Privacy Policy for the Homzie App

Last updated: January 2025

1. Data Controller and Contact

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws as well as other data protection provisions is:

Christopher Arm
Rennbaumer Straße 44
42349 Wuppertal
Germany

Email: info@homzie.app
Phone: +49 162 4234924

For data protection inquiries, please contact us at: privacy@homzie.app

2. General Information on Data Processing

2.1 Scope of Processing of Personal Data

We process personal data of our users only to the extent necessary to provide a functional app and our content and services. The processing of personal data regularly takes place only with the user's consent or when processing is permitted by law.

2.2 Legal Basis for Processing

Where we obtain consent for processing operations involving personal data, Art. 6(1)(a) GDPR serves as the legal basis.

For the processing of personal data necessary to perform a contract with the user, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary to carry out pre-contractual measures.

Where processing of personal data is necessary to comply with a legal obligation, Art. 6(1)(c) GDPR serves as the legal basis.

Where processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override such interest, Art. 6(1)(f) GDPR serves as the legal basis for processing.

2.3 Data Deletion and Storage Duration

The personal data of the user will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also occur if provided for by European or national legislators in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires.

3. Registration and User Account

3.1 Description and Scope of Data Processing

Our app offers users the option to register by providing personal data. Registration is mandatory for using the app.

The following data is collected during registration:

Email address
Name/Display name
Profile picture (optional)
Timezone (automatically detected)
Language setting

3.2 Sign-in via Third-Party Providers

We offer the option to sign in via the following services:

a) Google Sign-In
When signing in via Google, the following data is transmitted from Google:

Email address
Display name
Profile picture URL
Google user ID

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy Policy: https://policies.google.com/privacy

b) Apple Sign-In
When signing in via Apple, the following data is transmitted:

Email address (may be anonymized by Apple)
Full name (on first sign-in)
Apple user ID

Provider: Apple Inc., One Apple Park Way, Cupertino, California, USA
Privacy Policy: https://www.apple.com/legal/privacy/

3.3 Legal Basis

The processing of data serves the fulfillment of the usage contract (Art. 6(1)(b) GDPR).

3.4 Storage Duration

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For data collected during the registration process, this is the case when the registration in our app is canceled or modified.

4. Firebase Services

We use various services of the Firebase platform by Google. Firebase is a development platform for mobile applications.

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Google acts as a data processor within the meaning of the GDPR. A corresponding data processing agreement (Data Processing Addendum) is in place.

Google is a certified participant in the EU-US Data Privacy Framework. This ensures an adequate level of data protection for data transfers to the USA. Additionally, EU Standard Contractual Clauses are used.

Privacy Policy: https://firebase.google.com/support/privacy
EU-US Data Privacy Framework: https://www.dataprivacyframework.gov/

4.1 Firebase Authentication

We use Firebase Authentication to manage user login and authentication.

Data processed:

Email address
Password (stored encrypted)
Authentication tokens
IP address
Device information
Login timestamps

Legal basis: Art. 6(1)(b) GDPR (contract performance)

4.2 Cloud Firestore

We use Cloud Firestore as a database for storing user data and app content.

Categories of stored data:

User profiles (name, email, profile picture URL, language setting, timezone)
Household information (name, member IDs, invitations)
Tasks (title, description, due dates, assignments)
Shopping lists and shopping items
Meal planning (title, dates, participants)
Calendar entries (title, date, time, location, participants)
Recipes (title, ingredients, instructions, images)

Storage location: EU data centers (europe-west3, Frankfurt)

Legal basis: Art. 6(1)(b) GDPR (contract performance)

4.3 Firebase Storage

We use Firebase Storage for storing media files.

Stored data:

Profile pictures
Recipe images
Images uploaded by users

Legal basis: Art. 6(1)(b) GDPR (contract performance)

4.4 Firebase Cloud Messaging (Push Notifications)

We use Firebase Cloud Messaging to send push notifications.

Data processed:

FCM token (device identifier for push service)
Message content
Timestamps

Types of notifications:

Meal invitations and reminders
Task reminders
Calendar reminders
Household-related messages

The use of push notifications is optional. You can revoke permission in the app settings or device settings at any time.

Legal basis: Art. 6(1)(a) GDPR (consent)

4.5 Firebase Cloud Functions

We use Cloud Functions for server-side logic processing.

Data processed:

Data required for the respective function
Technical log data

Storage location: europe-west3 (Frankfurt)

Legal basis: Art. 6(1)(b) GDPR (contract performance)

4.6 Firebase Analytics

We use Firebase Analytics to analyze app usage.

Data collected:

App instance ID
Number of users and sessions
Session duration
Operating system and version
Device model
Region/Country
App version
App events (e.g., open, close, feature usage)

Legal basis: Art. 6(1)(a) GDPR (consent)

You can object to analysis. See Section 12 "Your Rights".

5. Analytics and Tracking Services

5.1 PostHog

We use PostHog to analyze user behavior and improve our app.

Provider: PostHog, Inc.
Server location: EU (eu.posthog.com)

Data processed:

User ID (pseudonymized)
Device and browser information
Operating system
App version
Screen resolution
Interactions within the app (clicks, page views)
Events and feature usage
Error messages and crash reports

Purpose of processing:

Analysis of usage behavior
Improvement of app functionality
Error detection and resolution
A/B testing of features

Legal basis: Art. 6(1)(a) GDPR (consent)

5.2 Facebook App Events

We use Facebook App Events for analytics and advertising purposes.

Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Data processed:

App events
Device ID (Advertising ID)
Device information
IP address

Purpose: Analysis of app performance, measurement of advertising campaigns, optimization of audience targeting

You can disable tracking via App Tracking Transparency (iOS) or in device settings (Android).

