1. Data Controller
The data controller responsible for the processing of your personal data in connection with Cocktail Recipes To Go is: Daniel Sogl Email: info@danielsogl.de As we are a small-scale operation (Freiberufler), we are not required to appoint a Data Protection Officer. However, you can contact us directly at the email address above for any data protection inquiries.
2. Data We Collect
We collect and process the following categories of personal data: Account Data: - Email address (required for account creation) - Password (stored as secure hash, never in plain text) - Display name (optional) - Username (optional) - Profile picture (optional) - Biography text (optional) Activity Data: - Cocktail recipes you create - Ratings you submit (1-5 stars) - Cocktails you mark as favorites - Custom ingredients you add Subscription Data: - Subscription tier (Free or Pro) - Subscription expiration date - Product identifiers for purchased subscriptions Technical Data: - Device platform (iOS) - App version - Network connectivity status Analytics & Crash Data: - App usage events (screen views, feature interactions) - Crash reports and error logs - Performance metrics (app startup time, network latency) - Device information (iOS version, device model) - App version and build number We do NOT collect: - Location data - Contact lists - Health data - Browsing history outside the App
3. Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR Article 6 and German TTDSG: Contract Performance (Art. 6(1)(b) GDPR): - Account creation and management - Providing app functionality (favorites, ratings, recipes) - Processing subscription purchases Consent (Art. 6(1)(a) GDPR, § 25 TTDSG): - Optional profile information (bio, avatar) - Advertising identifier access (IDFA via App Tracking Transparency) - Personalized advertising - Marketing communications (if applicable) Legitimate Interests (Art. 6(1)(f) GDPR): - Improving our services - Preventing fraud and abuse - Technical security measures - Displaying non-personalized advertisements
4. Purpose of Processing
We use your personal data for the following purposes: Service Provision: - Creating and managing your account - Syncing your favorites, ratings, and recipes across devices - Processing and managing your subscription Service Improvement: - Understanding how users interact with the app - Identifying and fixing technical issues - Developing new features Communication: - Sending important service notifications - Responding to your support requests Legal Compliance: - Maintaining records as required by law - Responding to lawful data access requests
5. Data Retention
We retain your personal data for the following periods: Account Data: - Retained while your account is active - Deleted within 30 days of account deletion request Activity Data (favorites, ratings, recipes): - Retained while your account is active - Deleted immediately upon account deletion Subscription Data: - Purchase records retained for 10 years (German tax law requirement) - Subscription status deleted upon account deletion Technical Logs: - Retained for maximum 90 days - Anonymized or deleted thereafter
6. Third-Party Services
We use the following third-party service providers who may process your data: Supabase (Backend Services) - Provider: Supabase Inc. - Purpose: Database, authentication, file storage - Data processed: All account and activity data - Privacy Policy: https://supabase.com/privacy Apple (Authentication & Payments) - Provider: Apple Inc. - Purpose: Sign in with Apple, App Store payment processing - Data processed: Email (optional), name, payment information - Privacy Policy: https://www.apple.com/legal/privacy Google AdMob (Advertising) - Provider: Google Ireland Limited (for EEA users) - Purpose: Display advertisements to free users - Privacy Policy: https://policies.google.com/privacy Firebase (Analytics, Performance, Crashlytics) - Provider: Google Ireland Limited (for EEA users) - Purpose: App analytics, performance monitoring, crash reporting - Privacy Policy: https://firebase.google.com/support/privacy
7. International Data Transfers
Some of our service providers are located outside the European Economic Area (EEA). When we transfer your data outside the EEA, we ensure appropriate safeguards are in place: Standard Contractual Clauses (SCCs): - Our providers have executed EU Standard Contractual Clauses - These provide legally binding data protection guarantees EU-US Data Privacy Framework: - Where applicable, our US-based providers are certified under the EU-US Data Privacy Framework
8. Your Rights Under GDPR
Under the General Data Protection Regulation (GDPR), you have the following rights: Right of Access (Art. 15): You can request a copy of all personal data we hold about you. Right to Rectification (Art. 16): You can request correction of inaccurate personal data. Right to Erasure (Art. 17): You can request deletion of your personal data ("right to be forgotten"). Right to Restriction (Art. 18): You can request restriction of processing in certain circumstances. Right to Data Portability (Art. 20): You can request your data in a structured, machine-readable format. Right to Object (Art. 21): You can object to processing based on legitimate interests. Right to Withdraw Consent (Art. 7): Where processing is based on consent, you can withdraw it at any time. To exercise these rights, contact us at: info@danielsogl.de We will respond to your request within one month as required by GDPR.
9. Right to Lodge a Complaint
If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a supervisory authority. For Germany, the lead authority is: Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) Website: https://www.bfdi.bund.de
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data: Technical Measures: - All data transmitted over encrypted HTTPS connections - Passwords stored using industry-standard bcrypt hashing - Authentication tokens stored in iOS Keychain - Database access restricted by Row Level Security policies Organizational Measures: - Access to personal data limited to essential personnel - Regular security reviews of our systems - Incident response procedures in place
11. Advertising
We display advertisements to users who have not subscribed to our Pro plan. Personalized vs. Non-Personalized Ads: - If you grant tracking permission via iOS App Tracking Transparency, you may receive personalized ads based on your interests - If you decline tracking, you will receive non-personalized (contextual) ads Your Advertising Choices: - You can change your tracking preference at any time in iOS Settings > Privacy & Security > Tracking - Pro subscribers enjoy an ad-free experience
12. Age Restrictions
Cocktail Recipes To Go is intended for users aged 18 years and older only. This age restriction is in place because the app contains content related to alcoholic beverages. We do not knowingly collect personal data from minors. If we become aware that we have collected personal data from a person under 18, we will delete that data immediately.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Significant changes will be announced via in-app notification. The "Last Updated" date will be revised. Continued use after changes constitutes acceptance.
14. Contact Information
For any questions about this Privacy Policy or our data practices, please contact us: Daniel Sogl Email: info@danielsogl.de We aim to respond to all inquiries within 5 business days.