Privacy Agreement
Your data is your data
We only store and process data that is necessary for running the app or that we as developers consider absolutely necessary to improve the app. We have designed blindmate to provide you best possible privacy. We do not advertise on blindmate, we do not sell data. And to be as transparent as possible, we go beyond the legal requirements and list absolutely all the data we collect and explain how we use it. We hope that it is possible to run an app sustainably without selling users' data and to finance ourselves (in the long run) through an affordable premium model without ever having to sell your data. Should this no longer be possible one day, we would inform you.
Please excuse language mistakes. We translated this document to give you as much transparency as we can, however, English is not our first language and legal documents are challenging to translate. Please let us know if you spot a mistake or something is unclear.
Overview
- Information on the collection of personal data and contact details of the person responsible
- What information is collected when you use our services, and how do we use this information?
- Which data do we transfer to third parties, how and for what purpose?
- Duration of the storage of personal data
- Rights of the data subject
- Amendments to the provisions
1. Information on the collection of personal data and contact details of the person responsible
1.1 Handling of personal data In the following, we provide information on how we handle your personal data when you use our app. Personal data are all data with which you can be personally identified.
1.2 Responsible person Responsible for data processing regarding this app in terms of the General Data Protection Regulation (GDPR) is BlindMate GmbH Laurenz Reichl Bandelstraße 3 10559 Berlin Germany E-Mail: team@blindmate.de
Responsible for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
1.3 Measures for secure storage and transfer of data
- All data is stored on servers in Germany, these servers are protected with a complex password.
- For security reasons and to protect the transmission of personal data and other confidential content, our app uses SSL or TLS encryption.
2. What information is collected by us when you use blindmate?
Summary: The processing of stored data is necessary for the operation of our app and in order to improve the app. In particular, we collect information to identify and fix bugs (without drawing conclusions about your person). We analyse the basic features of user behaviour (frequency and regularity of various actions).
2.1 Using your photos or camera (with consent, optional) If you want to upload an image when you create your account or set up your search profile, we will ask you for permission to use your photos or camera. If you do not give this permission, we will not use this data. It will then not be possible to activate your search. You can later grant or revoke this consent in the settings of your operating system. If you allow access to this data, the app will only access your data and transfer it to our servers as far as it is necessary to provide the functionality. We will delete this data when it is no longer required to provide the service or when you revoke the right to use it and there is no legal obligation to retain it. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR.
2.2 Collection of location data (with consent, optional) Our offer includes so-called Location Based Services, with which your search can be tailored to your particular location (this feature is optional). You can only use this function after you have agreed that we can collect your location data using GPS for the purpose of providing services. You can allow or revoke this function in the settings of the App or your mobile operating system at any time.
2.3 Sending push notifications (with consent, optional) You can register to receive our push notifications. You will receive regular information about our services via our push notifications. In order to register, you must confirm the receipt of notifications or allow them in the settings of your operating system. This process is documented and saved. This includes saving the time of registration and your device identification. The collection of this data is necessary for us to be able to display the push notifications on the one hand and to be able to trace the processes in case of misuse on the other hand and therefore serves as a legal safeguard. This data is processed on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent to the storage and use of your personal data to receive our push notifications and the statistical survey described above at any time with effect for the future. To revoke your consent, you can unsubscribe from the designated setting for receiving push notifications in your app settings in your operating system. Your data will be deleted as soon as they are no longer required for the purpose of their collection. Your data will therefore be stored for as long as the subscription to our push notifications is active. Below, you can find a complete list of all data processed by us, as well as the purpose of use.
