Privacy Policy for the use of the Me App

(Version 1.0, October 2021)

The Me App ("Me" / "the App") is a product of the Me GbR (“We”/ “Us”). It offers you the opportunity to self-reflect on your life situation through journaling, tracking psychological metrics and completing self-reflection exercises. Additionally the self-reflection & personality development is fostered by psychoeducational learning content that is both provided by the Me GbR and third party content partners. The information that is gathered by that and by journaling is stored in your profile within the Me App.

The privacy and security of your data is of high importance to us, which is why your journaling data is stored exclusively on your smartphone and is not accessible to us or third parties.

All Data is collected, processed and stored in accordance with the General Data Protection Regulation 2016/679 released on april 27th 2016 (“GDPR”).

The processing of your data serves exclusively the purpose of journaling and self-reflection. The Me App does not provide medical or psychotherapeutic consultation. It does not replace the consultation of a trained clinician or professional psychotherapist. Since the Me GbR does not give medical advice within the scope of the Me App it is not bound to medical confidentiality.

Overview:

  1. Name and address of the data controller
  2. Local Data Processing
  3. Registration
  4. Login
  5. Feedback Surveys
  6. Backup of your data
  7. Your rights in relation to your data
  8. Right of complaint to a supervisory authority
  9. Other

Below you will find the essential information about the processing of your data in the Me App and your rights associated with it. Please read this privacy statement carefully, before giving your consent to it.

§ 1 Name and address of the data controller

This privacy statement applies to the processing of your personal data by the Me GbR as the responsible controller for this data processing. Our contact details are:

Me GbR

represented by the managing directors

Yannick Schmid and Max Stubbersfield
Mommsenstraße 5
12203 Berlin
email: knowyourself.meapp@gmail.com
phone: +49 176 55542611

§ 2 Local Data Processing

Your personal data, including the information that you enter into the Me App during journaling and completing self-reflection exercises, will be processed and stored encrypted and exclusively locally on your smartphone. It is not sent to a remote server.

This way your personal data can not be seen, analysed or shared by anyone except yourself or any other person that has access to your smartphone and holds your login credentials to the Me App. That is why you should make sure that your smartphone is not compromised in any way, including not providing root access to anyone (i.e. “jailbreaking”). Additionally you should not share your login credentials with anyone and store them at a secure location.

Entering any personal data into the app is voluntary and the legal basis for its data processing is your consent to our

  • Terms and Conditions
  • Privacy Policy
  • Consent to the Purpose & Limitations of the Me App

You can revoke those consents at any time with effect for the future in the "Settings" section of the app. Upon revocation or discontinuation of any of those consents, the right to use the Me App shall cease to exist. However, the legality of the storage of data based on your consent until revocation is not affected by this.

You alone decide how long your data will be stored within the Me App. All locally processed and stored data can be permanently deleted by uninstalling the Me App from your smartphone or by revoking any of the consents listed above.

The only exception to the locally processed private data are two data points that are required for providing you with your user account and the access to the Me App.

  • your email address
  • the operating system of your smartphone (Android or iOS)

The cases where these two data points are processed are described in the following paragraphs.

§ 3 Registration

Involved categories of personal data:

If you want to create a user account in the Me App we need to collect:

  • your email address
  • the operating system of your smartphone (Android or iOS)
Usage of your personal data:

The data you provide during the registration process is used to provide you with your user account.

The email address serves as your identifier for the Me App to perform certain tasks like completing your registration and billing.

Legal basis:

The legal basis for this data processing is the fulfillment of our contract with you for the use of the Me App.

The processing of your personal data during the registration process is obligatory for using the Me App. Any failure to supply the data required will block the finalization of the registration process and thus your ability to use the Me App.

We only request your personal data which is necessarily required to open your user account. Besides that, all personal data not necessarily to be stored on our servers will be solely stored on your smartphone.

Duration of storage:

Your data will be stored securely for the time that you are a user of the Me App and will be deleted when you request us to delete your data or to end your contract with the Me GbR.

Involved third parties:

The data processed during registration are processed on:

  • services of Google LLC. The data processing takes place within the European Union and in compliance with data protection regulations.

You can find the privacy statement of Google LLC under:

https://support.google.com/googlecloud/answer/6056694

§ 4 Login

Involved categories of personal data:

Each time you log in to the Me App, a request is sent to an external server of the Me GbR in which the following personal data points are contained:

  • IP address of your smartphone
Usage of your personal data:

The request is sent to ensure that your user account has the necessary permissions to use the Me app. Explicitly, the following circumstances are checked:

  • Do you have a version of the Me App that is allowed to be used at the time of your login attempt, or does the Me App need to be updated before it can be used.
Legal basis:

The legal basis for this data processing is the fulfillment of our contract with you for the use of the Me App.

