Privacy Policy Datapods App

Preamble

Welcome to the Datapods app! We consider the protection of your data and your privacy to be of the utmost importance. Because nobody has the desire (or time) to read complete privacy policies, we will provide a short summary. The short summary can be found next to the legally binding, complete privacy policy for our website and our app. Have fun scrolling!

Introduction

According to Art. 4 No. 1 GDPR, personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly. Further information on this can be found in Art. 4 No. 1 GDPR.

This privacy policy can be accessed, saved and printed at any time at https://www.datapods.app/privacy-policy-app.

Insofar as we cite our legitimate interest or a legitimate interest of a third party (Art. 6 para. 1 lit. f) GDPR) as the legal basis for the processing of personal data, you have the right to object in accordance with Art. 21 GDPR:

In accordance with Art. 21 GDPR, you have the right to object to the processing of personal data at any time. We will then no longer process the personal data for the purposes of direct marketing or related profiling.

We will also not process your personal data for other purposes following an objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims (see, for example, Art. 21 (1) GDPR, so-called “limited right to object”). In this case, you must provide reasons for the objection that arise from your particular situation.

You can also object to the processing of your personal data for reasons arising from your particular situation, for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, unless the processing is necessary for the performance of a task carried out in the public interest (see Art. 21 para. 6 GDPR).

We will also inform you separately about your right to object in the individual sections (e.g. by stating: “You have the right to object”), if this right exists. There you will also find further information on exercising your right to object.

In order to keep the following privacy policy concise, we provide links at various points to information and data protection notices on external websites. We make every effort to keep the links that we list in this privacy policy up to date. Nevertheless, due to the constant updating of the websites, it cannot be ruled out that links may not function correctly. If you notice such a link, we would be pleased if you let us know so that we can update the link.

Who is responsible for processing my personal data and how can I contact the data protection officer?

You can contact our data protection officer by email at finn@datapods.app.

The controller within the meaning of Art. 4 No. 7 GDPR for the processing of personal data is:

Datapods GmbH

Kölnstraße 179b 53111 Bonn

E-mail: kontakt@datapods.app

represented by: Jakob Endler, Lukas Stein, Finn Rübo, David Goldschmidt

What categories of data do we use as Datapods and where do they come from?

We use your personal data (e.g. from your requests submitted to us, such as downloading our application) in connection with the delivery of Datapods services. The extent to which we collect, process and use this data depends on the services provided by Datapods. This is usually the following data in particular

  • First name and surname,
  • date of birth,
  • place of birth,
  • e-mail addresses,
  • postal address,
  • cell phone number,
  • nationality,
  • IP address.

When processing your personal data, we differentiate between personal data that we collect directly from you and personal data that we receive from other sources.

Personal data that we collect directly from you

We collect the personal data that you provide to us when downloading our application (“Datapods App”) or when using Datapods, as well as data that is transmitted via interfaces of the companies for which we offer a portability or download function. We also collect personal data that we request from you for the proper implementation of Datapods. Please refrain from transmitting your data if you do not agree to it being processed. In this case, no further processing will take place.

Personal data that we receive from other sources

We use data collected by third party companies for data processing. This data is transferred to servers in Amsterdam, where it is categorized and encrypted. The encrypted data is stored long-term in our database operated by Supabase (data center in Frankfurt). We have concluded order processing contracts with the operators of these data centers. The data is encrypted in accordance with the most secure cryptography currently available. All data is transmitted via an encrypted SSL connection.

Google

The transfer of personal data from other sources, e.g. your Google data, takes place by means of your authentication via your Google account. After successful authentication, exports of Google data can be carried out via Google Takeout and stored in your Google Drive. We only access your Google Maps, Chrome and YouTube data. This data is encrypted by us and used for further analysis and visualization.

The data that we use for further analysis and thus process and store it are:

  • the browsing data, in particular the URL, the icon and title and the client ID, page transition as well as the time of access,
  • the location data, in particular latitude and longitude as well as the time of the location retrieval,
  • YouTube history, in particular video title, video URL, channel name, channel URL,
  • advertisements played and time of access.

