1. Controller
2. Data we process
- Registration: Email address, encrypted password
- OAuth login: Email, display name, avatar URL (from Google or Apple)
- App content: Pain journal, mood log, favorites, session stats – all voluntary
- Server logs: IP address, timestamp, requested URL – retained 7 days, then deleted automatically
raumklang_sid) is used.
3. Cookies
We use only one technically necessary session cookie (raumklang_sid)
required for login functionality. No tracking, analytics, or advertising cookies.
4. Mailgun (email delivery)
We use Mailgun (EU servers, Frankfurt) to send activation and password-reset emails. Your email address is used solely for this purpose.
Legal basis: Art. 6(1)(b) GDPR
5. Hosting
The app is hosted on servers in the European Union (EU servers, Frankfurt). No data is transferred to third countries.
6. Legal basis
- Contract performance (Art. 6(1)(b) GDPR): account data for app use
- Legitimate interest (Art. 6(1)(f) GDPR): server logs for security
- Consent (Art. 6(1)(a) GDPR): voluntary wellness data
7. Your rights (Art. 15–22 GDPR)
- Access – what data we hold about you
- Rectification – correction of inaccurate data
- Erasure – right to be forgotten
- Restriction – restriction of processing
- Portability – export your data (Art. 20 GDPR, available under Settings → Export data)
- Objection – objection to processing
Contact: stefan@ebenhoch.eu
8. Delete your account
You can delete your account at any time under Settings → Delete account. All data will be deleted immediately or within 30 days.
9. Right to lodge a complaint
You have the right to lodge a complaint with the Austrian Data Protection Authority:
10. Changes
This privacy policy may be updated. The current version is always available on this page. Last updated: April 2026.