Legal basis: Art. 6(1)(a) GDPR (consent)

6. Location Data

6.1 Collection of Location Data

With your consent, our app can access your device's location services.

Data processed:

GPS coordinates (latitude, longitude)
Timestamps

Purpose:

Display of locations for calendar entries
Location suggestions for event creation

Location collection only occurs with your explicit consent and can be revoked at any time in device settings.

Legal basis: Art. 6(1)(a) GDPR (consent)

6.2 Google Places API

For location search and autocomplete, we use the Google Places API.

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data processed:

Search queries (place names, addresses)
Language setting

Data transmitted to Google is used to improve services.

Legal basis: Art. 6(1)(b) GDPR (contract performance)

7. Artificial Intelligence (AI)

7.1 Google Vertex AI / Gemini

We use Google Vertex AI with the Gemini model to extract recipe data from URLs.

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data processed:

URL of the recipe website
HTML content of the website (maximum 30,000 characters)

Purpose: Automatic extraction of recipe information (title, ingredients, preparation steps)

No personal user data is transmitted to the AI service. Processing is limited to technical content only.

Legal basis: Art. 6(1)(b) GDPR (contract performance)

8. External Databases and APIs

8.1 OpenFoodFacts

For product information, we use the OpenFoodFacts database.

Provider: Open Food Facts (Non-profit organization), France
Website: https://world.openfoodfacts.org

Data processed:

Product search queries
Barcodes/product codes

Purpose: Retrieval of product information (name, nutritional values, allergens, images)

OpenFoodFacts is an open, community database. Queries are made anonymously.

Legal basis: Art. 6(1)(b) GDPR (contract performance)

9. In-App Purchases and Subscriptions

9.1 RevenueCat

For managing in-app purchases and subscriptions, we use RevenueCat.

Provider: RevenueCat, Inc., 633 Folsom St, San Francisco, CA 94107, USA

Data processed:

App user ID
Purchase history
Subscription status
Subscription expiration dates
Product identifiers

Purpose: Management and provision of premium features, synchronization of subscriptions across devices

RevenueCat acts as a data processor. A Data Processing Agreement is in place.

Legal basis: Art. 6(1)(b) GDPR (contract performance)

9.2 Superwall

For displaying paywalls, we use Superwall.

Provider: Superwall, Inc., USA

Data processed:

User ID (pseudonymized)
Subscription status
Interaction with paywalls

Purpose: Personalized display of purchase options

Legal basis: Art. 6(1)(b) GDPR (contract performance)

9.3 Payment Processing

Actual payment processing is handled exclusively by the respective app store (Apple App Store / Google Play Store). We have no access to your payment data (credit cards, bank details, etc.).

10. Device Permissions

Our app may use the following device features:

10.1 Camera and Photo Library

Purpose: Taking and selecting profile pictures and recipe photos
Legal basis: Art. 6(1)(a) GDPR (consent)

10.2 Push Notifications

Purpose: Sending reminders and messages
Legal basis: Art. 6(1)(a) GDPR (consent)

10.3 Location

Purpose: Location suggestions for calendar entries
Legal basis: Art. 6(1)(a) GDPR (consent)

All permissions can be revoked at any time in device settings.

11. App Tracking Transparency (iOS)

On iOS devices, we ask for permission under Apple's App Tracking Transparency (ATT) framework before using your data for cross-device tracking.

You can refuse this consent or change it later in iOS Settings under: Settings > Privacy & Security > Tracking

12. Your Rights

You have the following rights regarding your personal data:

12.1 Right to Access (Art. 15 GDPR)

You have the right to request information about your personal data stored by us.

12.2 Right to Rectification (Art. 16 GDPR)

You have the right to have inaccurate personal data corrected.

12.3 Right to Erasure (Art. 17 GDPR)

You have the right to request the deletion of your personal data, provided no legal retention obligations exist.

You can delete your account and data directly in the app under Settings > Account.

12.4 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of processing of your personal data.

12.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

12.6 Right to Object (Art. 21 GDPR)

You have the right to object at any time to the processing of your personal data for reasons arising from your particular situation.

12.7 Right to Withdraw Consent (Art. 7(3) GDPR)

You have the right to withdraw consent given at any time with effect for the future.

12.8 Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)

You have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data.

A list of all supervisory authorities can be found at:
https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

13. Data Security

Within the app usage, we use the common TLS (Transport Layer Security) procedure in combination with the highest encryption level. All data is transmitted in encrypted form.

Personal data is stored exclusively on servers with high security standards.

14. Transfers to Third Countries

Some of the third-party providers we use are based in the USA:

Google (Firebase, Google Sign-In, Google Places, Vertex AI)
Apple (Apple Sign-In)
RevenueCat
Superwall
Meta (Facebook App Events)
PostHog (EU servers, company in USA)

The following safeguards are in place for data transfers to the USA:

1. EU-US Data Privacy Framework
Google and Meta are certified participants in the EU-US Data Privacy Framework, which ensures an adequate level of data protection.

2. EU Standard Contractual Clauses
Contracts based on EU Standard Contractual Clauses (Art. 46(2)(c) GDPR) are in place with all providers.

3. Supplementary Protective Measures
Additional technical and organizational measures protect your data.

15. Local Data Storage

The app stores certain data locally on your device:

Settings and preferences
Offline copies of your data (for use without internet connection)
Cached images

This data will be removed from your device when you delete the app.

16. Changes to This Privacy Policy

We reserve the right to update this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services. The new privacy policy will apply to your subsequent visits.

17. Contact

If you have questions about the collection, processing, or use of your personal data, for information, correction, blocking, or deletion of data, or to withdraw consent, please contact:

Christopher Arm
Rennbaumer Straße 44
42349 Wuppertal
Germany

Email: info@homzie.app