← snackqee.com

Privacy Policy.

2026-07-02

CONTROLLER

Who's in charge of the data.

The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

maikITseb GbR / Project: snackqee
Prinzenstraße 3 · 44809 Bochum · Germany
TODO-OWNER

PROCESSING & BASES

Only what the app needs.

We only process personal data to the extent necessary to provide our app and our content and services.

Legal bases

  • Consent (Art. 6(1)(a) GDPR)
  • Performance of a contract (Art. 6(1)(b) GDPR)
  • Legal obligation (Art. 6(1)(c) GDPR)
  • Legitimate interest (Art. 6(1)(f) GDPR)
HOSTING

Servers & infrastructure.

Our app is operated through external service providers to ensure secure and reliable availability. All data remains within the European Union.

Supabase · Hosting & database · EU (Frankfurt) · Data processing agreement pursuant to Art. 28 GDPR

Netcup GmbH (VPS infrastructure)

Our web application (Next.js frontend snackqee.com, Expo web build app.snackqee.com and associated internal services) runs on a virtual private server (VPS). When you use snackqee, your data (including IP address, browser information and any data you submit) passes through this server infrastructure.

Netcup GmbH
Daimlerstraße 25 · 76185 Karlsruhe · Germany
VPS location: Nuremberg · EU

Data processing agreement pursuant to Art. 28 GDPR
Art. 6(1)(f) GDPR (legitimate interest: reliable EU infrastructure)

Further information: netcup.de/kontakt/datenschutzerklaerung.php

ANALYTICS

PostHog, when you allow it.

We use PostHog to understand how our app is used. This helps us improve features and identify issues more quickly. PostHog is not currently active — we'll only enable it once the cookie consent banner has been fully tested.

What is processed once active

  • Usage events (e.g. visited pages or features)
  • Technical device information (operating system, device type)
  • Truncated or anonymized IP address

No directly personal data such as name or email address is processed. Processing only takes place with your explicit consent. The provider is PostHog Inc. (USA); hosting takes place on the EU cloud (Frankfurt). Insofar as personal data is transferred to the USA, the transfer relies on the EU Standard Contractual Clauses (Art. 46 GDPR).

NEWSLETTER

Brevo, when you sign up.

For our waitlist and newsletter (double opt-in) as well as transactional emails, we use Brevo.

What is processed

  • Email address (required)
  • Timestamp and confirmation of sign-up (DOI token)
  • Delivery metadata (deliverability, bounce status)

Sendinblue SAS (Brevo) · EU · France · Art. 6(1)(a) GDPR · § 7(2)(3) UWG

BOT PROTECTION

Honeypot instead of a third party.

On our waitlist form, we use a so-called honeypot field as bot protection: a form field invisible to humans that only automated programs fill in. If it's filled in, we silently discard the request.

No data is shared with third parties in the process — the check runs entirely server-side in our own server action, with no external service provider, no tracking cookie, and no user profiling.

Legal basis: § 25(2)(2) TDDDG (technically necessary abuse prevention) and Art. 6(1)(f) GDPR (legitimate interest: protection from spam and abuse).

COOKIES

Cookies & similar technologies.

We use technologies such as cookies or local storage to store or access information on your device.

Legal basis: § 25 TDDDG and Art. 6 GDPR. Non-essential technologies are only used with your consent.

Cookies & storage in use

  • snackqee-consent · stores your cookie consent · up to 1 year · necessary
  • snackqee-theme · remembers your light/dark theme choice · up to 1 year · necessary
  • NEXT_LOCALE · remembers your language choice (DE/EN) · up to 1 year · necessary
  • sb-… (Supabase) · keeps your login session active, only when signed in to the app · session duration · necessary
  • PostHog (ph_… or local storage) · usage statistics, only with granted statistics consent, not currently active · up to 1 year · statistics
CONSENT

You decide. Logged.

Through our Consent Manager you decide which data may be processed.

  • Consents are logged (timestamp, selection, version)
  • Consents can be withdrawn or changed at any time
  • Changes apply for the future
MOBILE

iOS, Android & Web.

snackqee is built as a single app that runs on iOS, Android and in the browser (app.snackqee.com). The same principles of this policy apply across all platforms.

iOS

snackqee currently does not perform any cross-app tracking. Should we introduce this in the future, we will first obtain your consent via Apple's App Tracking Transparency (ATT) framework.

Android

Processing in the Android app is based on your consent via the Consent Manager.

RETENTION

Only as long as needed.

We retain personal data only as long as necessary for the respective purposes or as required by legal retention obligations. Concrete retention periods:

Account data (profile, settings)While the account exists
Training and progression data (mini-blocks, sets, ladders)While the account exists, unless deleted earlier
Newsletter/waitlist emailUntil unsubscription
Server access logs14 days
Customer support communications3 years
Tax and invoicing data10 years (§ 147 AO, German tax law)
Cookie consent recordsUp to 1 year

After expiry, data is permanently deleted or anonymized.

RIGHTS

Your GDPR rights.

You have the following rights regarding your personal data:

  • Art. 15 Access
  • Art. 16 Rectification
  • Art. 17 Erasure
  • Art. 18 Restriction
  • Art. 20 Portability
  • Art. 21 Objection

You can contact us at any time to exercise your rights.

Data export in practice

You can export all your personal data at any time through your account settings. The export includes:

  • Your profile information
  • Your training history (mini-blocks, sets)
  • Your streak and badge data
  • Your time-window settings

Should we discontinue snackqee, we will provide all users with notice in advance and a way to export their data before shutdown.

WITHDRAWAL

Revocable anytime.

Withdrawal of consent · Art. 7(3) GDPR

You can withdraw your consent at any time with effect for the future. Use the cookie settings above (§ 08).

Right to lodge a complaint · Art. 77 GDPR

You have the right to lodge a complaint with a data protection supervisory authority.

SECURITY

Technically & organizationally protected.

We implement technical and organizational measures to protect your data against loss, misuse, or unauthorized access.

CHANGES

When something changes.

We reserve the right to adapt this Privacy Policy to reflect changes in legal requirements or new features.

SIGN-IN

Sign-in via Google & Apple.

You can optionally sign in via Google (single sign-on) instead of email. If you choose this option, a connection to Google is established for authentication; the email address stored there and an identification token are transmitted to us in order to create your account or sign you in.

Sign-in via Apple is planned but not yet active. The providers are Google Ireland Ltd. and, in the future, Apple Inc. This may involve a transfer to third countries (in particular the USA); the providers rely on the EU Standard Contractual Clauses for this. Use is voluntary. You can sign in via email instead at any time.

Google Ireland Ltd. · (future) Apple Inc. · Email address, auth token (OAuth 2.0 / OpenID Connect) · Art. 6(1)(b) GDPR (sign-in / contract initiation)

AGE REQUIREMENT

16 and above.

snackqee is intended for users aged 16 and above (in line with Art. 8 GDPR). By registering, you confirm that you are at least 16 years old. No separate confirmation step is required. We do not knowingly process personal data of children under 16. Should we become aware that a user is below this age, we will delete the account and associated data without delay.