Privacy Policy for Stempely

Last Updated: October 25, 2024

1. Controller

Souhail Sehli
AI4App
Gertrud-von-le-Fort-Str 40
93051 Regensburg
Germany

Bundle ID: de.ai4app.stempely
Email: support@ai4app.de

2. Principles

Stempely is a fully offline-capable stamp card app that respects your privacy. All your data is stored exclusively on your device.

Our Privacy Promises:

  • No Server Transmission - Your data is never sent to external servers
  • No Cloud Sync - All data remains local on your device
  • No User Accounts - No registration or login required
  • No Tracking Services - No Google Analytics, Facebook Pixel, or similar services
  • No Tracking Ads - No personalized advertising
  • Full Control - You can delete all data yourself at any time

3. What Data is Stored Locally?

The following data is stored exclusively locally on your device:

3.1 User Data

  • Name (optional): If you enter a name, it is stored locally
  • User ID: A locally generated unique ID for identification
  • Onboarding Status: Information about whether you completed the introduction

3.2 Stamp Card Data

  • Store Information: Name, address, contact details of scanned stores
  • Stamp Status: Number of stamps collected per card
  • QR Codes/NFC Tag Data: Information from scanned QR codes or NFC tags
  • Creation and Modification Date: Timestamps for your stamp cards
  • Rewards: Status of redeemed rewards

3.3 App Settings

  • Language Setting: Your selected app language (German/English)
  • Premium Status: Information about your premium access
  • Transaction ID: If you purchased premium (for restore function)

3.4 Storage Location

All data is stored via Hive (local database) in your device's app documents:

  • iOS: App Sandbox Container
  • Android: App-specific internal storage

4. Permissions

4.1 Camera Access (NSCameraUsageDescription)

Purpose: Scan QR codes from stores

Usage: Camera is only activated when you actively want to scan a QR code

Storage: Camera images are NOT saved, only QR code data is processed

Revocation: Can be disabled in device settings at any time

4.2 NFC Access (NFCReaderUsageDescription)

Purpose: Scan NFC tags from stores

Usage: NFC is only activated when you actively want to scan an NFC tag

Storage: Only tag information is saved, not the hardware ID

Revocation: Can be disabled in device settings at any time

4.3 Additional Permissions

The app does not require additional permissions such as:

  • ❌ Location access
  • ❌ Contacts
  • ❌ Microphone
  • ❌ Photo library
  • ❌ Internet (except for in-app purchases)

5. Legal Basis for Data Processing

The processing of your data is based on the following legal grounds according to the EU General Data Protection Regulation (GDPR):

  • Art. 6(1)(b) GDPR - Processing for contract performance: Local storage of your stamp cards is necessary to provide you with the core functionality of the app.
  • Art. 6(1)(f) GDPR - Legitimate interest: Storage of technical data (app settings) serves our legitimate interest in providing you with a functional and user-friendly app.
  • Art. 6(1)(a) GDPR - Consent: For optional features (e.g., camera, NFC), we obtain your explicit consent.

6. Data Sharing with Third Parties

6.1 No Third-Party Sharing

Stempely shares no data with third parties because:

  • The app works completely offline
  • No server communication takes place
  • No analytics services are integrated
  • No social media integration exists

6.2 In-App Purchases (Premium)

When purchasing premium features, transaction data is transmitted to the respective platform:

  • Apple App Store: Processed by Apple according to their privacy policy
  • Google Play Store: Processed by Google according to their privacy policy

Important: We do NOT receive personal data from these services. Only purchase confirmation is stored locally.

6.3 Data Processing Outside the EU/EEA

No data processing outside the EU: Since all data is stored exclusively locally on your device, no data is transferred to third countries outside the European Union or the European Economic Area.

Exception for in-app purchases: For in-app purchases, transaction data is processed by Apple or Google, which may use servers outside the EU/EEA. This processing is subject to the respective privacy policies and standard contractual clauses of the platforms.

7. Retention Periods

Local storage without time limit: Since all data is stored exclusively locally on your device, you determine how long your data is retained.

  • Stamp card data: Stored until you manually delete it or uninstall the app
  • App settings: Stored until you uninstall the app
  • Premium status: Stored until you uninstall the app (can be restored via store)

You can delete all data at any time via the app settings.

8. Data Security

8.1 Local Encryption

  • Data is stored in the encrypted app sandbox
  • iOS: Uses iOS Keychain and filesystem encryption
  • Android: Uses encrypted Shared Preferences and internal storage

8.2 No Cloud Backups

  • By default, app data is excluded from system backups
  • With iCloud/Google backups, data can be backed up locally
  • Backups remain on your devices, no cloud synchronization

8.3 Data Deletion

You can delete all data at any time:

  1. Go to Settings → "Delete All Data"
  2. Or uninstall the app

After deletion, the data is irreversibly removed.

9. Data Processing at Stores

9.1 QR Code/NFC Scanning

When you scan a QR code or NFC tag at a store:

  • Information is processed only locally on your device
  • The store receives no notification about your scan
  • Your identity remains anonymous

9.2 Reward Redemption

When redeeming a reward:

  • You show the store your digital stamp card
  • The store can only see what is displayed on your screen
  • No data is automatically transmitted

10. Protection of Minors

The app can be used by people of all ages. Since no registration is required and no data is transmitted, special protective measures apply for minors:

  • No collection of personal data from children
  • No communication features
  • No social media integration
  • Parental control over in-app purchases via device settings

11. Your Rights (GDPR)

Even though no data is transmitted to us, you have the following rights:

11.1 Right of Access

You can view all locally stored data in the app at any time.

11.2 Right to Deletion

Settings → "Delete All Data" removes all your data.

11.3 Right to Data Portability

Since all data is stored locally, you have complete control over your data.

11.4 Right to Object

You can uninstall the app at any time to end data processing.

11.5 Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data by us.

Competent supervisory authority in Germany:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Germany

Phone: +49 (0) 981 180093-0
Email: poststelle@lda.bayern.de
Website: www.lda.bayern.de

You can also contact the data protection authority of your place of residence or habitual residence.

12. Changes to Privacy Policy

We reserve the right to update this privacy policy to:

  • Account for new features
  • Meet legal requirements
  • Provide clarifications

You will be informed of significant changes via an app update.

13. Contact

For privacy questions, contact us at:

Name: Souhail Sehli
Address: Gertrud-von-le-Fort-Str 40, 93051 Regensburg, Germany
Email: support@ai4app.de
App: Settings → Legal Notice

14. Summary

Stempely is one of the most privacy-friendly apps:

Aspect Status
Server Communication ❌ None
Data Transmission ❌ None
Cloud Storage ❌ None
User Accounts ❌ None
Tracking ❌ None
Local Storage ✅ Yes
Full Control ✅ Yes
Deletable Anytime ✅ Yes

Date: October 2024
Version: 1.0.0
Bundle ID: de.ai4app.stempely