← Back to Zamch

Data Privacy Policy

Version 2.5 — Effective April 11, 2026

This Privacy Policy explains how Zamch ("the App"), a mobile application for group planning and coordination (shared living, trips, outings, and other group activities), operated by Moritz Schafft, 34132 Kassel, Germany ("the Operator", "we", "us"), collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR/DSGVO), the German Federal Data Protection Act (BDSG), the Telecommunications-Telemedia Data Protection Act (TTDSG), and other applicable data protection law.

Contact for data protection inquiries: zamch@moalsc.com

1. Data Controller

Moritz Schafft
34132 Kassel, Germany
Email: zamch@moalsc.com

2. Data We Collect

  • Account Data: Email address, display name, profile photo URL (if provided), Terms of Service acceptance timestamp and version, notification preferences.
  • Authentication Data: Firebase Authentication tokens. If you use Google Sign-In: Google OAuth tokens, Google profile display name, and Google profile photo URL.
  • Group Data: Group membership, group names, group settings (currency, enabled features, emoji, photo), and invite codes.
  • Activity & Planning Data:
    • Shopping list items (name, quantity, purchased status, purchaser).
    • Calendar events (title, description, start/end dates, all-day flag).
    • Expenses and financial data (title, amount, currency, converted amounts, exchange rates, who paid, how the expense is split among members).
    • Polls and votes (title, description, options, individual voting choices, deadlines).
    • Chores and tasks (title, assigned member, rotation order, frequency, due dates, completion status).
    • Packing lists (list name, shared or personal type, items with pack status and assignments).
    • Announcements (title, body, pinned status).
    • Whereabouts and availability (home/away status, expected return date, notes).
    • Check-ins (text captions, photos or GIFs, timestamps).
  • Location Data: When you enter a location for a timeline, itinerary event, outing, or calendar event, the App converts the location text into geographic coordinates (latitude and longitude) using geocoding and address autocomplete services (Google Places API and Photon/Komoot). This location data is stored with the event so it can be displayed on a map. We do NOT track your device location in the background or access your GPS without your action. Location data is only collected when you voluntarily enter a location.
  • Travel & Accommodation Data: Travel mode (plane, train, car, ferry, other), departure and arrival places and times, operator and service numbers, booking links, passenger and interest lists, available seats, starting city, notes. Accommodation details: name, type (Airbnb, hotel, guesthouse, hostel, other), link, location, price per night, check-in/check-out dates, maximum guests, notes, interested and booked member lists.
  • Media Data: Photos uploaded from your camera or photo library (JPEG, PNG, or WebP, up to 2 MB), stored in Firebase Storage with your user ID in the file path. Image dimensions (width and height). Disappearing photos with an expiration timestamp you set — these are permanently deleted from our servers after expiry. GIF URLs selected via the Giphy integration.
  • Technical Data: Push notification tokens (Firebase Cloud Messaging), device type, app version.
  • Moderation & Safety Data: Text content submitted for automated moderation checks (no user identifiers are sent to the moderation service). Reports filed by users, including reporter ID, content snapshot, reason, and status.
  • AI Assistant Data: When you use the Quick Action feature, the following data is sent to Google's Gemini API for processing: your text input (up to 1,000 characters), conversation history within the current session (up to 4 exchanges), the display names of members in your group (sanitized), and the current date. No email addresses, user IDs, or other account identifiers are sent to Google Gemini. The Quick Action feature is rate-limited to 30 requests per minute per user.
  • Payment Method Data: You may optionally store up to 2 payment methods per profile and per group (e.g., PayPal address, bank details label). Each payment method consists of a label (e.g., "PayPal") and a value (e.g., an account identifier). This data is visible to other members of your group to facilitate settling shared expenses. Payment method data is stored in your user profile and in your per-group member settings.
  • Subscription & Purchase Data: When you purchase a paid subscription (group tier or Quick Action AI Premium), we store: subscription tier, billing model (annual or event), the user ID of the purchaser, the RevenueCat entitlement identifier, activation and expiration timestamps, and subscription status (active, expired, cancelled). For group subscriptions, this data is stored on the group document so all members can see the tier that applies to the group. We do NOT store credit card numbers, bank details, or any other payment credentials — these are handled exclusively by Apple or Google.
  • Placeholder Member Data: When a group owner on the free tier creates placeholder members (participant slots with a display name but no real user), we store the placeholder name, the group ID, the owner's user ID, a creation timestamp, and an expiry timestamp (30 days after creation). A placeholder Firebase Auth user is also created to serve as a stable identifier inside the group. Unmerged placeholders are automatically deleted 30 days after creation.

