Privacy Policy

1. Data Controller

The data controller within the meaning of the GDPR is:

Christoph Klöppner
Benzstr. 3
37083 Göttingen
Germany
Email: hallo@yappidoo.de

For data protection inquiries: datenschutz{'@'}yappidoo.de

2. Hosting & Infrastructure

This website is hosted on servers of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. The .de domain is registered with United Domains AG, Gautinger Str. 10, 82319 Starnberg, Germany. Hetzner acts as a data processor pursuant to Art. 28 GDPR under a data processing agreement. Server location: Germany.

Web analytics with Matomo

We run Matomo Analytics exclusively on our own servers in Germany (matomo.yappidoo.de). No data is shared with third parties.

We only collect statistics after you consent via the banner. Until then we send no data to Matomo at all. With your consent we collect only the bare minimum we need to improve yappidoo.

Processed data (only after consent): truncated IP, anonymised device/browser properties, pages viewed, click paths, dwell time.

Legal basis: Art. 6(1)(a) GDPR and § 25(1) TTDSG (your explicit consent via the banner).

Retention: at most 6 months, after which raw data is automatically deleted.

You can withdraw your consent at any time via the “Analytics settings” link in the footer.

3. Personal Data Processed

In the course of using yappidoo, we process the following personal data:

• Registration data: email address, password (encrypted/hashed), language setting, consent timestamp
• Profile information: family nickname, postcode and city (for regional matching – no street or house number), optional profile photo
• Children's data: first name, date of birth, kindergarten/nursery name, availability, preferences – entered exclusively by the custodial parents
• Usage data: IP address (security and operations), login timestamp, audit log
• Push notifications: device token (only with explicit consent)
• Playdate messages: text content exchanged between the two participating families after a playdate has been confirmed (see section 10 for details and encryption)

Note on children's data: Data about children is processed solely on the initiative of custodial parents. The app is not directed at children. Special protection applies pursuant to Art. 8 GDPR.

4. Purpose and Legal Basis of Processing

We process your data for the following purposes and on the following legal bases:

• Provision of the service, account management, playdate coordination — Art. 6(1)(b) GDPR (contract performance)
• Storage of consents, push notifications — Art. 6(1)(a) GDPR (consent)
• Security, abuse prevention, audit logging — Art. 6(1)(f) GDPR (legitimate interest)
• Sending transactional emails (confirmation, password reset) — Art. 6(1)(b) GDPR (contract performance)
• Chat feature between confirmed playdate partners — Art. 6(1)(b) GDPR (contract performance)

5. Retention Periods

Your data is stored only for as long as necessary for the respective purpose:

• Account data and profile: until account deletion
• After account deletion: immediate deletion of all personal data
• Audit logs (GDPR compliance): 90 days
• IP addresses in server logs: max. 7 days
• Playdate messages: automatically deleted when the playdate is cancelled, expires or one of the participating families deletes their account – and at the latest after 100 messages per playdate (oldest message is removed automatically)

6. Disclosure to Third Parties

Your data is generally not passed on to third parties. The only exception is the hosting provider Hetzner Online GmbH, which acts as a data processor exclusively following our instructions. No data is shared with advertising networks, social networks or other commercial third parties.

7. Cookies and Local Storage

yappidoo uses only technically necessary cookies and local storage mechanisms. Specifically:

• Session token (cookie): to maintain your login session
• Language setting (localStorage): to save your preferred language
• No tracking, analytics or advertising cookies are used.

8. Your Rights (Art. 15–22 GDPR)

You have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR) – you can request a copy of your data at any time in the app under "Download my data".
• Right to rectification (Art. 16 GDPR) – you can correct inaccurate data at any time in the profile settings.
• Right to erasure (Art. 17 GDPR) – you can delete your account and all associated data at any time in the app under "Delete account".
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR) – JSON export of your data is available in the app.
• Right to object (Art. 21 GDPR) – you can object to processing based on legitimate interest by email.
• Right to withdraw consent (Art. 7(3) GDPR) – possible at any time with effect for the future.

To exercise your rights, please contact: datenschutz@yappidoo.de

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data. The competent supervisory authority for Lower Saxony is:

Die Landesbeauftragte für den Datenschutz Niedersachsen (State Commissioner for Data Protection Lower Saxony)
Prinzenstraße 5, 30159 Hannover, Germany
www.lfd.niedersachsen.de

10. Messages Between Families (Chat Feature)

After both sides have confirmed a playdate, the two participating families (Family A and Family B) can exchange text messages directly within the app. The following rules apply:

• Scope and behaviour: Up to 100 messages with a maximum of 500 characters each can be exchanged per playdate. Once the limit is reached, sending a new message automatically deletes the oldest one (FIFO). Messages are intended solely for the other family participating in the confirmed playdate; they are not shared with any other users or third parties.
• Legal basis: Processing is based on Art. 6(1)(b) GDPR (contract performance) and serves exclusively the direct coordination between the two participating families (e.g. meeting point, time, short-notice adjustments).
• Encryption at rest: All message contents are symmetrically encrypted before being stored, using the authenticated XSalsa20-Poly1305 scheme (libsodium / secretbox). Each message is assigned its own random nonce; the encryption key is derived from our application secret (APP_SECRET). As a result, message contents are unreadable in database backups or in the event of a pure database breach without knowledge of the application secret.
• Not end-to-end – operator access: This is explicitly NOT end-to-end encryption. Because the decryption key is held on our application servers, technically privileged operator staff (administrators with shell access to the application environment) can in principle decrypt and read messages. Such access only takes place in justified exceptional cases, in particular: (a) to comply with legal obligations, e.g. on the basis of a court or official order (Art. 6(1)(c) GDPR); (b) to prevent or investigate abuse, harassment or criminal acts within the app (Art. 6(1)(f) GDPR, overriding legitimate interest); (c) for technical error diagnosis with the prior explicit consent of the families concerned.
• Automatic deletion: Messages are automatically and irrevocably deleted as soon as the playdate is cancelled, cancelled by an administrator or marked as expired after its date. In addition, messages are deleted if one of the participating families deletes their account or if the underlying playdate itself is removed for technical reasons (cascade deletion).
• Notifications about new messages: A new message creates an in-app notification for the recipient. That notification only stores the meta information that a new message exists for a specific playdate (including the sending family's nickname); the actual message text is never mirrored into the notification table.
• Access and data export (Art. 15 and Art. 20 GDPR): As long as messages still exist, they are included in the data export ("Download my data") in plaintext – both messages you sent and messages the other family sent to you. Once messages have been deleted automatically (playdate cancelled, expired or account deletion), they can no longer be provided.

Note on your own responsibility: Please do not send particularly sensitive personal data within the meaning of Art. 9 GDPR (e.g. health data, religious or political beliefs) via the chat feature. Responsibility for the content and lawfulness of messages sent lies with the sending family.

11. Updates to this Policy

We reserve the right to update this privacy policy as necessary to reflect changes in the law or changes to our service. The current version is always available at /legal/datenschutz.