This data is used within the Datapods application exclusively for visualization purposes. Your Google user data will never be passed on to third parties (except as explicitly stated in this declaration) without your consent.

This data is made available for the duration of your use of the Datapods App and deleted if you so wish or if you permanently delete your Datapods account.

Your Google user data is encrypted at rest with AES-256 and stored in our databases on Supabase servers that are certified according to SOC2 type 2. During transmission, the data is encrypted using TLS. Sensitive information such as access tokens and keys are encrypted at the application level before they are stored in the database.

Who has access to my personal data?

Our systems are developed according to the principles of data minimization (need-to-know principle) and privacy by design. We ensure that our employees only have access to the personal data that is absolutely necessary to provide our services. Our employees do not have direct access to your personal data that is processed in the Datapods app (such as personal details, third-party company data or usage data). All this data is stored in encrypted form in our Supabase database (data center in Frankfurt). Only you and our technical systems have the necessary code to decrypt and process this data.

However, there are some exceptions to this principle of data minimization and privacy by design where we may access your personal data:

  • Support requests: if you contact our support, it may be necessary for our support staff to access your personal data in order to help you resolve issues.
  • Explicit consent: If you provide us with personal data within the app with explicit consent, e.g. to optimize our data analysis or to improve the services.
  • Datadividend: If you agree to share your data with cooperation partners via the Datapods App, it can be necessary for Datapods to access your data to facilitate the transfer. The data will only be transferred to third parties in pseudonymized and aggregated form after you have explicitly consented to the data transfer.
  • Regulatory requirements: If we are required to do so by law or regulation, for example as part of requirements to combat money laundering or terrorist financing.
  • Contract performance: To ensure proper processing when participating in the Datapods Datadividend, our employees may access the personal data required to carry out the process (e.g. pseudonymization key or order status).
  • Beta test: If you are a participant in our beta test, it may be necessary for the purposes of the beta test for Datapods employees to have unencrypted access to your personal data. There is a separate consent for this as part of the beta test user agreement, which must be explicitly agreed to in order to participate in the beta test.

What is the purpose of processing my personal data?

We collect your personal data in order to provide our Datapods app at your request, with which you can download, manage and visualize your personal data from various companies. Art 6 para. 1 lit. b GDPR.

This data is collected:

  • to provide a mobile application with which you can log into your user accounts of third party companies and retrieve data from them via dedicated APIs, e.g. Google Takeout,
  • for the automated creation of categorizations and analyses based on the provided thrid partry user account data (e.g. Chrome history, YouTube history, location data),
  • to visualize and analyze your data within the Datapods App,
  • to answer queries relating to the provision of the Datapods App,
  • to manage and analyze your data and to improve the services we offer,
  • to conclude and manage data license agreements with our cooperation partners
  • for forwarding to service providers for the purpose of carrying out an identity check in compliance with money laundering regulations, if necessary,
  • to fulfill regulatory requirements to which we are subject to, in particular to combat money laundering and terrorist financing.

If necessary, we process your personal data at your request for the purpose of arranging, fulfilling and/or terminating a contract to be concluded or subsequently concluded or another contract to which you are a party. In particular, we create a file for your identification when you contact us for the purpose of providing the contractually agreed service. In order to fulfill the contract, we also create needs analyses, manage and service your contract or improve these processes.

To fulfill our legal obligations, Art 6 (1) c) GDPR.

We may collect and process your personal data in order to comply with legal obligations to which we are subject. This includes, for example, compliance with regulatory requirements or legal requirements that apply to the performance of our services.

To protect our legitimate interests and the interests of other controllers or third parties in data processing, Art. 6 (1) f) GDPR.

We process your personal data to protect our legitimate interests where this is necessary. This includes:

  • the improvement and further development of our app and services,
  • carrying out security analyses to ensure the security of your data
  • processing support requests and ensuring the proper operation of the app
  • the sending of advertising information, unless you have objected to this
  • conducting market and opinion research in order to better adapt our services to the needs of our users
  • the assertion and defense of legal claims.

To process your data based on your consent, Art 6 (1) a) GDPR.

