Privacy Policy
Last updated: March 26, 2026
1. Data Controller
Responsible for data processing:
Vivian Hammermüller
Hermannstraße 18
33102 Paderborn
Germany
Email: support@simpledot.app
Phone: +49 15679 779541
2. Overview of Data Processing
SimpleDot is a privacy-first app. All your entries remain locally on your device by default and are never transmitted to our servers.
| Data Type | Storage Location | Transmission |
|---|---|---|
| Journal entries, photos, tags, ratings | Local on device | Only with Cloud Sync (Dot+) |
| App settings (subset) | Local on device | Only with Cloud Sync (Dot+) |
| Cloud sync data (optional) | Google Drive / iCloud | Only when enabled |
| Analytics (optional) | TelemetryDeck | Only with consent |
| Error reports (optional) | Sentry EU | Only with consent |
| Subscription data | RevenueCat | With Dot+ subscription |
3. Local Data Storage
3.1 Stored Data
- Journal entries (text, rating, date)
- Photos (optional)
- Tags and categories
- App settings and preferences
- Widget data (cached text excerpts for the home screen widget)
3.2 Legal Basis
Article 6(1)(b) GDPR (performance of contract) – Local storage is necessary for using the app.
3.3 Storage Duration
Your local data remains stored until you delete it yourself or uninstall the app.
3.4 Device Backup
If you have enabled your operating system's automatic device backup (iCloud Backup on iOS, Google Backup on Android), your app data — including journal entries, photos, and settings — may be included in the system backup. This backup is performed by your operating system and encrypted by the respective provider.
SimpleDot has no access to the backed-up data. You can disable device backup at any time in your device settings.
Note: Without an active device backup or Cloud Sync (Dot+), your data will be permanently lost if you uninstall the app.
4. Optional Services with Consent
The following services are disabled by default and are only enabled when you explicitly consent.
4.1 Anonymous Usage Statistics (TelemetryDeck)
Purpose: Improving the app through anonymous usage statistics.
Technical Implementation: TelemetryDeck anonymizes data so that individual users cannot be identified. No IP addresses, device IDs, or other personal data are collected or stored.
Legal Basis: Article 6(1)(a) GDPR (consent). We request your explicit consent to ensure maximum transparency.
Data Collected:
- Anonymous usage events (e.g., which features are used)
- Device type, operating system version
- App version
Not collected: Content of your entries, personal data, IP address, device IDs.
Recipient: TelemetryDeck UG, Germany
Storage Duration: Aggregated data without personal reference
Opt-out: At any time in Settings > Privacy > Anonymous Statistics.
4.2 Error Reports (Sentry)
Purpose: Detection and resolution of technical errors.
Legal Basis: Article 6(1)(a) GDPR (consent).
Data Collected:
- Technical error messages
- Device type, operating system version
- App version and state at time of error
Recipient: Functional Software, Inc. (Sentry), servers in the EU
Storage Duration: Per the configured retention period (typically 90 days)
Withdrawal: At any time in Settings > Privacy > Error Reports.
5. Contract-Based Services (Dot+ Subscription)
5.1 Payment Processing (RevenueCat)
Purpose: Management of in-app subscriptions.
Legal Basis: Article 6(1)(b) GDPR (performance of contract). For subscription status checks for non-subscribers: Article 6(1)(f) GDPR (legitimate interest in correct feature provisioning).
Data Collected:
- Pseudonymous app user ID
- Subscription status (active, cancelled, expired)
- Subscription type (Monthly/Yearly)
- Transaction reference numbers
Not collected: Name, email, payment methods, billing details – this data remains exclusively with Apple or Google as payment processors (Merchant of Record).
Link to usage statistics: If you have enabled anonymous usage statistics (Section 4.1), a pseudonymous identifier is stored as an attribute with RevenueCat to correlate purchase events (e.g. subscription start, renewal) with anonymized usage statistics in TelemetryDeck. This identifier is automatically removed when you disable statistics. The legal basis for this is your consent pursuant to Article 6(1)(a) GDPR.
Recipient: RevenueCat, Inc., USA
Third Country Transfer: USA based on the EU-US Data Privacy Framework and EU Standard Contractual Clauses (SCCs).
