and restore licensed or unlocked content; Apple retains App Store purchase information under Apple’s rules. | | Apple crash and diagnostic data | As available through Apple and used as needed for troubleshooting and quality assurance. | | Legal, tax or accounting records | According to applicable statutory retention periods. |

When data is no longer required, it is deleted or aggregated unless statutory retention duties or legal claims require longer storage.

14. Recipients and service providers

Depending on your use of the App, personal data may be disclosed to the following recipients or service providers:

  • STRATO, hosting provider for server infrastructure in Germany,
  • SMTP2GO / SAND DUNE MAIL LIMITED, technical email delivery,
  • Apple, for App Store distribution, StoreKit, in-app purchases, refunds, purchase restoration, APNs, crash and diagnostic data and other Apple services,
  • technical, legal, tax or business advisers where necessary,
  • authorities, courts or other bodies where legally required or necessary for legal claims.

Where service providers process personal data on our behalf, we use data processing agreements where legally required.

15. International data transfers

The self-hosted Appwrite backend is hosted on STRATO infrastructure in Germany.

International data transfers may occur especially with Apple and SMTP2GO.

Apple may process personal data internationally, including in the United States or other countries, under Apple’s own terms and privacy framework.

SMTP2GO is operated by SAND DUNE MAIL LIMITED in New Zealand. The European Commission has recognised New Zealand as providing an adequate level of data protection. SMTP2GO may also use sub-processors or process data in other locations. Where required, SMTP2GO’s data processing documentation provides for standard contractual clauses, a UK transfer addendum and other safeguards for restricted transfers.

If personal data is transferred to countries outside the EU or EEA without an adequacy decision, appropriate safeguards are used where legally required, especially EU standard contractual clauses, UK transfer mechanisms, data processing agreements and technical safeguards.

16. No sale, no targeted advertising and no data broker sharing

We do not sell personal data.

We do not share personal data with data brokers.

We do not use personal data for personalised advertising, third-party advertising, cross-app advertising tracking or targeted advertising based on activity across other companies’ apps or websites.

We do not use IDFA, IDFV, Apple ID or advertising IDs for analytics.

If browser or device signals such as “Do Not Track” or Global Privacy Control are technically received by us, we treat them as an opt-out from sale, sharing for cross-context behavioural advertising and targeted advertising to the extent required by applicable law. Because we currently do not sell personal data, do not share personal data for cross-context behavioural advertising and do not use targeted advertising, such signals do not currently change the App’s processing.

If this changes in the future, we will update this Privacy Policy and obtain any legally required consent before such processing begins.

17. Automated decision-making

We do not carry out automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you within the meaning of Art. 22 GDPR.

18. Your rights under GDPR, UK GDPR and similar laws

Depending on your location and the law that applies to you, you may have the following rights:

  • right of access,
  • right to rectification,
  • right to deletion,
  • right to restriction of processing,
  • right to data portability,
  • right to object to processing based on legitimate interests,
  • right to withdraw consent with effect for the future,
  • right to lodge a complaint with a supervisory authority.

You can exercise your rights by contacting:

info@hangar42.de

Please note that some App data is stored only locally on your device. We may not be able to access, correct or delete data that exists only on your device. You can delete such data through App functions, device settings or by deleting the App and its data.

19. Withdrawal of consent

You may withdraw consent at any time with effect for the future.

Analytics consent can be withdrawn in the App settings. When analytics consent is withdrawn, the pseudonymous App identifier on your device is deleted, the local analytics queue is cleared and no further analytics events are sent.

Push notification permission can be withdrawn in iOS system settings or, where offered, in the App.

Waitlist or download notification consent can be withdrawn through an unsubscribe link where provided or by contacting us.

Withdrawal does not affect processing that occurred lawfully before withdrawal.

20. Right to object

Where processing is based on legitimate interests, you may object to the processing for reasons relating to your particular situation.

If you object, we will stop processing the relevant data unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or unless processing is necessary for legal claims.

21. Complaint to a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection law.

The authority responsible for Baden-Württemberg, Germany, is:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg)

You may also contact another competent supervisory authority, especially in your place of residence, workplace or the place of an alleged infringement.

22. Additional information for UK and Swiss users

If UK data protection law applies, references to the GDPR include the UK GDPR and the Data Protection Act 2018 where appropriate. You may contact the UK Information Commissioner’s Office if you are in the United Kingdom and believe your privacy rights have been violated.

If Swiss data protection law applies, you may have rights under the Swiss Federal Act on Data Protection. References to personal data, processing, controller and processor should be interpreted consistently with Swiss data protection law where applicable.

International transfer safeguards are applied where required by UK or Swiss law.

23. Additional information for users in the United States

This section provides additional transparency for users in the United States. U.S. privacy rights vary by state and not every state privacy law applies to every business or every processing activity. We provide this section to make our current practices clear and will handle requests according to the laws that apply.

Depending on your state and the applicable law, you may have rights such as the right to know or access personal information, the right to correct inaccurate information, the right to delete information, the right to obtain a copy of information, the right to opt out of sale, sharing or targeted advertising, the right to limit certain uses of sensitive personal information and the right not to be discriminated against for exercising privacy rights.

We do not sell personal data, do not share personal data for cross-context behavioural advertising, and do not process personal data for targeted advertising. We do not knowingly collect personal data from persons under 16. We do not use sensitive personal information to infer characteristics about you.