The processing of your personal data during the login process is obligatory for using the Me App. Any failure to supply the data required will block the finalization of the login process and thus your ability to use the Me App.

We only request your personal data which is necessarily required to complete the login. Besides that, all personal data not necessarily to be stored on our servers will be solely stored on your smartphone.

Duration of storage:

During the login process, no data points are stored on servers of the Me GbR.

Involved third parties:

The data processed during login is processed by the following external processors:

  • We use services provided by Amazon Web Services EMEA SARL, ("AWS Europe"). The data processing takes place within the European Union and in compliance with the provisions of data protection law. However, we cannot guarantee that Amazon Web Services EMEA SARL, ("AWS Europe") will not store your IP address during this data processing.

    The privacy policy of Amazon Web Services EMEA SARL, ("AWS Europe") can be found at: https://aws.amazon.com/de/privacy/

§ 5 Feedback Surveys

Involved categories of personal data:

All feedback surveys are anonymised, so that your feedback can not be matched with an email address or user by us.

If you “Report a Bug”, we process two technical data points regarding your phone:

  • your phone’s manufacturer
  • your phone’s operating system including version number

This data is anonymised, so that it can not be matched with an email address or user by us.

Usage of your personal data:

We use the provided data to evaluate the technical circumstances of the reported bug.

Legal basis:

The legal basis for this data processing is the fulfillment of our contract with you for the use of the Me App.

Using a feedback form or the form to “Report a Bug” in particular happens voluntarily. Thus, all of your personal data processed in context using our feedback forms is based on your voluntary supply of such data.

We only process technical information about your phone that is required to provide you with technical support.

Duration of storage:

The anonymized inquiries remain stored for quality assurance and statistical purposes for 24 months and are then deleted.

Involved third parties:

The data processed during providing feedback are processed by:

  • services of Google LLC. The data processing takes place within the European Union and in compliance with data protection regulations. Although we can not guarantee that Google LLC stores your email address during the data processing.

§ 6 Backup of your data

Involved categories of personal data:

The Me App offers the functionality to backup the data that you enter into the app during journaling and completing self-reflection exercises. During this data processing a copy of your local database is created and encrypted. The app lets you export this encrypted backup to a third party data storage location of your choice. The encryption of the backup can only be decrypted with the “Recovery Key” that is unique to your user profile and provided to you in the “Settings” section of the Me App.

Usage of your personal data:

Since your data is processed and stored encrypted exclusively locally on your smartphone and is not sent to a remote server, your data can not be restored in the event of your smartphone being not functional or available to you anymore. Should you change your smartphone an exported and encrypted backup of your data enables you to transfer your data onto your new smartphone.

Legal basis:

The legal basis for this data processing is the fulfillment of our contract with you for the use of the Me App.

Duration of storage:

You alone decide how long the backup of your data will be stored in the third party data storage location of your choice. You can delete it at any time.

Involved third parties:

You alone select the third party data storage location to which you export the encrypted backup of your data. While your encrypted data is stored there, it can not be accessed by the provider of the data storage location without the “Recovery Key” that you should store at another safe location outside of the Me App.

§ 7 Your rights in relation to your data

Access and data portability:

You have the right to request a copy of all information that is collected, processed and stored about you by the Me GbR at any time. This also applies to the recipients or categories of recipients to whom this data is passed on as well as the purpose and duration of storage.

Correction and deletion:

You also have the right to demand deletion and/or correction of your personal data.

Objection to processing:

The legal basis for processing of personal data for the performance of tasks in the public interest or for the protection of legitimate interests in accordance with this clause are your consents to this “Privacy Policy” and the “Terms and Conditions”. You can withdraw your consents to the processing of your personal data at any time with effect for the future. In the event of your withdrawal of consent, all data processing that happens locally on your device is terminated immediately.

To terminate any further processing of your data for the above-mentioned purposes by the Me GbR and the recipients or categories of recipients to whom this data is passed on, a written notification to the address of the data controller is required. In this case we shall refrain from all data processing unless there are compelling reasons for further data processing that are worthy of protection and outweigh your interests, rights and freedoms, or the processing is necessary for the assertion, exercise or defense of legal claims.

The data processing may be objected to for reasons arising from the specific situation of the data subject.

Exercising your rights

To exercise these rights, please contact the data controller via written notification to the address mentioned above.

§ 8 Right of complaint to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a data protection authority. You may do so by contacting the data protection authority in your usual place of residence or at our headquarters. The address of the supervisory authority responsible for the Me GbR is:

Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstraße 219
10969 Berlin
Germany

§9 Other

In the event of any inconsistency or conflict between the English version and the German version of this Privacy Policy for the use of the Me App, the German version shall prevail.