3. Legal Basis for Processing (Art. 6 GDPR)

  • Contract Performance (Art. 6(1)(b)): Processing your account data, group data, activity data, financial data, location data, travel data, media data, check-in data, subscription data, and placeholder member data is necessary to provide the App's services as agreed when you accepted these Terms.
  • Legitimate Interest (Art. 6(1)(f)): Content moderation and safety measures to protect users and prevent misuse. Rate limiting and abuse prevention. Scheduled cleanup of expired content (disappearing photos, expired placeholders, and expired event-group subscriptions).
  • Consent (Art. 6(1)(a)): Push notifications — you can opt out at any time via device settings or per-category notification preferences in the App.

4. How We Use Your Data

  • To provide and operate all of the App's features (shared shopping lists, calendars, expenses, polls, chores, packing lists, timelines, outings, whereabouts, check-ins, and announcements).
  • To authenticate your identity and manage your account.
  • To send push notifications about group activity (with your consent, configurable per category).
  • To convert location text to geographic coordinates for timeline event mapping and to provide address autocomplete suggestions (via geocoding and Google Places API).
  • To retrieve current exchange rates for multi-currency expense splitting.
  • To moderate content and enforce our Terms of Service.
  • To respond to user reports and investigate potential violations.
  • To automatically delete expired disappearing photos.
  • To process natural-language commands via the AI-powered Quick Action feature (via Google Gemini), enabling you to create shopping items, expenses, calendar events, polls, chores, announcements, and travel plans through text input.
  • To comply with legal obligations under German and EU law.

5. Data Sharing & Third Parties

We share data only with the following service providers ("processors"). We do NOT sell, rent, or share your personal data with advertisers or other third parties.

  • Google Firebase (Google LLC, USA): Authentication, database (Firestore), cloud functions, push notifications (FCM), file storage. Our Cloud Functions are deployed in the europe-west1 (Belgium) region. Google is certified under the EU-US Data Privacy Framework. firebase.google.com/support/privacy
  • Google Gemini API (Google LLC, USA): Processes natural-language commands for the Quick Action feature. Data sent includes your text input, brief conversation context, and group member display names (sanitized — no emails or user IDs). Our Cloud Functions call the Gemini API from the europe-west1 (Belgium) region. Google is certified under the EU-US Data Privacy Framework. Google's Gemini API terms state that data sent via the API is not used to train Google's models. ai.google.dev/terms
  • OpenAI (OpenAI, LLC, USA): Text content submitted for automated content moderation checks only. Only the text content is sent — no user identifiers. OpenAI's moderation endpoint does not store or train on submitted data. openai.com/privacy
  • Giphy (Meta Platforms, Inc., USA): GIF search and display within the App. Your GIF search queries and interaction data are sent to Giphy's servers. giphy.com/privacy
  • Google Places API (Google LLC, USA): Address autocomplete and place details for outings, calendar events, and location fields. Your search queries are sent to Google's Places API from our Cloud Functions in europe-west1 (Belgium). Only the search text is sent — no user identifiers. Google is certified under the EU-US Data Privacy Framework. policies.google.com/privacy
  • Photon / Komoot (Komoot GmbH, Germany): Geocoding service used to convert location text into geographic coordinates for timeline events. Only the location search text is sent — no user identifiers or personal data. komoot.com/privacy
  • Frankfurter (open-source project, hosted in the EU): Currency exchange rate data. Only currency codes are sent — no personal data whatsoever.
  • RevenueCat (RevenueCat, Inc., USA): In-app purchase receipt validation and subscription entitlement management. When you purchase a subscription, your Firebase user ID is sent to RevenueCat as the "app user ID", together with the group ID (for group subscriptions) as a subscriber attribute. RevenueCat validates the receipt with Apple/Google and returns the entitlement status, which our Cloud Functions persist on the relevant group or user document via a signed webhook. RevenueCat processes data under Standard Contractual Clauses. revenuecat.com/privacy
  • Apple App Store (Apple Inc., USA): Processes in-app purchases on iOS devices and acts as the seller of record for purchases made through the App. Apple handles payment collection, tax, and receipts. We do not receive or store your Apple ID credentials or payment details. apple.com/legal/privacy
  • Google Play (Google LLC, USA): Processes in-app purchases on Android devices (once the Android version is available) and acts as the seller of record. Google handles payment collection, tax, and receipts. We do not receive or store your Google account credentials or payment details. policies.google.com/privacy

