Privacy Policy

1. Who is responsible (Controller)

The controller for the personal data described below, in the sense of Art. 4(7) GDPR, is:

Aiko Radlingmayr
Oberndorf 12
4623 Gunskirchen
Austria
Email: aiko@spitzbub.app

We have not appointed a Data Protection Officer; for the limited processing described here, GDPR does not require one.

2. What data is processed, why, and on what legal basis

2.1 Stored only on your device

The following data is created and kept locally on your phone. It is encrypted at rest by iOS or macOS using OS-level protections and never sent to us:

• Your answers (Yes / No / Maybe / unanswered) for each catalog item.
• The encryption keys used for the end-to-end encrypted exchange with your partner.
• App settings (chosen language, theme, content-filter state, set of "already seen" catalog entries).
• The list of paired contacts and the catalogs you have loaded.

Because this data does not leave your device, GDPR does not apply to its in-app handling beyond the security measures provided by the operating system. Uninstalling the app removes it.

2.2 Pairing & sync (the wagnis sync server)

To allow two paired devices to exchange answers in near-real time, the app talks to a small sync server we operate on Cloudflare's infrastructure. The server only ever sees:

• Pairing identifiers. A pairing is identified by an opaque random value generated on your device. It is not linked to your name, email, phone number, IP-address-derived identity, or any other account.
• Encrypted payload blobs. The actual answers and metadata are encrypted on your device with a key your partner holds and we do not. Server-side they are opaque ciphertext.
• Apple Push Notification (APNs) device tokens. When you grant push permission, iOS gives the app an opaque token that lets Apple deliver silent pushes to your device. We store this token next to your pairing entries so we can wake the peer device when new data arrives. The token does not identify you and is rotated by Apple over time.
• Connection metadata. Like every server reachable over the public Internet, our edge network sees connection-level information (IP address, TLS handshake, request timestamp). We do not log this data into any product database; it is processed only as part of normal HTTPS termination by Cloudflare and discarded according to Cloudflare's retention practices (typically minutes to a few days at the edge layer).

Legal basis: Art. 6(1)(b) GDPR — processing is necessary to perform the service you requested by pairing your device. Purpose: deliver the encrypted payload to your partner's device. Retention: a pairing entry and its associated tokens are deleted once you remove the pair on either device, when Apple invalidates the push token, or after 30 days of inactivity, whichever comes first. Pending ciphertext blobs are deleted as soon as the receiving device confirms delivery.

2.3 Push delivery (Apple)

Silent push notifications are delivered by Apple's APNs service. We send Apple your opaque push token and an encrypted payload; Apple routes it to the target device. Apple acts as an independent controller for its push infrastructure. See apple.com/legal/privacy.

2.4 Catalog downloads (the wagnis website)

Catalogs (the JSON files containing the questions) are served from wagnis.app as static files. When your app downloads a catalog, your IP address and a standard user-agent string are visible to Cloudflare during the HTTPS handshake. We do not run additional analytics, cookies, tracking pixels, or fingerprinting on this site. You may also load catalogs from any other HTTPS source you choose; in that case the operator of that source — not us — handles the request.

2.5 Camera

The app asks for camera permission only to scan a partner's pairing QR code. Frames are processed on-device to read the QR code and are not stored, transmitted, or otherwise retained. You can revoke the permission at any time in iOS Settings.

2.6 What we do not collect

• No accounts, no email addresses, no phone numbers, no names.
• No analytics, no telemetry, no crash reports beyond what Apple's TestFlight may collect under its own policy.
• No advertising identifiers, no tracking SDKs, no cross-app tracking. We do not share or sell data with third parties for advertising.
• No location data.

3. Recipients & processors

Beyond ourselves, the following parties are involved in delivering the service and may process the technical data described above on our behalf or for their own infrastructure purposes:

Transfers to the United States are covered by the EU–US Data Privacy Framework or, where unavailable, by the European Commission's Standard Contractual Clauses, supplemented by the encryption-at-rest and end-to-end-encryption measures described above (Art. 46 GDPR).

4. Storage period

• Pairing entries & push tokens: until you delete the pair on either device, the token is invalidated by Apple, or 30 days of inactivity elapse — whichever comes first.
• Pending ciphertext payloads: until the receiving device confirms delivery, then immediately deleted.
• Edge connection logs (Cloudflare): short-term operational only; we keep no derived database of these records.
• Local device data: until you remove the app or clear it from within the app.

5. Your rights under the GDPR

You can exercise the following rights regarding any personal data we process about you:

• Right of access (Art. 15 GDPR) — confirm whether we process data about you and obtain a copy.
• Right to rectification (Art. 16 GDPR) — correct inaccurate or incomplete data.
• Right to erasure (Art. 17 GDPR) — request deletion. For server-side data, deleting the pair on either device achieves this immediately and on its own; you can also email us.
• Right to restriction of processing (Art. 18 GDPR).
• Right to data portability (Art. 20 GDPR) — receive a copy of your data in a machine-readable format. Note that the bulk of your data lives on your own device and is already accessible to you.
• Right to object (Art. 21 GDPR).
• Right to withdraw consent at any time, where processing is based on consent (Art. 7(3) GDPR). Withdrawal does not affect the lawfulness of processing prior to withdrawal.
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR), in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

To exercise any of these rights, write to aiko@spitzbub.app. Because we do not have any account that links you to your data, we may ask you to provide context (e.g. an approximate pairing timestamp) so we can locate the relevant entries.

6. Security

Answers and metadata exchanged between paired devices are encrypted with AES-256-GCM using keys derived during pairing and held only on the two participating devices. The sync server has no access to these keys and cannot decrypt the payloads. We use only Apple's built-in CryptoKit primitives; no third-party cryptography libraries are bundled in the app.

7. Children

wagnis is not directed at children under 16. Some catalogs are rated 18+ and are hidden by default; enabling them requires a deliberate, undocumented action in Settings. We do not knowingly process data of users under 16. If you believe a minor has used the app, contact us and we will help you delete any associated pairing entries.

8. Changes to this policy

When we materially change how we handle personal data, we will update this page and bump the "Last updated" date at the top. Continued use of the app after a change constitutes acceptance of the updated policy; for substantive changes that affect existing data, we will additionally surface an in-app notice.

9. Contact

Questions about this policy or about your data: aiko@spitzbub.app.