If you have given us your explicit consent, we will process your personal data for specific purposes agreed by you. These may include the following:

  • the forwarding of promotional information, e.g. by email,
  • the optimization of our analyses, such as the improved visualization of your data
  • participation in the Datapods Datadividend, where your data can be shared with cooperation partners in a pseudonymized and aggregated manner.

Will my data be shared with third parties?

Your data will not be shared with third parties unless we have transparently communicated this to you in advance and you have given your consent. Data may be shared in particular if you explicitly instruct us to share your data with our cooperation partners. In this case, only pseudonymized and aggregated data required for the respective transaction will be transmitted to third parties. It is contractually stipulated that direct identification of your person, which is regularly not possible, is strictly prohibited.

Which companies do we contact to import the personal data in the Datapods App?

In order to import your personal data from companies into the Datapods App and display it there, we have to contact the relevant companies directly or via you. Depending on the company, data is processed by us for authentication and other purposes. Providing your personal data is neither legally nor contractually required. However, if you do not provide it, you will not be able to use the main functions of our app.

We contact the following companies to provide the functions of the Datapods app:

Google

Google collects a range of data when you log into your account via our app. This may include, for example, unique identifiers, the type and settings of the browser, the type and settings of the device, the operating system, mobile network information such as the name of the mobile network provider and the telephone number as well as the version number of the app. In addition, Google may collect data about the interaction of your apps, browsers and devices with its services. This includes the IP address, crash reports, system activity and the date, time and referral URL of your request.

Which third-party providers do we use to provide functions in the Datapods App?

In order to make the Datapods App and its functions available to you, we use the services of various third-party providers to whom we transfer certain personal data. Providing your personal data is neither legally nor contractually required. However, if you do not provide it, you will not be able to use certain essential functions of our app.

We use the following third-party providers provide the functions of the Datapods App:

Supabase

Supabase is operated by Supabase, Inc, a Delaware corporation headquartered at 970 Toa Payoh North #07-04, Singapore 318992.

Supabase serves us as a database solution for storing and managing the data you enter in the app. Personal data may be stored, in particular registration data (such as first and last name, e-mail addresses, cell phone number, date and place of birth, postal address) and the data generated through the use of the app. This information is stored on servers in the EU (data center in Frankfurt) and secured using modern encryption methods.

Personal data is stored for as long as it is required to fulfill the purpose of processing. Once it is no longer required, the data will be deleted, provided there are no statutory retention obligations.

Supabase does not rule out the possibility that personal data may also be processed on servers in the USA and Singapore. Supabase is not certified in accordance with the EU-US Data Privacy Framework. However, a data processing annex has been concluded with Supabase as part of a data processing agreement that contains the standard clauses of the European Commission, with which Supabase is obliged to process personal data in compliance with the GDPR and to guarantee the same for its sub-processors.

Further information on data processing by Supabase can be found in Supabase's privacy policy: https://supabase.com/privacy.

Supabase states that it uses the following sub-processors: https://supabase.com/downloads/docs/Supabase+DPA+231211.pdf.

Right to object

You have the right to object to the processing of your data. You can inform us of your objection at any time (e.g. by e-mail to kontakt@datapods.app).

Google Cloud

Google Cloud is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Cloud is used by us to process and store data that is generated as part of the process of downloading and making data available to companies. Personal data may be stored, in particular registration data (such as name, e-mail address) and the data retrieved by the requested companies. This data is processed on servers in the EU (data centers in Amsterdam).

Personal data is stored for as long as it is necessary to fulfill the purpose of processing. Once this is no longer necessary, the data is deleted, provided there are no statutory retention obligations.

Further information on data processing by Google Cloud can be found in Google's privacy policy: https://cloud.google.com/privacy.

According to its own information, Google Cloud uses the following sub-processors: https://cloud.google.com/terms/subprocessors.

Right to object

You have the right to object to the processing of your data. You can inform us of your objection at any time (e.g. by e-mail to kontakt@datapods.app).

Firebase Cloud Messaging

Firebase Cloud Messaging (FCM) is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Firebase Cloud Messaging is used to send push notifications to your device to inform you about relevant events in the app. Personal data such as device and app instance IDs may be processed in order to deliver the messages in a targeted manner. This data is stored on Google servers, whereby Google is obliged to use the standard contractual clauses for the transfer of personal data to third countries for each transfer of personal data to a third country, which also apply to Google as a sub-processor of Datapods.

