Privacy Policy

Last updated: January 2026

1. Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you use our app. Personal data is any data with which you could be personally identified.

Data Controller

The party responsible for data processing is:
Lars Paetzold
Triebstr. 21a
68542 Heddesheim
Germany
Email: [email protected]

2. What Data Do We Collect?

Account Data

Upon registration, we collect:

• Email address
• Password (stored encrypted)
• Username or profile data (if provided)

Usage Data

While using the app, we store:

• Your created to-dos and tasks
• App settings (e.g., theme, language)
• Synchronization data

Technical Data

When accessing our servers, the following data is automatically collected:

• IP address
• Date and time of request
• Device type and operating system

This data is used exclusively for the technical provision and security of the service and is not combined with other data sources.

3. Legal Basis for Processing

The processing of your personal data is based on:

• Art. 6(1)(b) GDPR – Contract fulfillment (providing app functionality)
• Art. 6(1)(f) GDPR – Legitimate interest (technical security and stability)

4. Data Storage and Security

Your data is stored on our own server in Germany. We implement technical and organizational security measures to protect your data against manipulation, loss, or unauthorized access. These include:

• SSL/TLS encryption for data transmission
• Encrypted storage of passwords
• Regular security updates
• Access restrictions

5. Data Sharing with Third Parties

We only share your data with third parties in the following cases:

Resend (Email Service)

For sending system emails (registration, password reset, notifications), we use the service Resend. Your email address is transmitted to Resend. For more information, please refer to Resend's Privacy Policy.

Stripe (Payment Processing)

For payment processing, we use Stripe. During payment transactions, your payment data (credit card number, name, billing address) is transmitted directly to Stripe. We do not store complete payment data ourselves. For more information, please refer to Stripe's Privacy Policy.

Payment-related data is stored for 10 years in accordance with legal retention requirements.

Google Gemini API (AI-Powered Features)

For certain AI-powered features in the app, we use the Google Gemini API. Your to-do content and text inputs may be transmitted to Google to provide the requested functionality. Google processes this data in accordance with their privacy policy. For more information, please refer to Google's Privacy Policy.

The use of AI-powered features occurs only at your explicit request and is optional.

6. Data Retention Period

We store your data as long as your account is active. After deletion of your account, your data will be permanently deleted within 30 days. This period allows for recovery in case of accidental deletion.

Exception: Payment data and invoice information are retained for 10 years due to tax law requirements.

7. Your Rights

You have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR) – You can request information about your stored data
• Right to rectification (Art. 16 GDPR) – You can request correction of incorrect data
• Right to erasure (Art. 17 GDPR) – You can request deletion of your data
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR) – You can receive your data in a structured format
• Right to object (Art. 21 GDPR)
• Right to lodge a complaint – You can file a complaint with a data protection supervisory authority

To exercise your rights, please contact us at: [email protected]

8. Cookies and Tracking

Our app currently does not use cookies or tracking technologies. There is no analysis of user behavior by third parties.

9. Changes to This Privacy Policy

We reserve the right to amend this privacy policy to reflect changes in legal requirements or changes to our services. The current version is always available at this URL.

10. Contact

For questions about data protection, please contact us at:
Email: info@karbywarby.com