Privacy Policy
Gemeinsam Urlaub App
Effective Date: October 2025
1. Controller
Responsible for data processing:
2. Collected Data
2.1 Account Data
During registration, we collect:
- Email address
- Name (optional)
- Authentication credentials (depending on login method: Apple Sign-In, Google, Email/Password)
2.2 Usage Data
- Availability data: Your entered available time periods for vacations
- Group data: Group names, memberships, invitations
- Calendar data (optional): If you use calendar import, only time spans (start/end dates) are stored – NO event titles or details
- School holidays & public holidays: Your selected state/region for displaying relevant holiday dates
2.3 Technical Data
- Device push tokens (for notifications)
- App usage statistics (Firebase Analytics)
- Error reports (in case of app crashes)
3. Purpose of Data Processing
3.1 Main Function
The app serves to find shared vacation windows for groups. Your entered availability is matched with other group members to calculate optimal overlaps.
3.2 Additional Purposes
- Authentication: Secure login and access control
- Group coordination: Invitation system, member management
- Push notifications: Information about new availability or changes in your group
- Analytics: Improvement of app functionality and user experience
4. Legal Basis (GDPR)
- Art. 6 para. 1 lit. b GDPR: Contract fulfillment (provision of app features)
- Art. 6 para. 1 lit. a GDPR: Consent (e.g., optional calendar import, push notifications)
- Art. 6 para. 1 lit. f GDPR: Legitimate interest (error analysis, security)
5. Data Sharing & Third Parties
5.1 Firebase (Google Cloud Platform)
The app uses Firebase services for data storage and processing:
- Firebase Authentication: User authentication
- Cloud Firestore: Database (EU region)
- Firebase Storage: File storage (e.g., group images)
- Firebase Cloud Messaging: Push notifications
- Firebase Analytics: Anonymous usage statistics
Firebase Privacy Policy: https://firebase.google.com/support/privacy
5.2 Apple & Google (App Stores)
When downloading via App Store/Play Store, Apple's and Google's privacy policies apply.
5.3 No Third-Party Sharing
Your data will NOT be sold to third parties or used for advertising purposes.
6. Data Storage & Deletion
6.1 Retention Period
- Account data: Until account deletion
- Group data: Until the group is left/deleted by all members
- Analytics data: 14 months (Firebase default)
6.2 Account Deletion
You can delete your account at any time in the app settings. All your personal data will be irrevocably removed.
7. Your Rights (GDPR)
You have the following rights:
- Access (Art. 15 GDPR): Information about stored data
- Rectification (Art. 16 GDPR): Correction of incorrect data
- Erasure (Art. 17 GDPR): Deletion of your data ("Right to be forgotten")
- Data portability (Art. 20 GDPR): Export your data in machine-readable format
- Objection (Art. 21 GDPR): Object to data processing
- Withdraw consent: Given consents can be withdrawn at any time
To exercise your rights, contact: bo.niehaus@gmail.com
8. Data Security
- Encryption: HTTPS/TLS for data transmission
- Access control: Firestore Security Rules restrict access to own groups
- EU hosting: Data stored in EU data centers (europe-west3)
9. Children
The app is intended for persons aged 16 and older. Users under 16 require parental consent.
10. Changes
We reserve the right to update this privacy policy as needed. Significant changes will be announced in the app.
11. Right to Complain
You have the right to lodge a complaint with a data protection supervisory authority:
Federal Commissioner for Data Protection and Freedom of Information (BfDI)
Graurheindorfer Str. 153, 53117 Bonn, Germany
Web: www.bfdi.bund.de
Last Updated: October 2025