Personal data is stored for as long as it is necessary to fulfill the purpose of processing. Once this is no longer necessary, the data is deleted, provided there are no statutory retention obligations.

Further information on data processing by Firebase Cloud Messaging can be found in Google's privacy policy: https://firebase.google.com/support/privacy.

Firebase Cloud Messaging states that it uses the following sub-processors: https://firebase.google.com/terms/subprocessors.

Right to object

You have the right to object to the processing of your data. You can inform us of your objection at any time (e.g. by e-mail to kontakt@datapods.app).

Twilio

Twilio is operated by Twilio Inc, 101 Spear Street, 5th Floor, San Francisco, CA 94105, USA.

Twilio is used to deliver SMS messages, for example to verify your telephone number or to send important notifications. Personal data such as your telephone number and the content of the messages sent may be processed. This data is stored on Twilio servers in Ireland.

Personal data is stored for as long as it is necessary to fulfill the purpose of processing. Once this is no longer necessary, the data is deleted, provided there are no statutory retention obligations.

Further information on data processing by Twilio can be found in Twilio's privacy policy: https://www.twilio.com/legal/privacy.

According to its own information, Twilio uses the following sub-processors: https://www.twilio.com/en-us/legal/sub-processors

Right to object

You have the right to object to the processing of your data. You can inform us of your objection at any time (e.g. by e-mail to kontakt@datapods.app).

Resend

Resend is operated by Resend, Inc, 2261 Market Street #5039, San Francisco, CA 94114, USA.

Resend is used to deliver e-mail notifications, for example to confirm your e-mail address or to send important messages. Personal data such as your e-mail address and the content of the messages sent may be processed. This data is stored on Resend's servers.

Resend transfers and processes personal data to servers in the USA. Resend is not certified under the EU-US Data Privacy Framework. However, a data processing annex has been concluded with Resend as part of a data processing agreement that contains the standard clauses of the European Commission, with which Resend undertakes to process personal data in compliance with the GDPR and to guarantee this for its sub-processors as well.

Personal data is stored for as long as it is necessary to fulfill the purpose of processing. Once this is no longer necessary, the data is deleted, provided there are no statutory retention obligations.

Further information on data processing by Resend can be found in Resend's privacy policy: https://resend.com/privacy.

According to its own information, Resend uses the following sub-processors: https://resend.com/legal/subprocessors

Right to object

You have the right to object to the processing of your data. You can inform us of your objection at any time (e.g. by e-mail to kontakt@datapods.app).

What other data is collected to improve Datapods?

To further improve the Datapods App for you, we use third-party providers to help us understand which functions you use and how you use them. This allows us to better plan new features and improve existing features for you. Providing your personal data is neither legally nor contractually required. However, if you do not provide it, you will not be able to use certain functions of our app.

We use the following third-party providers to improve the Datapods App:

Smartlook

Smartlook is operated by Smartlook.com, s.r.o., Šumavská 524/31, Veveří, 602 00 Brno, Czech Republic.

Smartlook records and reproduces your behavior in our app. This data is stored for a limited time and used exclusively to improve our services according to your needs. Personal data may be stored and evaluated, in particular user activities (e.g. subpages visited, elements clicked on), device and browser information (such as IP address and operating system) and a tracking code (pseudonymized user ID). The information collected is stored on servers in the EU.

Personal data in the form of recordings is deleted after one month. Pseudonymized user data is stored for as long as is necessary to fulfill the purpose. The data is deleted as soon as it is no longer required for the processing purpose.

Further information on processing by Smartlook can be found in Smartlook's privacy policy: https://www.smartlook.com/help/privacy-statement/.

Right to object

You have the right to object to the processing of your data. You can inform us of your objection at any time (e.g. by e-mail to kontakt@datapods.app).

PostHog

PostHog is operated by PostHog Inc, 965 Mission Street, San Francisco, CA 94103, USA.

