Privacy Policy
Provider (Impressum)
Oberstr. 3, 47829 Krefeld, Germany
Handelsregister: HRB 21178 (Amtsgericht Krefeld)
USt-IdNr: DE456304266
Managing Director: Holger Köther
Contact: [email protected]
Other Apps by Blocksize One
Father Leo — Your daily Bible companion for iOS.
VoyVoy — Travel currency converter for iOS.
Data We Collect
Images
Images you submit for extraction are transmitted via HTTPS to our backend service hosted on Cloudflare Workers, which forwards the image to Anthropic (Claude vision) for analysis. The extracted event data is returned to your device.
We temporarily retain extraction logs for up to 14 days to debug issues and improve service quality. After 14 days, image data is automatically deleted. Anonymized metadata (success rates, response times, error types) may be retained longer for analytics.
Legal basis: Article 6(1)(b) GDPR (performance of a contract — providing the extraction service you requested).
iCloud Integration
We use Apple's CloudKit framework to enable cross-device subscription synchronization. Here's how it works:
- We obtain an anonymous identifier derived from your iCloud account
- This identifier is a one-way SHA-256 hash of your iCloud record ID — we cannot reverse it to identify you
- We do NOT access your iCloud email, name, photos, or any other personal iCloud data
- This identifier is used solely to recognize the same user across their own devices so Pro subscription status follows them
Legal basis: Article 6(1)(b) GDPR (performance of a contract — enabling cross-device synchronization of your subscription).
Data Storage
Your Pro subscription status (active / expired) and the originating transaction ID are stored on our servers, linked to your anonymous device identifier and (if signed into iCloud) your anonymous iCloud identifier. Subscription transactions are verified cryptographically against Apple's App Store Server API and the Apple Root CA G3 certificate chain.
Purchases
In-app purchases are processed by Apple. We store transaction IDs to prevent duplicate processing.
Legal basis: Article 6(1)(b) GDPR (performance of a contract — processing and verifying your purchases).
Location (Optional)
If you grant location access (optional, while-in-use only), your approximate location is used on your device to find nearby venues for extracted events and to suggest local communities. Location lookups are performed with Apple's on-device geocoding and Maps services. Your location is never sent to or stored on our servers.
Legal basis: Article 6(1)(a) GDPR (consent — the iOS location permission you grant, revocable at any time in Settings).
Service Usage Data
When you use the App, we collect:
- Extraction requests (timestamp, success/failure)
- Subscription transactions for purchase verification
- Error logs for debugging
- Device locale and timezone (for accurate date parsing)
This data helps us improve the service and troubleshoot issues.
Legal basis: Article 6(1)(f) GDPR (legitimate interest in maintaining and improving service quality).
Analytics (PostHog)
We use PostHog to understand how the App is used so we can improve it. We collect usage events such as screens viewed, onboarding steps completed, extractions performed, and subscription events, together with a pseudonymous device identifier and basic device information (model, OS version, app version, locale).
- Our PostHog instance is hosted in the European Union — analytics data does not leave the EU
- Analytics data is keyed to a pseudonymous identifier, not your name or email
- PostHog is not used for advertising, and your images, extracted events, and calendar content are never included in analytics events
Legal basis: Article 6(1)(f) GDPR (legitimate interest in understanding and improving how the App is used).
Advertising Measurement (Meta)
We run ads so more people can discover the App, and we use Meta (Facebook) technologies — the Meta SDK in the App and Meta's Conversions API on our backend — to measure whether those ads work. What we share with Meta:
- Conversion events (app install, trial started, subscription started), including product, price, and currency
- Basic device information and a Meta-generated anonymous identifier
- Your device's advertising identifier (IDFA) — only if you allow tracking via Apple's App Tracking Transparency prompt
If you decline the tracking prompt, no advertising identifier is shared. We additionally use Apple's privacy-preserving SKAdNetwork framework for aggregate ad attribution. We never share your images, extracted events, calendar content, or location with Meta, and we never sell your data.
You can withdraw tracking permission at any time in iOS Settings → Privacy & Security → Tracking.
Legal basis: Article 6(1)(a) GDPR (consent, given via the App Tracking Transparency prompt) for identifier-based measurement; Article 6(1)(f) GDPR (legitimate interest) for aggregate, identifier-free conversion measurement.
Data We Do Not Collect
We do not collect:
- Calendar content (events are saved directly to your device)
- Your contacts, messages, or browsing history
- Your location on our servers — location is optional and processed on your device only
Extraction history is stored locally on your device. We never sell your personal data.
Third Parties
| Provider | Purpose | Location |
|---|---|---|
| Anthropic | AI extraction (Claude vision model) | United States |
| Apple | Payments and StoreKit subscription verification | United States |
| Cloudflare | Backend hosting | Global |
| PostHog | Product analytics | European Union |
| Meta Platforms | Ad performance measurement (only with your tracking consent) | Ireland / United States |
Data Retention
Extraction logs: Images and extraction data are automatically deleted after 14 days. Anonymized metadata (success rates, error types) may be retained longer for service improvement.
Subscription data: Subscription status and transaction history are retained for as long as needed for purchase verification and customer support, and as required by tax and accounting law.
Delete your data: Email [email protected] to request deletion of your subscription record.
International Transfers
Data may be transferred to the United States via Anthropic, Cloudflare, and Meta, protected by Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework. Analytics data processed by PostHog is hosted in the European Union.
Your Rights (GDPR)
Under GDPR, you have the right to:
- Access your personal data (Article 15)
- Rectify inaccurate data (Article 16)
- Request deletion of your data (Article 17)
- Restrict processing (Article 18)
- Data portability (Article 20)
- Object to processing based on legitimate interest (Article 21)
Where processing is based on your consent, you have the right to withdraw that consent at any time (Article 7(3) GDPR). Withdrawal does not affect the lawfulness of processing carried out before the withdrawal. You can withdraw tracking consent in iOS Settings → Privacy & Security → Tracking, and location consent in iOS Settings → Privacy & Security → Location Services.
To exercise these rights, contact [email protected]. We will respond within 30 days.
Supervisory Authority
Postfach 20 04 44, 40102 Düsseldorf, Germany
https://www.ldi.nrw.de
Changes
We may update this policy. Continued use constitutes acceptance.
Contact
For privacy inquiries: [email protected]