Privacy Policy for the platoniq App

(As of: January 2026)

1. Controller

The controller responsible for data processing is:

SHS Social Health Solutions UG (haftungsbeschränkt)
Luisenstraße 53, 10117 Berlin, Germany

Registry Court: Amtsgericht Charlottenburg
Commercial Register: HRB 280649 B

Phone: +49 15753685796
Email: kontakt@platoniq.health

You may contact us at any time with questions regarding data protection.

2. Scope of Application

This privacy policy applies to the use of the platoniq app. The app is a preventive health service and is intended exclusively for adults (18+). It is not intended for use by minors.

3. Your Rights as a Data Subject

You may exercise the following rights at any time using the contact details provided above:

• Access to your data stored with us and its processing (Art. 15 GDPR)
• Rectification of inaccurate personal data (Art. 16 GDPR)
• Erasure of your data stored with us (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Objection to processing (Art. 21 GDPR)
• Data portability (Art. 20 GDPR)

If you have given us consent, you may revoke it at any time with effect for the future (Art. 7(3) GDPR).

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

4. Registration and Authentication in the App

Type and purpose of processing:
Registration is required to use the app. In this process, we process your email address for account creation and authentication. This data is processed to provide you with a user account and enable app functionality.

Legal basis:
Art. 6(1)(b) GDPR (performance of a contract)

Recipients:
Google Cloud Platform (GCP) as processor for hosting and database management

Third country transfer:
No. Hosting takes place exclusively in data centers within the EU (Frankfurt).

Storage period:
The data will be deleted as soon as you delete your account or request deletion. Your account will be automatically deleted if you have not used it for an extended period. In this case, you will receive an email before deletion. Uninstalling the app does not automatically delete your account.

5. Data Necessary for App Usage

Type and purpose of processing:
During use of the app, we collect information about your interaction with app features:

• Completed course units and topics
• Use of the garden feature (including relationship tracking)
• Device information (device type, operating system version, technical identifiers, IP address)

This data is processed to provide app functionality.

Legal basis:
Art. 6(1)(b) GDPR (performance of a contract)

Recipients:
Google Cloud Platform (GCP) as processor

Third country transfer:
No. Hosting takes place exclusively in the EU (Frankfurt).

Storage period:
The data will be deleted as soon as you delete your account or request deletion.

6. Product Analytics (Posthog)

Type and purpose of processing:
We use Posthog, an analytics service, to analyze usage behavior in the app and improve product quality. The following data is collected:

• App usage behavior (areas visited, features used)
• Technical data (device type, operating system)
• Pseudonym

Only usage data is collected and processed that does not allow direct personal identification. Once you delete your account, it is no longer possible to resolve your pseudonym.

The analysis is conducted to optimize app functionality and fix errors.

Legal basis:
Art. 6(1)(f) GDPR (legitimate interest in improving our app)

Recipients:
Posthog Inc. as processor

Third country transfer:
No. Processing takes place on European servers.

Storage period:
Once you request deletion of your account or have not used your account for an extended period, your account will be deleted. From that point on, personal identification of the data is no longer possible.

7. Error Monitoring (Sentry)

Type and purpose of processing:
We use Sentry to detect and fix technical errors and improve the technical stability of the app. The following data is collected:

• Error messages and stack traces
• Device and operating system information
• Time of error

Legal basis:
Art. 6(1)(f) GDPR (legitimate interest in the technical stability of the app)

Recipients:
Sentry as processor

Third country transfer:
No. Processing takes place on European servers.

Storage period:
Error data is automatically deleted after 90 days.

8. App Distribution

Type and purpose of processing:
The platoniq app is made available through the Google Play Store and Apple App Store. The management of downloads, updates, and app reviews is carried out by these platforms according to their own privacy policies.

Legal basis:
Art. 6(1)(b) GDPR (performance of a contract)

Recipients:
Google LLC (Google Play Store), Apple Inc. (Apple App Store)

Third country transfer:
Yes. Data transfer to the USA based on the European Commission's Standard Contractual Clauses.

Storage period:
The storage period is governed by the privacy policies of the respective platform.

9. Payment Processing

Type and purpose of processing:
For paid app content and events, we use external payment service providers. Depending on the chosen payment method, the following data is processed:

For direct payment via PayPal or Stripe:

• Name and address
• Payment data (credit card information, PayPal accounts)
• Invoice data

For in-app purchases via Google Play or Apple App Store:

• Transaction data is processed by Google LLC or Apple Inc. respectively
• We only receive confirmation of successful purchase without access to your payment data
• Processing is conducted according to the privacy policies of Google Play or Apple App Store

The provision of your personal data is necessary for the conclusion and performance of the contract with you as part of pre-contractual measures. We are obliged to collect the required data in accordance with tax regulations and for contract performance. If you do not provide us with this data, a corresponding contract conclusion or the performance of pre-contractual measures is not possible.

Legal basis:
Art. 6(1)(b) GDPR (performance of a contract); Art. 6(1)(c) GDPR (legal obligation to comply with tax retention periods)

Recipients:

• PayPal and Stripe as payment service providers (partly as controllers in their own right, partly as processors)
• Google LLC (for Google Play in-app purchases) as controller in their own right
• Apple Inc. (for Apple App Store in-app purchases) as controller in their own right
• finom Bank for account management

Third country transfer:
Yes. Data transfer to the USA based on the EU-US Data Privacy Framework or the European Commission's Standard Contractual Clauses.

Storage period:
We store personal data as long as it is necessary for the fulfillment of a contractual relationship with you or for the implementation of pre-contractual measures, as well as until the expiry of tax and commercial retention periods.

10. Email Communication

Type and purpose of processing:
We use email services for the following purposes:

• Sending activation codes after purchase (via Resend)
• Responding to support requests (via Google Workspace)
• Sending marketing emails (via Brevo)

Legal basis:
Art. 6(1)(b) GDPR (performance of a contract for transactional emails); Art. 6(1)(f) GDPR (legitimate interest in communicating with customers); Art. 6(1)(a) GDPR (consent for marketing emails)

Recipients:
Resend as processor (for transactional emails); Brevo as processor (for newsletters); Google Workspace as processor (for support)

Third country transfer:
Yes. Data transfer to the USA based on the European Commission's Standard Contractual Clauses.

Revocation:
You may unsubscribe from marketing emails at any time via the unsubscribe link in the email.

Storage period:
Transactional emails are stored in accordance with statutory retention periods. Support requests are deleted after resolution of the matter, unless there is a statutory retention obligation.

11. Disclosure of Data

We do not disclose your data to third parties for commercial purposes. Disclosure only occurs to the processors named in this privacy policy, who are contractually bound in accordance with Art. 28 GDPR and may only process data according to our instructions.

12. Profiling

We do not carry out automated individual decisions with legal effect. The analysis of app usage is carried out exclusively to improve app functionality and has no legal implications for you.

13. Right to Lodge a Complaint with a Supervisory Authority

If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in any way, you may lodge a complaint with a supervisory authority.

14. Changes to this Privacy Policy

We reserve the right to amend this privacy policy if the legal situation, our data processing, or our services change. The current version is available in the app and on our website.

‍

‍

‍