To exercise privacy rights, contact info@hangar42.de. We may need to verify your request before responding. You may use an authorised agent where applicable law allows it and where proper authorisation can be verified.

24. Additional information for California users

This section is intended to satisfy or support transparency obligations under California privacy laws, including the California Online Privacy Protection Act (CalOPPA) and, where applicable, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA). The CCPA/CPRA may apply only if statutory thresholds and other applicability requirements are met. We provide this section for transparency and to make our current practices clear.

24.1 CalOPPA notice

This Privacy Policy identifies its effective date at the top. The categories of personal information we may collect are described in Sections 6 to 12 and in the table below. The categories of service providers and third parties with whom personal information may be disclosed are described in Section 14. Retention periods are described in Section 13. The process for privacy requests is described in Sections 18 to 20 and 23 to 24. The process for material changes is described in Section 27.

We do not engage in advertising tracking across third-party websites or online services. We do not currently respond to browser “Do Not Track” signals in a differentiated manner because we do not collect personal information about your online activities over time and across third-party websites or online services for advertising tracking. If a Global Privacy Control or similar signal is technically received, we treat it as an opt-out from sale, sharing for cross-context behavioural advertising and targeted advertising to the extent required by applicable law. Because we do not currently sell or share personal information for such purposes and do not use targeted advertising, such signals do not currently change the App’s processing.

Other parties are not intended to collect personal information through True Moments about your online activities over time and across different websites or online services for advertising purposes.

24.2 Categories of personal information

In the last 12 months, we may have processed the following categories of personal information, depending on your use of the App:

| Category | Examples in True Moments | |---|---| | Identifiers | Email address for contact or waitlist; pseudonymous App identifier for analytics after consent; push token if notifications are enabled. | | Commercial information | Product IDs, StoreKit purchase status, licence, entitlement and unlock status for in-app purchases. | | Internet or electronic network activity information | Server logs, technical request data, optional analytics events after consent. | | Device and technical information | App version, iOS version, device model identifier, device language, device region or regional setting, time zone, technical user agent. | | User-generated content | User-created questions stored locally on your device; not sent to analytics. | | Customer support information | Contact subject, email address and message content when you contact us. | | Inferences | We do not create broad personal profiles for advertising or similar purposes. Achievements and progress are App functionality and primarily local. |

Not every category applies to every user. For example, waitlist data applies only if you sign up for a waitlist, analytics data applies only after analytics consent, and push token data applies only if push notifications are enabled.

24.3 Sources

Personal information may come from you, your device, the App, Apple, our self-hosted Appwrite backend and service providers used for hosting or email delivery.

24.4 Purposes

The purposes are described in this Privacy Policy, especially App functionality, support, waitlist or download notification, StoreKit processing, licence and entitlement handling, security, optional analytics, notifications, troubleshooting and legal compliance.

24.5 Disclosure

We may disclose personal information to service providers and third parties described in this Privacy Policy, especially STRATO for hosting, SMTP2GO for email delivery and Apple for App Store, StoreKit, APNs and Apple-provided diagnostics. We may also disclose information where required by law or necessary for legal claims, security or abuse prevention.

24.6 Sale, sharing and targeted advertising

We do not sell personal information and do not share personal information for cross-context behavioural advertising. We do not use personal information for targeted advertising. A “Do Not Sell or Share My Personal Information” link is therefore not required for our current practices.

24.7 Sensitive personal information

We do not use sensitive personal information to infer characteristics about you. Please do not submit sensitive personal information through support or user-created questions unless it is necessary for your private use of the App or for your request.

24.8 Retention

Retention periods are described in the retention table above. Local App data that exists only on your device cannot be deleted by us server-side because we do not have access to it.

24.9 California rights

Where California privacy law applies, California residents may have rights to know, access, correct, delete, obtain a copy, opt out of sale or sharing, limit certain sensitive information processing and be free from discrimination for exercising privacy rights. Because we do not sell or share personal information for cross-context behavioural advertising and do not use targeted advertising, an opt-out of sale, sharing or targeted advertising is generally not applicable to our current processing.

You may contact info@hangar42.de to exercise rights. We may need to verify your request and, where applicable, the authority of an authorised agent.

24.10 California “Shine the Light”

We do not disclose personal information to third parties for their own direct marketing purposes. If you have questions about this, contact info@hangar42.de.

25. Additional information for users in Brazil and other regions

If Brazilian data protection law applies, you may have rights under the Lei Geral de Proteção de Dados (LGPD), including confirmation of processing, access, correction, deletion, portability, information about sharing, withdrawal of consent and review of certain automated decisions where applicable.

Users in other countries may have similar rights under local privacy laws. You can contact us at info@hangar42.de and we will handle requests according to the laws that apply.

26. Security

We use appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration or disclosure.

Measures may include access restrictions, separation of Appwrite projects, private database tables, function-based access, rate limits, transport encryption, server log retention limits, cleanup functions and restricted dashboard access.

No internet transmission, mobile app, cloud service or server system can be guaranteed to be completely secure.

27. Changes to this Privacy Policy

We may update this Privacy Policy when the App, data processing, service providers, technical architecture, legal requirements or App Store requirements change.

The current version is available in the App or on a website provided by us. Where legally required, we will inform you of material changes or ask for consent.

28. Contact

For privacy requests, questions or concerns, contact:

info@hangar42.de