Last updated: January 2024

1. Data Controller

Responsible for data processing:
Ossei Oesterwind
P.O. Box 13 01 43
44750 Bochum, Germany
contact@osseioesterwind.com

2. Principles of Data Processing

We take the protection of your privacy very seriously. The Gravia app was developed according to the principle of „Privacy by Design“:

• Local data storage: All app data is stored exclusively locally on your device
• No cloud synchronization: Your personal data never leaves your device
• No tracking: We do not use analytics, tracking, or advertising
• Minimal data collection: We only collect the minimum necessary data

3. Data Processing in the Gravia App

3.1 Locally Stored Data

The app stores the following data exclusively on your device:

• Your tasks and to-dos
• Habits and their progress
• Reflection entries (daily and weekly)
• App settings and preferences
• Statistical evaluations

Legal basis: Art. 6 (1) lit. b GDPR (contract fulfillment)

3.2 HealthKit Integration (Gravia Pro only)

When HealthKit integration is activated:

• The app can read health data from Apple Health
• Habit data can be transferred to Apple Health
• All health data remains within Apple’s Health system
• We have no access to this data

Legal basis: Art. 6 (1) lit. a GDPR (consent)

4. Data Processing on this Website

4.1 Server Logs

When visiting our website, the following data is automatically collected:

• IP address (anonymized after 24 hours)
• Browser type and version
• Operating system
• Date and time of access
• Pages visited

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in IT security)
Storage duration: 7 days

4.2 Cookies

This website does not use cookies for tracking or analytics. Only technically necessary cookies are used.

4.3 Contact Form/Email

When contacting us, we store:

• Email address
• Name (if provided)
• Message content
• Time of inquiry

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in communication)
Storage duration: 3 years

5. App Store Data Processing

5.1 Apple App Store

The app download occurs through the Apple App Store. Apple processes:

• Apple ID
• Download data
• Ratings and reviews
• Purchase information (for Gravia Pro)

Apple is responsible for this data processing. Details can be found in Apple’s Privacy Policy.

5.2 In-App Purchases

Gravia Pro subscriptions are processed through Apple:

• Payment processing is handled by Apple
• We only receive anonymized transaction data
• No storage of payment data on our end

6. No Sharing with Third Parties

We do not share your data with third parties, except:

• When legally required
• To enforce our rights
• With your explicit consent

7. Your Rights

Under GDPR, you have the following rights:

7.1 Right to Information (Art. 15 GDPR)

You can request information about the data we process.

7.2 Right to Rectification (Art. 16 GDPR)

You can request correction of incorrect data.

7.3 Right to Deletion (Art. 17 GDPR)

You can request deletion of your data.

7.4 Right to Restriction of Processing (Art. 18 GDPR)

You can request restriction of data processing.

7.5 Right to Data Portability (Art. 20 GDPR)

You can receive your data in a structured format.

7.6 Right to Object (Art. 21 GDPR)

You can object to the processing of your data.

7.7 Withdrawal of Consent

You can withdraw any given consent at any time.

8. Data Security

We implement technical and organizational measures:

• Encrypted data transmission (HTTPS)
• Local data storage on the device
• Regular security updates
• Minimization of data collection

9. Storage Duration

• App data: Until app deletion
• Website logs: 7 days
• Contact inquiries: 3 years
• HealthKit data: Control lies with Apple Health

10. Data Transfer to Third Countries

No transfer of personal data to third countries takes place.

11. Automated Decision Making

We do not use automated decision making or profiling.

12. Right to Complaint

You have the right to file a complaint with a data protection supervisory authority:

Federal Commissioner for Data Protection and Freedom of Information
Graurheindorfer Str. 153
53117 Bonn, Germany
Tel: +49 (0)228-997799-0
Email: poststelle@bfdi.bund.de

13. Data Protection Contact

For questions about data protection, contact us:
[Your email address]
[Your postal address]

14. Changes to this Privacy Policy

We reserve the right to update this privacy policy. The current version is always available on our website.