Privacy Policy


Quick summary:
  • We offer a GDPR compliant, privacy conscious service.
  • We don't track you, which is why we don't need a cookie banner.
  • We only use external service providers when absolutely necessary for functionality.
  • We avoid collecting personal data. The personal data we have to collect is stored on our German servers running on renewable energy.

The full legally binding privacy policy follows below.

Privacy policy for webtoapp.design, owner Jan Bunk, Allgäustr. 19, 87493 Lauben, Germany ("webtoapp.design")

1. Subject of this Privacy Policy

1.1. This privacy policy informs you which personal data we collect when you visit our website and/or purchase our services as well as how we process it. In addition, we inform you about the rights to which you are entitled. Personal data is all data that can be related to you personally, such as your name or e-mail address.

1.2. This privacy policy is currently valid. Due to the further development of our website and offers or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy. You can always access the current version on our website.

2. Responsible Party

2.1. Responsible in the sense of Art. 4 No. 7 of the General Data Protection Regulation (GDPR) is:

Jan Bunk
Allgäustr. 19
87493 Lauben
Germany

2.2. Please address any questions or comments regarding this privacy policy to the following e-mail address: privacy@.................... f@ke.mailwebtoapp.design

3. Data Collection and Usage

The scope of data processing differs depending on whether you use our website only to retrieve information ("informational use") or whether you additionally purchase our services or you just use apps that we created.

3.1. As a Website Visitor

3.1.1. We only use essential cookies that do not require a cookie consent banner.

3.1.2. We collect anonymous usage and performance data for statistical purposes. We do not track individual website visitors and don't use cookies for this purpose. All the data is in aggregate only and no personal data is collected. Data Stored in Lithuania (EU) Legitimate Interest

3.1.3. If an error occurrs while you're using our website, we receive an anonymous error report that contains no personal information, just diagnostic data. Data Stored in Germany (EU) Legitimate Interest

3.1.4. We log requests to our website for diagnostic purposes in case errors occur. These logs contain the request URL, the amount of data transferred, the request's HTTP status code and other non-personal information. Data Stored in Germany (EU) Legitimate Interest

3.1.5. We use Cloudflare to improve our website's performance and protect it from security risks such as DDOS attacks. Privacy Policy Legitimate Interest

3.1.6. External Services on our Website

We use a couple of external services on our website to provice additional value to our visitors. These services may receive your IP address and the data your browser automatically sends to them.

3.1.6.1. We embed Youtube videos on some of our pages. We embed them in such a way that no data gets transferred to Youtube unless you actually play the video. No cookie gets stored. Privacy Policy Legitimate Interest

3.1.6.2. In our developer documentation we use the open source project ApiEmbed by Kong to give you a code demonstration of how to use our API in different programming languages. Legitimate Interest

3.1.6.3. We offer you to try some apps (that we have created) in the browser. To do so, we embed a virtual device from Appetize.io. This allows you to try the app without having to download the app and installing it on your own device. Privacy Policy Legitimate Interest

3.2. As a Registered User or Customer

In the following we discuss which types of data are collected for registered users and customers additional to the data that is collected for all website visitors.

3.2.1. We use additional cookies for essential functionality, e.g. to keep you logged in and to improve security.

3.2.2. Your billing information and payments are processed by our merchant of record Paddle. Privacy Policy Performance of Contract

3.2.3. When you create and customize an app on our website, we have to store your app customization of course. This usually does not include personal information. Data Stored in Germany (EU) Performance of Contract

3.2.4. When you send push notifications to the users of your app, the push notification gets delivered by Firebase. We do not store the content of your push notifications and have disabled the analytics features of Firebase. Privacy Policy Performance of Contract

3.2.5. E-mail

3.2.5.1. When you register an account on our website, we store your email address so you can log in with it. Performance of Contract

3.2.5.2. We send e-mails to you as part of our sign-up and app publishing process to help you with creating and publishing your app. Performance of Contract

3.2.5.3. Our automated e-mails collect anonymous aggregate opening rate statistics to avoid sending irrelevant e-mails in the future. Data Stored in Germany (EU) Legitimate Interest

3.2.5.4. When you contact us, we keep that correspondence, which includes the email address and potentially your name. We use this data solely to be able to provide you better assistance if you reach out in the future. Data Stored in Germany (EU) Legitimate Interest

3.2.5.5. We send our e-mails with the privacy conscious e-mail host mailbox.org. Privacy Policy Data Stored in Germany (EU)

3.3. As a User of Apps we Created

3.3.1. We only receive data from app users when an error occurs in the app. The crash report contains no personal information, just diagnostic data such as the device model and the lines of code that triggered the error. Crash reporting can be configured to be disabled by default in the app dashboard. App users can also opt in and out individually in the app settings. Data Stored in Germany (EU) Legitimate Interest

4. Data Transfer to Third Countries

4.1. If personal data is transferred to service providers in non-EU countries (so-called third countries), an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

5. Your Rights as an Affected Person

5.1. You have the right to request information at any time about whether and which of your data we process and for what purpose, and to whom and on what basis it is disclosed (Art. 15 GDPR). This also includes your right to receive copies. In the case of a large amounts of data, users may be asked to specify the information to certain types of data. The information must be provided without delay and may in no case take longer than one month.

5.2. You also have the right to have inaccurately collected personal data corrected or incompletely collected data completed (Art. 16 GDPR).

5.3. Furthermore, you have the right to demand that we restrict the processing of your data, provided that the legal requirements for this are met (Art. 18 GDPR).

5.4. In addition, you have the so-called "right to be forgotten", i.e. you can demand that we delete your personal data, provided that the legal requirements for this are met (Art. 17 GDPR). Irrespective of this, your personal data will be automatically deleted by us if the purpose of the data collection has ceased to exist or the data processing has been carried out unlawfully.

5.5. You have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer to another controller (Art. 20 GDPR).

5.6. According to Art. 7 (3) GDPR, you have the right to revoke your consent at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future.

5.7. You also have the right to object to the processing of your personal data at any time, provided that a right of objection is provided for by law. In the event of an effective objection, your personal data will also be automatically deleted by us (Art. 21 GDPR).

5.8. If you wish to exercise your right of revocation or objection, a notification by e-mail is sufficient.

5.9. Without prejudice to any other administrative or judicial remedy pursuant to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes GDPR. The competent supervisory authority for us is, among others, the state commissioner for data protection.

Appendix

Lawful Processing

These are the lawful reasons for processing we referred to above:

  • Performance of Contract: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract [Art. 6 para. 1 sentence 1 lit. b) GDPR]
  • Legitimate Interest: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child [Art. 6 para. 1 sentence 1 lit. f) GDPR]