Dawarich Privacy Policy
We don't sell your data, don't train AI on it, and don't share it beyond the processors listed below. Most of our processors are in the EU.
This policy applies to the Dawarich SaaS at dawarich.app, the hosted tier, and the iOS and Android apps when connected to our SaaS. If you self-host, no data reaches us and you are the sole controller.
1. Controller
ZeitFlow UG (haftungsbeschränkt) — Kolonnenstraße 8, 10827 Berlin, Germany. Managing Director: Evgenii Burmakin. Email: hi@dawarich.app. Full company details: Impressum.
2. What We Process and Why
| Data | Purpose | Legal basis (GDPR Art. 6) |
|---|---|---|
| Account data (email, password hash, user ID, settings) | Operate your account | (1)(b) contract |
| Location history (coordinates, timestamps, device info) | Visualize history, compute statistics | (1)(b) contract |
| Billing data (name, email, address, tax ID, payment metadata) | Subscriptions, invoicing, tax | (1)(b) contract; (1)(c) legal obligation |
| Error logs, crash reports, performance metrics | Keep the service stable and secure | (1)(f) legitimate interest |
| Support correspondence | Respond to your requests | (1)(b) / (1)(f) |
No automated decision-making with legal effect (Art. 22). Providing this data is voluntary but necessary to use the service.
Since March 2026, reverse-geocoded place names are no longer stored for SaaS users — they are computed on demand and discarded.
3. Recipients / Processors
All listed processors are bound by DPAs under Art. 28 GDPR. We do not sell data or share it for advertising.
| Processor | Purpose | Location |
|---|---|---|
| Hetzner Online GmbH | Hosting, database, backups | Germany (EU) |
| Cloudflare, Inc. | Marketing-site CDN | Global; EU where possible |
| Paddle.com Market Ltd. | Billing, checkout, invoicing | United Kingdom |
| Functional Software, Inc. (Sentry) | Error and crash tracking | United States |
| Simple Analytics B.V. | Cookieless site analytics (no consent needed) | Netherlands (EU) |
| Google LLC (Google Ads) | Marketing-site conversion tracking — consent-based | United States |
| Sendinblue SAS (Brevo) — email | Transactional emails | France (EU) |
| Sendinblue SAS (Brevo) — web tracker | Marketing-site email-campaign pixel — consent-based | France (EU) |
| Apple Inc. | iOS App Store distribution | United States |
| Google LLC | Google Play distribution | United States |
International transfers: UK (Paddle) is covered by the EU adequacy decision. US transfers rely on the EU-US Data Privacy Framework where the provider is certified, and on Standard Contractual Clauses (Art. 46 GDPR) otherwise.
4. Retention
- Account and location data: while your account is active; up to 12 months after cancellation unless you request earlier deletion.
- Billing data: up to 10 years (§ 147 AO, § 257 HGB).
- Error logs: up to 30 days.
- Support correspondence: up to 3 years after last contact.
5. Your Rights
You have the right to access (Art. 15), rectify (16), erase (17), restrict (18), port (20), object to processing based on legitimate interest (21), and withdraw consent at any time (7(3)) without affecting prior processing. To exercise any right, email hi@dawarich.app or delete your account in-app.
You may also lodge a complaint with a supervisory authority (Art. 77). Our competent authority is the Berliner Beauftragte für Datenschutz und Informationsfreiheit (datenschutz-berlin.de); you may instead complain in your country of residence or workplace.
6. Cookies
On dawarich.app we use:
| Category | Purpose | Consent? | Provider |
|---|---|---|---|
| Strictly necessary | Remember your banner choice | No (§ 25(2) TTDSG) | First-party |
| Cookieless analytics | Aggregate traffic | No | Simple Analytics |
| Advertising | Google Ads conversion tracking | Yes | Google Ads |
| Email analytics | Brevo tracking pixel | Yes | Brevo |
To withdraw consent after accepting, delete the dawarichCookieConsent cookie and reload. On my.dawarich.app we additionally use first-party session cookies strictly necessary for login.
7. Security
HTTPS for all transfers, encrypted database storage and backups, application data stored in the EU. Crash traces may be sent to Sentry (US) and retained for up to 30 days.
8. Children
You must be at least 16 years old to use Dawarich. We do not knowingly collect data from children under 16.
9. Hosted Dawarich (legacy Patreon tier)
For the legacy "hosted dawarich" Patreon tier, each instance runs on a dedicated server, accessible only to the subscriber. We access it only for maintenance. Cancellation may lead to deletion after a grace period.
10. Changes
We will notify you of material changes (new purposes, new processors, changed retention, etc.) by email and/or in-app notice at least 30 days before they take effect. Non-material edits are published here with an updated date below.
Last updated
Effective 2026-04-21. Contact for all privacy matters: hi@dawarich.app.
| When | What |
|---|---|
| 2026-04-21 | Added processor list, legal bases, rights, supervisory authority, transfers, cookie table; age to 16; reflected STORE_GEODATA=false; 30-day notice for material changes |
| 2025-09-12 | Added TL;DR section |
| 2025-03-12 | Updated data retention section for SaaS users |
| 2025-02-01 | Initial version |