2.4 Information collected automatically
| Information we collect | How we use this information |
|---|---|
| 1. During download: When you download our app via an app store, the required information is transferred to the app store, in particular the e-mail address and customer number of your account, time of download, payment information and the individual device ID number. |
We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary for downloading the mobile app to your mobile device. |
2. Automatically, as soon as you start our app:
|
This information helps us to ensure that the app runs and is displayed in the best possible way on your device, the ID allows your device to communicate with our servers. The data collected and transmitted in case of an error is necessary for us to analyse and correct errors. Note: especially in the current launch phase, we need to collect detailed context information (especially the mentioned event log) about errors in order to be able to track and fix problems. In the event of an error, the logged data is transmitted to our system. We do not use the error information to draw conclusions about your person. |
2.5 Information that is created when you use our app
| Information we collect | How we use this information |
|---|---|
1. When creating an account (necessary for using the app)
|
We need this information to register your account and show your profile to people you add as friends within blindmate. If we receive an email address during your registration (e.g. via your Google or Apple account), we might send you an update via email in SUPER rare cases (eg. we’ve released a fundamentally new feature). You can obviously unsubscribe at any time. People to whom you have sent an invitation link can see your profile before they register. Other app users may see your profile as well. |
2. Technical data that is automatically recorded when the app is used
|
This information is necessary to make sure the app works for you and your contacts from a technical point of view. |
| 3. To set up a search profile (optional) You can set up a search profile within our app. For this purpose the following data are necessary:
|
Based on your search settings, the app will suggest matches to your friends. Your profile settings are the framework for how your profile looks when it is displayed to other people (friends and others). |
4. Data that you generate when you use our app
|
This data is processed and stored by us to enable these actions and to provide a good experience within our app. For example to …
|
5. Data that other users generate about you
|
Your profile is shaped by your friends' answers (your attributes are calculated from your friends' answers, and stories from friends are displayed on your profile). Matches that your friends and other users create for you are displayed as blindchats |
3. Which data do we transfer to third parties, how and for what purpose?
3.1 Storage on servers We store your data in Germany on the servers of netcup GmbH (Daimlerstraße 25, D-76185 Karlsruhe).
3.2 Data transfer The networks through which Your Data is sent is beyond our control.
3.3 Authentication and push notifications We use the Google Firebase service for these services.
For registration or login after logout, you may identify using
- phone number (verification code)
- google account
- apple account Only the data required for this purpose (telephone number, google account, apple account, IP, time of the enquiry) are transmitted to Google Firebase, but no other data about your account.
When verifying your phone number, you can choose how to receive the verification code:
- via SMS through Google Firebase (see above),
- via WhatsApp: for this, we transmit your phone number and the verification code to Meta Platforms (WhatsApp Business API),
- via voice call: for this, we transmit your phone number and your language setting to Twilio Inc.
This transfer happens once, at the moment of verification, and is limited to the data listed above — no other information about you or your account is transmitted. The legal basis is Art. 6 para. 1 lit. b GDPR (carrying out registration/login).
For push notifications, only the data necessary for this purpose (message content, device identification number, IP, time of the request), and no data about your other usage behaviour are transmitted to Google Firebase. You can deactivate the push notifications from the app or from your device settings.
3.4 For error analysis For error analysis, the automatically collected information described above (including primary account information) will be transmitted to the error logging service Sentry (sentry.io).
3.5 For improving the app In order to understand how users are using the app, which features are being used and where problems lie, we use the data analysis tool Amplitude. For this purpose, we transmit data to Amplitude, Inc. This includes information about screens and dialogues that were opened in the app, actions that were executed and demographic information like gender and age of the user.
3.6 Protection against abuse (App Attest, Play Integrity, reCAPTCHA) To prevent automated abuse of our verification endpoints (e.g. by bots), each verification request is checked to confirm it comes from a genuine, unmodified installation of our app. For this we use Apple App Attest (on iOS) and Google Play Integrity (on Android) via the Firebase App Check service; if neither is available, we use Google reCAPTCHA. In the process, a check token generated by your device and technical connection data (e.g. IP address) are transmitted to Apple Inc. and Google LLC respectively. The check token contains no information about your account or your usage behaviour within the app. The legal basis is our legitimate interest in the security of our service (Art. 6 para. 1 lit. f GDPR).
3.7 Premium subscriptions and in-app purchases You can purchase a premium subscription in the app; in the future, one-time purchases (e.g. permanent premium access) may be offered as well. Payment is handled entirely by Apple's App Store or Google Play — we never receive or store any payment details (e.g. no credit card numbers). Apple or Google only send us a purchase confirmation (transaction ID, purchased product, time of purchase, expiry date if applicable), which we store in order to provide your premium status. Apple's and Google's privacy policies apply to the payment processing. The legal basis is Art. 6 para. 1 lit. b GDPR (performance of contract).
3.8 Data transfers to third countries Some of the service providers named above are based in the USA (Google LLC, Meta Platforms, Inc., Twilio Inc., Amplitude, Inc., and Functional Software, Inc. (Sentry)). These providers are certified under the EU-US Data Privacy Framework, for which an adequacy decision of the EU Commission exists (Art. 45 GDPR). For providers without this certification (Apple Inc.), transfers are based on the EU Standard Contractual Clauses (Art. 46 para. 2 lit. c GDPR); you can request a copy of the Standard Contractual Clauses via team@blindmate.de.