6. Data Retention

  • Account data: Retained as long as your account exists.
  • Usage data (group content): Retained as long as the group exists or until you or a group admin deletes it.
  • Disappearing photos: Permanently deleted from our servers after the expiration time you set. A scheduled process checks for expired photos hourly.
  • Moderation data: Content moderation results are not stored. User reports are retained for up to 12 months.
  • Technical data (FCM tokens): Removed upon sign-out or account deletion.
  • Rate limit records: Automatically reset after their time window expires.
  • Subscription data: Retained as long as the group (for group subscriptions) or user account (for Quick Action AI Premium) exists. Expired and cancelled subscription records are retained for accounting and tax documentation purposes for up to 10 years as required by German commercial law (Section 257 HGB and Section 147 AO).
  • Placeholder member data: Automatically deleted 30 days after creation if not merged with a real user. A daily scheduled cleanup job removes expired placeholders.
  • Event group expiry: Event-tier group subscriptions that have passed their expiration date are automatically marked as "expired" by a daily scheduled job. The group and its content remain read-only until a new subscription is purchased or the group is deleted.

7. Your Rights (GDPR Art. 15–21)

You have the following rights regarding your personal data:

  • Right of Access (Art. 15): Request a copy of all your personal data. Available directly via the "Request My Data" button in the App's profile settings, which exports your data as a CSV file including your profile, group memberships, shopping items, expenses, calendar events, votes, applications, and check-ins.
  • Right to Rectification (Art. 16): Update your profile information at any time via the App.
  • Right to Erasure (Art. 17): Delete your account and all associated data via "Delete All My Data" in the App's profile settings. This permanently removes your profile, all shopping items, expenses, calendar events, votes, applications, check-ins, uploaded photos, and your Firebase Auth account.
  • Right to Data Portability (Art. 20): Export your data in a machine-readable format via the App.
  • Right to Object (Art. 21): Object to data processing based on legitimate interest.
  • Right to Restrict Processing (Art. 18): Request restriction of processing in certain circumstances.

To exercise any of these rights, you may use the in-app tools or contact: zamch@moalsc.com. We will respond within 30 days.

8. Automated Decision-Making and Profiling (Art. 22 GDPR)

  • The App uses automated content moderation (via OpenAI) that may automatically block content flagged as harmful. This is based on content classification, not on profiling of individual users. You may contact us to contest a moderation decision.
  • The Quick Action feature uses Google Gemini to interpret natural-language commands and execute actions on your behalf (e.g., adding a shopping item or recording an expense). This is a user-initiated feature — it only processes data when you actively use it. No automated decisions with legal effects are made.
  • Disappearing photos are deleted automatically based on the expiration time you set.
  • We do not engage in profiling for advertising, credit scoring, or any other purpose that produces legal effects concerning you.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) for all data communication.
  • Encryption at rest for data stored in Firebase services.
  • Firebase Security Rules restricting data access to authorized users only.
  • Firebase App Check to verify that requests originate from the genuine App.
  • Server-side rate limiting on all Cloud Functions to prevent abuse.
  • Input validation and sanitization.
  • Automated content moderation to detect and remove harmful content.
  • Scheduled cleanup of expired data (disappearing photos).

10. Children's Data

The App is not intended for children under 16 years of age. We do not knowingly collect data from children under 16. If we become aware that a user is under 16, we will delete their account and data.

11. International Data Transfers

Some of our service providers process data outside the European Economic Area:

  • Google (Firebase, Gemini API, Places API, Google Play) — USA: Certified under the EU-US Data Privacy Framework. Standard Contractual Clauses (SCCs) where applicable. Gemini API and Places API calls are initiated from our Cloud Functions in europe-west1 (Belgium).
  • OpenAI — USA: Only anonymized text content is sent (no personal identifiers). Standard Contractual Clauses apply.
  • Giphy / Meta Platforms — USA: GIF search queries and interactions. Subject to Meta's data transfer mechanisms including SCCs.
  • Komoot — Germany: Data remains within the EU.
  • Frankfurter — EU-hosted: No personal data is transferred; only currency codes.
  • RevenueCat — USA: Your Firebase user ID and purchase receipts are transferred for entitlement management. Standard Contractual Clauses apply.
  • Apple — USA: Standard Contractual Clauses and Apple's Data Privacy Framework certification apply to in-app purchase processing.

12. Compliance with German and Local Law

This App is designed to comply with German data protection law (DSGVO/BDSG/TTDSG) and EU law. As a user, you are also required to comply with all laws applicable in your jurisdiction when using the App, including when creating, sharing, or uploading content.

13. Changes to This Policy

We may update this Privacy Policy. Material changes will be communicated through the App, and you may be asked to acknowledge the updated policy.

14. Complaints

If you believe your data protection rights have been violated, you may lodge a complaint with:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden, Germany
datenschutz.hessen.de

15. Contact

For all data protection inquiries: zamch@moalsc.com