PostHog records and reflects your behavior in our app. The storage of this data is limited in time and is used exclusively to improve our service based on your needs. This allows personal data to be stored and evaluated - in particular the user's activity (which subpages have been visited, which elements have been clicked on), device and browser information (in particular the IP address and operating system) and a tracking code (pseudonymized user ID). The information collected in this way is transmitted by PostHog to a server in Germany and stored there.

The personal data in the form of recordings is deleted after 3 months. The user's activities are stored pseudonymized for as long as they are required to fulfill the purpose of processing. The data is deleted as soon as it is no longer required to achieve the purpose.

Further information on the processing of data by PostHog can be found in PostHog's privacy policy, available at: https://posthog.com/privacy.

According to its own information, PostHog uses the following sub-processors: https://posthog.com/dpa.

Right to object

You have the right to object to the processing of your data. You can inform us of your objection at any time (e.g. by e-mail to kontakt@datapods.app).

For how long will my data be stored?

We only process personal data for as long as is necessary to fulfill our contractual and legal obligations. For example, data processing is necessary for the performance and execution of the contract, including the defense and enforcement of civil law claims within the relevant limitation periods. The limitation periods can be up to three years due to sections 195 et seq. of the German Civil Code, the limitation periods can be up to thirty years; the regular limitation period is three years. In addition, the retention obligations under tax law, commercial law, tax law and other statutory retention obligations must be observed. The retention/documentation periods stipulated there are six to ten years plus the limitation period for assessment of a further four years. In order not to violate legal regulations or lose the opportunity to enforce a claim or defend ourselves against such a claim, we reserve the right to delete the data only after the last period that legitimizes the data storage has expired.

Can I object to the processing of my personal data?

If we process your data for legitimate interests, you can object to this processing on grounds relating to your particular situation. You have the right to object to the processing of your personal data for direct marketing purposes without giving reasons; this also applies to profiling insofar as it is associated with such direct marketing. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims.

To object to the processing of your data, you can permanently and irrevocably delete your account within the Datapods app at any time. You can also contact us by email using the contact details provided above to revoke your consent.

Where can you lodge a complaint?

If you are of the opinion that the processing of your personal data by us is unlawful or that we are violating data protection law for other reasons, you can complain to the supervisory authority responsible for us:

North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information

P.O. Box 20 04 44, 40102 Düsseldorf, Germany

Telephone: 0211/38424-0

Fax: 0211/38424-10

E-mail: poststelle@ldi.nrw.de

Are you obliged to provide your data?

We do not make the conclusion of contracts with us dependent on you providing us with personal data beforehand. As a customer, you are under no legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data. If this is the case for the products we offer, you will be informed of this separately.

What are my rights as a data subject?

You have the right to:

  • to request information as to whether and, if so, which personal data concerning you is being processed, Art. 15 GDPR;
  • to request the rectification of inaccurate personal data or the completion of incomplete personal data, Art. 16 GDPR;
  • to obtain from us the erasure of personal data concerning you without undue delay, provided that the conditions set out in Art. 17 GDPR are met;
  • to demand the restriction of the processing of your personal data, insofar as Art. 18 GDPR provides for this;
  • to receive the personal data concerning you in a format that meets the requirements of Art. 20 para. 1 GDPR;
  • to data portability under the conditions set out in Art. 20 para. 1 lit. a, b GDPR;
  • not to be subject to a decision based solely on automated processing – including profiling – if a decision has only been made in an automated process and this decision significantly affects you. In the event of a rejection, the decision will be reviewed manually by us after you have informed us of your considerations and objections to the decision made in the automated process and requested the manual review, Art. 22 para. 1, 3 GDPR. In addition, you are entitled to view the criteria for the decision.

For requests of this kind, please contact kontakt@datapods.app. Please note that we must ensure that we are actually dealing with the data subject for such requests.

Automated decision-making does not take place in our app.

Status: October 2024

Any questions?

Feel free to contact us with questions, feature requests or anything else :)
Contact & questions
kontakt@datapods.app
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
D
Take back control over your digital identity.
©2024. Datapods.app. All rights reserved.
Need Help? Get in Touch
About
About UsOur VisionPress Kit
Legal
ImprintPrivacy PolicyTermsApp
Privacy Policy
Gradient