Privacy Policy.
2026-07-02
Who's in charge of the data.
The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:
maikITseb GbR / Project: snackqee
Prinzenstraße 3 · 44809 Bochum · Germany
TODO-OWNER
Only what the app needs.
We only process personal data to the extent necessary to provide our app and our content and services.
Legal bases
- Consent (Art. 6(1)(a) GDPR)
- Performance of a contract (Art. 6(1)(b) GDPR)
- Legal obligation (Art. 6(1)(c) GDPR)
- Legitimate interest (Art. 6(1)(f) GDPR)
Servers & infrastructure.
Our app is operated through external service providers to ensure secure and reliable availability. All data remains within the European Union.
Supabase · Hosting & database · EU (Frankfurt) · Data processing agreement pursuant to Art. 28 GDPR
Netcup GmbH (VPS infrastructure)
Our web application (Next.js frontend snackqee.com, Expo web build app.snackqee.com and associated internal services) runs on a virtual private server (VPS). When you use snackqee, your data (including IP address, browser information and any data you submit) passes through this server infrastructure.
Netcup GmbH
Daimlerstraße 25 · 76185 Karlsruhe · Germany
VPS location: Nuremberg · EU
Data processing agreement pursuant to Art. 28 GDPR
Art. 6(1)(f) GDPR (legitimate interest: reliable EU infrastructure)
Further information: netcup.de/kontakt/datenschutzerklaerung.php
PostHog, when you allow it.
We use PostHog to understand how our app is used. This helps us improve features and identify issues more quickly. PostHog is not currently active — we'll only enable it once the cookie consent banner has been fully tested.
What is processed once active
- Usage events (e.g. visited pages or features)
- Technical device information (operating system, device type)
- Truncated or anonymized IP address
No directly personal data such as name or email address is processed. Processing only takes place with your explicit consent. The provider is PostHog Inc. (USA); hosting takes place on the EU cloud (Frankfurt). Insofar as personal data is transferred to the USA, the transfer relies on the EU Standard Contractual Clauses (Art. 46 GDPR).
Brevo, when you sign up.
For our waitlist and newsletter (double opt-in) as well as transactional emails, we use Brevo.
What is processed
- Email address (required)
- Timestamp and confirmation of sign-up (DOI token)
- Delivery metadata (deliverability, bounce status)
Sendinblue SAS (Brevo) · EU · France · Art. 6(1)(a) GDPR · § 7(2)(3) UWG
Honeypot instead of a third party.
On our waitlist form, we use a so-called honeypot field as bot protection: a form field invisible to humans that only automated programs fill in. If it's filled in, we silently discard the request.
No data is shared with third parties in the process — the check runs entirely server-side in our own server action, with no external service provider, no tracking cookie, and no user profiling.
Legal basis: § 25(2)(2) TDDDG (technically necessary abuse prevention) and Art. 6(1)(f) GDPR (legitimate interest: protection from spam and abuse).
Cookies & similar technologies.
We use technologies such as cookies or local storage to store or access information on your device.
Legal basis: § 25 TDDDG and Art. 6 GDPR. Non-essential technologies are only used with your consent.
Cookies & storage in use
- snackqee-consent · stores your cookie consent · up to 1 year · necessary
- snackqee-theme · remembers your light/dark theme choice · up to 1 year · necessary
- NEXT_LOCALE · remembers your language choice (DE/EN) · up to 1 year · necessary
- sb-… (Supabase) · keeps your login session active, only when signed in to the app · session duration · necessary
- PostHog (ph_… or local storage) · usage statistics, only with granted statistics consent, not currently active · up to 1 year · statistics
You decide. Logged.
Through our Consent Manager you decide which data may be processed.
- Consents are logged (timestamp, selection, version)
- Consents can be withdrawn or changed at any time
- Changes apply for the future
iOS, Android & Web.
snackqee is built as a single app that runs on iOS, Android and in the browser (app.snackqee.com). The same principles of this policy apply across all platforms.
iOS
snackqee currently does not perform any cross-app tracking. Should we introduce this in the future, we will first obtain your consent via Apple's App Tracking Transparency (ATT) framework.
Android
Processing in the Android app is based on your consent via the Consent Manager.
Only as long as needed.
We retain personal data only as long as necessary for the respective purposes or as required by legal retention obligations. Concrete retention periods:
After expiry, data is permanently deleted or anonymized.
Your GDPR rights.
You have the following rights regarding your personal data:
- Art. 15 Access
- Art. 16 Rectification
- Art. 17 Erasure
- Art. 18 Restriction
- Art. 20 Portability
- Art. 21 Objection
You can contact us at any time to exercise your rights.
Data export in practice
You can export all your personal data at any time through your account settings. The export includes:
- Your profile information
- Your training history (mini-blocks, sets)
- Your streak and badge data
- Your time-window settings
Should we discontinue snackqee, we will provide all users with notice in advance and a way to export their data before shutdown.
Revocable anytime.
Withdrawal of consent · Art. 7(3) GDPR
You can withdraw your consent at any time with effect for the future. Use the cookie settings above (§ 08).
Right to lodge a complaint · Art. 77 GDPR
You have the right to lodge a complaint with a data protection supervisory authority.
Technically & organizationally protected.
We implement technical and organizational measures to protect your data against loss, misuse, or unauthorized access.
When something changes.
We reserve the right to adapt this Privacy Policy to reflect changes in legal requirements or new features.
Sign-in via Google & Apple.
You can optionally sign in via Google (single sign-on) instead of email. If you choose this option, a connection to Google is established for authentication; the email address stored there and an identification token are transmitted to us in order to create your account or sign you in.
Sign-in via Apple is planned but not yet active. The providers are Google Ireland Ltd. and, in the future, Apple Inc. This may involve a transfer to third countries (in particular the USA); the providers rely on the EU Standard Contractual Clauses for this. Use is voluntary. You can sign in via email instead at any time.
Google Ireland Ltd. · (future) Apple Inc. · Email address, auth token (OAuth 2.0 / OpenID Connect) · Art. 6(1)(b) GDPR (sign-in / contract initiation)
16 and above.
snackqee is intended for users aged 16 and above (in line with Art. 8 GDPR). By registering, you confirm that you are at least 16 years old. No separate confirmation step is required. We do not knowingly process personal data of children under 16. Should we become aware that a user is below this age, we will delete the account and associated data without delay.