4. Duration of the storage of personal data
Summary: As a rule, we store your data as long as you have an account with us. If your data is no longer used for the above purposes, it will be automatically deleted.
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and - if relevant - additionally by the respective legal retention period (e.g. retention periods under commercial and tax law). When personal data is processed on the basis of express consent pursuant to Art. 6 para. 1 letter a GDPR, this data is stored until the person concerned revokes his or her consent. If there are legal retention periods for data which are processed within the framework of legal or similar obligations based on Art. 6 Para. 1 letter b GDPR, these data are routinely deleted after the retention periods have expired, provided that they are no longer required for the fulfilment or initiation of a contract and/or we have no justified interest in their further storage. When personal data are processed on the basis of Art. 6 Para. 1 letter f GDPR, these data are stored until the person concerned exercises his or her right to object in accordance with Art. 21 Para. 1 GDPR, unless we can prove compelling reasons for processing worthy of protection which outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert, exercise or defend legal claims. When personal data are processed for the purpose of direct advertising on the basis of Art. 6 Para. 1 letter f GDPR, these data are stored until the data subject exercises his or her right to object in accordance with Art. 21 Para. 2 GDPR. Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.
5. Rights of the data subject
Summary: You can insist on being informed about your data, on correction of your data, and on deletion of your data as well as all other rights that GDPR grants you, of course.
5.1 Your rights The applicable data protection law grants you comprehensive data subject rights (rights of information and intervention) vis-à-vis the data controller with regard to the processing of your personal data, about which we inform you below:
- Right to information according to Art. 15 GDPR: In particular, you have the right to be informed about your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right of rectification, erasure, restriction of processing, opposition to processing, complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision making including profiling and, where applicable, meaningful information on the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed of the guarantees provided under Art. 46 GDPR when your data is transferred to third countries;
- the right to rectification in accordance with Art. 16 GDPR: You have the right to have incorrect data relating to you corrected without delay and/or to have your incomplete data stored by us completed;
- Right of cancellation in accordance with Art. 17 GDPR: You have the right to request the deletion of your personal data if the conditions of Art. 17, para. 1 GDPR are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- Right to restrict processing in accordance with Art. 18 GDPR: You have the right to demand the restriction of the processing of your personal data as long as the accuracy of your data which you dispute is verified, if you refuse to delete your data due to unlawful data processing and demand instead the restriction of the processing of your data, if you require your data for the assertion, exercise or defence of legal claims, after we no longer require these data after the purpose has been achieved, or if you have lodged an objection for reasons of your particular situation, as long as it has not yet been established whether our justified reasons outweigh the objection;
- Right to be informed in accordance with Art. 19 GDPR: If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerned have been disclosed of this rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients.
- Right to data transferability in accordance with Art. 20 GDPR: You have the right to receive personal data which you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another responsible party, insofar as this is technically feasible;
- Right to revoke consents granted pursuant to Art. 7 para. 3 GDPR: You have the right to revoke at any time, with effect for the future, any consent to the processing of data once granted. In the event of revocation, we will immediately delete the data concerned, unless further processing cannot be based on a legal basis for processing without consent. Revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation;
- Right of appeal under Art. 77 GDPR: If you believe that the processing of personal data relating to you is in breach of the GDPR, you have the right - without prejudice to any other administrative or judicial remedy - to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place where the alleged breach occurs.
5.2 Right of objection If, in the course of weighing up the interests involved, we process your personal data on the basis of our overriding legitimate interest, you have the right to object to this processing at any time for reasons arising from your particular situation, with effect for the future. However, we reserve the right to further process the data if we can prove that there are compelling reasons for processing worthy of protection which outweigh your interests, fundamental rights and freedoms, or if the processing serves to protect the rights, exercise or defend legal claims.
5.3 How is objection possible? By deleting your account. We consider the deletion of your account as an objection to the processing of your data and will stop processing your data immediately. Alternatively send us an email to team@blindmate.de. Before we can delete your account, you will receive a code (via SMS, WhatsApp or voice call) to authenticate yourself as the owner of your profile.
6. Amendments to the provisions
It is possible that these conditions may change. We will inform you about changes here or, in the case of more extensive changes, through a message within the app.
If you have any questions, you can reach us via email at team@blindmate.de
We wish you lots of fun,
Your blindmate team