Storage Duration: For the duration of the subscription and up to 90 days after termination.
5.2 Cloud Sync (Dot+)
Purpose: Synchronization of your data between devices.
Legal Basis: Article 6(1)(b) GDPR (performance of contract).
Storage Locations:
- iOS: Apple iCloud (your iCloud data)
- Android: Google Drive (your Google account)
Data Collected: Compressed journal entries (incl. photos, tags, and ratings), selected app settings (e.g. theme, font), and a pseudonymous device ID for conflict resolution.
Transmission Security: Data is transferred using transport encryption (HTTPS/TLS). Cloud storage is encrypted by the respective provider.
Recipients: Apple Inc. (iCloud) or Google LLC (Google Drive)
Third Country Transfer: USA (Google Drive: EU-US Data Privacy Framework; Apple iCloud: Standard Contractual Clauses). See Section 8.
Storage Duration: Until you delete the data or disable cloud sync.
Note: We have no access to your cloud data. The data is stored in your personal cloud storage. Google Drive: SimpleDot accesses only its own app folder, not your other files.
Google API Disclosure: SimpleDot's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
6. App Lock
Purpose: Optional protection of the app via Face ID / Touch ID (iOS) or fingerprint (Android). This feature is part of the Dot+ subscription.
Legal Basis: Article 6(1)(a) GDPR (consent).
Processing: Biometric authentication is performed exclusively locally on your device by the operating system. SimpleDot only receives information about whether authentication was successful (yes/no) – no biometric data.
Withdrawal: At any time in Settings > Data & Security > App Lock.
7. Device Permissions
SimpleDot requests the following permissions only when needed:
| Permission | Purpose | Required |
|---|---|---|
| Camera | Take photos directly | No |
| Photo Library (Read) | Select existing photos from your library | No |
| Photo Library (Save) | Automatically save camera photos to your photo library | No |
| Notifications | Daily reminder | No |
| Face ID / Biometrics | App unlock | No |
You can revoke permissions at any time in device settings.
8. Third Country Transfers
When optional services or Dot+ subscription are enabled, data may be transferred to the USA:
| Service | Transfer Basis |
|---|---|
| RevenueCat | EU-US Data Privacy Framework + SCCs |
| Google Drive | EU-US Data Privacy Framework |
| Apple iCloud | Standard Contractual Clauses (SCCs) |
| Sentry | EU servers, no transfer |
| TelemetryDeck | Germany, no transfer |
9. Your Rights
You have the following rights regarding your data:
9.1 Access (Article 15 GDPR)
You can request information about the data we process.
9.2 Rectification (Article 16 GDPR)
You can request correction of inaccurate data.
9.3 Erasure (Article 17 GDPR)
You can request deletion of your data ("right to be forgotten").
9.4 Restriction (Article 18 GDPR)
You can request restriction of processing.
9.5 Data Portability (Article 20 GDPR)
You can receive your data in a common format. SimpleDot offers an export function in settings: JSON (machine-readable) and text (human-readable).
9.6 Objection (Article 21 GDPR)
You can object to the processing of your data.
9.7 Withdrawal of Consent (Article 7(3) GDPR)
You can withdraw given consents at any time. The withdrawal applies to the future and does not affect the lawfulness of previous processing.
To exercise your rights: Contact us at support@simpledot.app.
10. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
Postfach 20 04 44
40102 Düsseldorf
https://www.ldi.nrw.de
A list of all German supervisory authorities can be found at:
https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html
11. No Automated Decision-Making
SimpleDot does not use automated decision-making or profiling within the meaning of Article 22 GDPR.
12. Changes to This Privacy Policy
For significant changes, we will inform you within the app. You can always find the current version in the app settings.
13. Users in the United Kingdom
This privacy policy also applies under the UK GDPR. If you are located in the United Kingdom and have concerns about how we handle your data, you may contact the UK Information Commissioner's Office (ICO) at ico.org.uk.
14. Children
SimpleDot is not directed at children under 16 years of age. We do not knowingly collect personal data from persons under 16. If we become aware that a person under 16 has provided us with personal data, we will delete it promptly.
15. Translation
This privacy policy is a translation of the German original. In case of discrepancies, the German version shall prevail.
16. Contact
For questions about data protection, contact us at: