Privacy Policy for the Mein Retter App (iOS/Android)

This privacy policy applies to the mobile applications “Mein Retter” for iOS and Android.
Information on the processing of data for the web shop (physical goods) is provided separately on our website.

1. Controller and Contact

Controller:
Mein Retter GmbH
Kirschenweg 13
86916 Kaufering
Germany

Email: info@meinretter.com
Phone: +49 171 4136130

Data Protection Officer:
Not appointed (not required by law at this time; if required in the future, the DPO will be named here).

2. Overview: What Data Do We Process in the App?

We process the following categories of personal data:

Account Data

Name
Email address
Password (hashed)
Optional: phone number (e.g., for emergency contacts or 2FA)

Usage & Course Data

Purchased courses/subscriptions
Activations
Course progress
Test & quiz results
Issued certificates (name, date, course, ID)

Emergency Assistant Data (Text & Speech)

Inputs you provide via text or speech to receive emergency guidance
Primarily processed temporarily for generating instructions
May include health-related information (special category data)

Emergency Contacts (Optional)

Name and phone number of saved emergency contacts
Processed only if you actively add them

Location Data (Optional)

Used only with your explicit consent
Supports emergency features or regional guidance

System & Device Data

Device type and operating system
App version
Crash logs and technical metadata

Push Token

Necessary for sending push notifications

Payment & Subscription Status

Status of subscriptions purchased via Apple/Google (active/expired)
No complete payment data is transmitted to us

Support/Feedback Data

Content of your inquiries via support channels

Marketing/Analytics (Optional)

Only processed with explicit consent
Event data for usage analytics
Advertising IDs (only if permitted)

3. Purposes and Legal Bases of Processing

Provision of the App & User Accounts

Legal basis:

Art. 6(1)(b) GDPR (contract)
Art. 6(1)(f) GDPR (security, IT operations)

Emergency Assistant (Text and Speech)

Legal bases:

Art. 6(1)(b) GDPR (feature usage)
Art. 9(2)(a) GDPR (explicit consent when health data is involved)

Speech-to-Text Processing

Legal basis:

Art. 6(1)(a) GDPR (microphone/speech processing)

Push Notifications

Legal basis:

Art. 6(1)(a) GDPR (consent)

Location Services (Optional)

Legal basis:

Art. 6(1)(a) GDPR (consent)

Emergency Contacts (Optional)

Legal basis:

Art. 6(1)(a) GDPR
Users must ensure the consent of the emergency contact.

In-App Purchases & Subscriptions

Legal basis:

Art. 6(1)(b) GDPR (contract)
Payment processing is carried out by Apple/Google.

Analytics & Marketing (Optional)

Legal basis:

Art. 6(1)(a) GDPR (consent)

Security & Error Analysis

Legal basis:

Art. 6(1)(f) GDPR (legitimate interest in secure operation)

4. End Device Accesses and Consents

We only access device functions if required and only after your explicit consent:

Microphone (speech processing)
Notifications (push)
Location (emergency functions)
Contacts (for emergency contacts)
Camera/media (only for future features, separate consent)

You can revoke each consent at any time via the system settings or in-app settings.

5. Service Providers and Recipients

We use selected processors and third-party services:

Amazon Web Services (AWS) – Hosting

Region: primarily EU
Data: backend info, API hosting, temporary logs
Legal basis: Art. 28 GDPR (processor)

MongoDB Atlas – Database

Region: EU
Data: user data, course progress, minimal metadata
Security: encrypted storage

OpenAI – Processing Emergency Assistant Text Inputs

Purpose: generating responses
Data: text input and metadata; no unnecessary identifiers
Possible third-country transfer: protected by SCCs and safeguards
Legal basis: Art. 6(1)(b) or (a) GDPR; Art. 9(2)(a) GDPR for health data

Microsoft Azure – Speech-to-Text (if available)

Region: EU preferred
Data: audio streams, technical metadata
Legal basis: Art. 6(1)(a) GDPR (microphone/speech)

Firebase (Google) – Crash & Push

Push Token, technical crash data
Legal basis: Art. 6(1)(a) GDPR (analytics only with consent)

App Stores (Apple/Google)

Manage in-app purchases and subscriptions
Legal basis: Art. 6(1)(b) GDPR

Additional Recipients (if required)

Support providers
Authorities, if legally obliged

6. Storage Durations

Account Data: until deletion of the account
Certificates: up to 3 years
Emergency Assistant Inputs: temporary, no long-term storage
Push Token: until revoked or app is uninstalled
Crash Logs: 7–90 days
Consent Logs: up to 3 years

7. Your Rights

You may exercise the following rights:

Access
Rectification
Erasure
Restriction
Data portability
Objection
Withdrawal of consent

You can contact us at: info@meinretter.com

You may lodge a complaint with:
Bavarian State Office for Data Protection Supervision (BayLDA)

8. Protection of Minors

The app is intended for adults and general users.
Children should only use the app under parental supervision.

9. Security Measures

We implement:

Encryption (in transit & at rest)
Backups
Access controls
Data minimization
Log monitoring

10. International Data Transfers

Where third-country transfers (e.g., USA) occur, they are protected via:

Standard Contractual Clauses (SCCs)
Additional safeguards (e.g., pseudonymization, encryption)

11. App-Specific Permissions and How to Control Them

Microphone – speech functions
Notifications – reminders, updates
Location – emergency features
Contacts – optional emergency contacts
Camera/Media – only if future features require it

Permissions can be revoked in the system settings.

12. Analytics and Marketing in the App

Deactivated by default
Activated only with explicit consent
Data is pseudonymized
No advertising tracking without permission

13. Particularities of the Emergency Assistant

The AI-based assistant:

does not replace medical or veterinary treatment
provides situational guidance only
stores inputs only temporarily
requires explicit consent if health information is used
must not be relied on in life-threatening emergencies (call 112)

14. Joint Responsibility with App Stores

For processing related to:

downloads
installation
updates
subscription handling

Apple and Google are independent controllers.

15. Changes to This Privacy Policy

We update this policy as needed due to:

legal changes
functional changes
service provider changes

The current version is always available in the app.

PRIVACY POLICY FOR THE “MEIN RETTER” APP (EN)

Privacy Policy for the Mein Retter App (iOS/Android)

1. Controller and Contact

2. Overview: What Data Do We Process in the App?

Account Data

Usage & Course Data

Emergency Assistant Data (Text & Speech)

Emergency Contacts (Optional)

Location Data (Optional)

System & Device Data

Push Token

Payment & Subscription Status

Support/Feedback Data

Marketing/Analytics (Optional)

3. Purposes and Legal Bases of Processing

Provision of the App & User Accounts

Emergency Assistant (Text and Speech)

Speech-to-Text Processing

Push Notifications

Location Services (Optional)

Emergency Contacts (Optional)

In-App Purchases & Subscriptions

Analytics & Marketing (Optional)

Security & Error Analysis

4. End Device Accesses and Consents

5. Service Providers and Recipients

Amazon Web Services (AWS) – Hosting

MongoDB Atlas – Database

OpenAI – Processing Emergency Assistant Text Inputs

Microsoft Azure – Speech-to-Text (if available)

Firebase (Google) – Crash & Push

App Stores (Apple/Google)

Additional Recipients (if required)

6. Storage Durations

7. Your Rights

8. Protection of Minors

9. Security Measures

10. International Data Transfers

11. App-Specific Permissions and How to Control Them

12. Analytics and Marketing in the App

13. Particularities of the Emergency Assistant

14. Joint Responsibility with App Stores

15. Changes to This Privacy Policy