Privacy Policy for Stempely

Last Updated: January 2025

1. Controller

AI4App
Gertrud-von-le-Fort-Str 40
93051 Regensburg
Germany

Email: kontakt@ai4app.de

2. Core Principle: Offline-First

Stempely is an Offline-First app. This means:

  • Your stamp cards are stored primarily locally on your device
  • The app works even without an internet connection
  • Server synchronization only occurs for verification at the store

3. What Data is Collected?

3.1 Local Data (only on your device)

  • Anonymous User ID: Randomly generated UUID
  • Your Stamp Cards: With stamps and progress
  • Received Notifications
  • App Settings: Language

3.2 Data Transmitted to the Server

The following data is transmitted during use:

  • Anonymous User ID: No personal data
  • Shop ID: When collecting a stamp
  • Timestamp: Of the stamp collection
  • Scan Method: QR or NFC
  • FCM Token: For push notifications (optional)

3.3 We Do NOT Collect:

  • Name, email address, or phone number
  • Location data or GPS
  • Contacts, photos, or other app data
  • Usage behavior or tracking data

4. Purpose of Data Processing

Data Purpose Legal Basis
Anonymous User ID Associate your stamp cards with the store Art. 6(1)(b) GDPR (Contract fulfillment)
Stamp Data Track your collection progress Art. 6(1)(b) GDPR (Contract fulfillment)
FCM Token Send push notifications Art. 6(1)(a) GDPR (Consent)

5. Data Sharing

Your data is only shared with the following third parties:

  • Participating Stores: Anonymous customer ID and stamp count for reward verification
  • Firebase/Google: Technical infrastructure for push notifications (FCM)
  • Stripe: For voluntary donations, payment processing

No sharing for advertising purposes. Your data is not sold.

6. Storage Duration

  • Local Data: Until app uninstallation or manual deletion
  • Server Data: Anonymous stamp data is automatically deleted after 24 months of inactivity
  • Offline Queue: Unsynced requests are discarded after 24 hours

7. Your Rights

You have the following rights under GDPR:

  • Access (Art. 15): What data is stored about you
  • Rectification (Art. 16): Correction of inaccurate data
  • Erasure (Art. 17): Deletion of your data
  • Restriction (Art. 18): Restriction of processing
  • Data Portability (Art. 20): Export of your data
  • Objection (Art. 21): Object to processing
  • Withdrawal (Art. 7): Withdraw consent (e.g., push notifications)

Contact: kontakt@ai4app.de

Right to Complain: You can file a complaint with a data protection supervisory authority.

8. Data Security

  • Encrypted transmission via HTTPS/TLS
  • Local data storage on your device
  • No passwords required (anonymous usage)
  • Servers in the EU (Firebase/Google Cloud)

9. Push Notifications

Push notifications are optional. You can disable them at any time:

  • iOS: Settings → Stempely → Notifications
  • Android: Settings → Apps → Stempely → Notifications

When disabled, your FCM token will no longer be used.

10. Donations via Stripe

For voluntary donations, you will be redirected to Stripe. Stripe processes your payment data according to their own privacy policy. We do not receive any credit card data.

11. Changes to this Policy

For significant changes, we will notify you via the app or our website.

12. Contact

For privacy questions:

AI4App
Email: kontakt@ai4app.de

Date: January 2025
Bundle ID: de.ai4app.stempely