Privacy Policy

To ensure clarity, we use the following terms in this Privacy Policy:

• Personal Data: Any information relating to an identified or identifiable natural person, as defined by the GDPR and revDSG. This includes, for example, names, email addresses, or technical identifiers like IP addresses.
• Processing: Any operation performed on Personal Data, such as collection, storage, use, or deletion.
• Anonymized Data: Data that has been processed in such a way that it can no longer be attributed to a specific individual without the use of additional information, which is kept separately and subject to technical and organizational measures to ensure non-attribution.
• Pseudonymized Data: Data that can no longer be attributed to a specific individual without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
• Data Controller: The natural or legal person who determines the purposes and means of the processing of Personal Data. For our services, this is Sven Korset (indie-Software), as detailed in Section 1.

These definitions are based on the GDPR and revDSG and apply throughout this policy.

We process your data based on the following legal foundations:

• Contractual Necessity (Art. 6(1)(b) GDPR): For providing and maintaining the core functionality of our Services (e.g., app provisioning, syncing via iCloud, content delivery).
• Your Consent (Art. 6(1)(a) GDPR): For voluntary actions, such as submitting support logs for error diagnosis.
• Legitimate Interests (Art. 6(1)(f) GDPR): For purposes including technical security, anonymized analytics, and abuse prevention, where our interests are balanced against your data protection rights.

For users in Switzerland, all data processing is conducted in accordance with the principles of the revised Federal Data Protection Act (revDSG), including lawfulness, proportionality, and purpose limitation.

We only process:

• Anonymized technical data (from Apple's analytics services)
• Emails you send us
• Optional support logs you share

Always remains private on your device/iCloud:

• Calendar events, workouts, todos
• Your contacts and personal content
• Any data you create in the apps

Important: While our apps may download content from our servers (e.g., music files), we never upload your personal data to our servers. Your personal content remains on your device or within Apple's encrypted iCloud ecosystem.

We do not use automated decision-making (including profiling) within the meaning of Art. 22 GDPR that produces legal effects concerning you or similarly significantly affects you. All data processing is either necessary for providing our services, based on your consent, or serves legitimate interests as described above.

4.1.1 Hosting (Infomaniak Network AG, Switzerland)

When you visit our website, our hoster processes pseudonymized connection data (e.g., IP address, anonymized after 7 days) for technical operation and security. Data is retained for a maximum of 12 months.

Privacy Policy: https://www.infomaniak.com/en/legal/privacy-policy

4.1.2 Contact Inquiries

If you contact us via email or a form, we process your name, email address, and message content solely to handle your request. This data is deleted immediately after the matter is resolved, and no later than 30 days after the conversation concludes, unless longer retention is required by statutory retention obligations (e.g., commercial or tax law requirements).

4.1.3 No Cookies or Tracking

We do not use cookies or any tracking technologies on our website. The only data collected is the pseudonymized connection data described in Section 4.1.1.

The use of Apple's services and In-App Purchases is subject to their terms. We have no access to your payment information.

Apple's overarching policies:

• Privacy Policy: https://www.apple.com/legal/privacy/
• Apple Media Services Terms: https://www.apple.com/legal/internet-services/itunes/dev/stdeula/

4.2.1 iCloud Sync

• Purpose: Syncing your app data (e.g., Cali todos, WoHiT workouts) across your devices.
• Processing: Data is synced using Apple's end-to-end encrypted iCloud service. We cannot access this data.
• Deletion: You manage and delete this data directly in your iCloud settings. Data remains in iCloud after app deletion and must be manually removed there.
• How to Prevent Processing: You can disable iCloud sync for the specific app in iOS Settings > [Your Name] > iCloud. Data is exclusively subject to Apple's privacy terms.
• Support: For iCloud-related support, please contact Apple directly.

4.2.2 Text-to-Speech (Apple AVSpeechSynthesizer)

• Purpose: Generating voice guidance (e.g., to speak out exercises in WoHiT).
• Processing: Uses Apple's AVSpeechSynthesizer. Processing occurs locally on your device; no data is sent to servers.
• How to Prevent Processing: Can be disabled in the respective app's settings.

4.2.3 Calendar (EventKit)

• Purpose: For displaying, creating, and managing calendar events.
• Processing: Data is read and written directly to your iOS calendars via Apple's EventKit framework. Data is managed exclusively by your iOS operating system and is not processed by our servers.
• Note for Cali: Access to your calendars is essential for the core functionality of the Cali app. Without it, the App cannot display or manage your events.
• How to Prevent Processing: You can manage or revoke the app's access to Calendars at any time in iOS Settings > Privacy & Security > Calendars.

4.2.4 Contacts (Contacts Framework)

• Purpose: To accurately display birthday information associated with your contacts.
• Processing: Contact names and birthdays are read from your iOS address book via Apple's Contacts framework. This data is read-only, used solely for display purposes within the App, and is not stored, processed, or transmitted by our servers.
• Note for Cali: Access to your contacts is optional and not required for the core functionality of the Apps. The App remains fully usable without contact access, though birthday information will not always be displayed correctly.
• How to Prevent Processing: You can manage or revoke the app's access to Contacts at any time in iOS Settings > Privacy & Security > Contacts.

This section covers data related to the technical performance and usage of all our apps. The data described below is provided to us by Apple through their developer services (App Store Connect and Crash Reporting). All data is aggregated or anonymized and cannot be linked to a specific user.

• Crash Reports: We collect pseudonymized technical data (app version, iOS version, device type, stack trace) provided by Apple in anonymized or aggregated form to identify and fix errors. This data is retained for 90 days. You can disable the sharing of crash reports with developers in your iOS settings.
• App Store Connect Analytics: We receive aggregated, anonymized usage statistics (install numbers, session duration) from Apple. This data is retained for 2 years. You can disable the sharing of analytics data with developers in your iOS settings.
• Voluntary Support Logs: If you voluntarily send us logs for troubleshooting, they may contain technical data or copies of user-created content. We delete these logs no later than 30 days after resolution.

We engage the following trusted service providers (Data Processors) who process data on our behalf under appropriate data protection agreements:

• Infomaniak Network AG (Switzerland): Our hosting provider, processing pseudonymized website data exclusively within Switzerland under a contract compliant with Swiss and EU data protection law.
• Apple Inc.: Provides platform services including App Store Connect analytics and crash reporting. Where Apple acts on our behalf, their Data Processing Addendum applies, incorporating Standard Contractual Clauses for international transfers to third countries such as the United States.

Regarding International Transfers: Our own processing and that of Infomaniak takes place exclusively in Switzerland. Apple services (analytics, crash reports, App Store, iCloud) may involve transfers to the USA or other third countries. Since July 2023, Apple Inc. is certified under the EU-US Data Privacy Framework (DPF), which the EU Commission and the Swiss FDPIC recognize as providing an adequate level of protection. Additionally, Standard Contractual Clauses (SCC) approved by the EU Commission and Switzerland are in place. You can prevent transfers related to analytics and crash reports at any time by disabling the options mentioned in section 4.3 in your iOS settings.

For Apple's detailed international data practices, see their Privacy Policy: https://www.apple.com/legal/privacy/