Privacy Policy
The protection of your personal data is important to us. We process personal data only insofar as necessary, and exclusively within the framework of applicable data protection laws, in particular the General Data Protection Regulation (GDPR) and the German Telecommunications-Digital-Services Data Protection Act (TDDDG).
This Privacy Policy informs you about the processing of personal data when using the MamaKlar app, the website mamaklar.de, our digital content, AI features, user accounts, subscriptions, and in connection with distribution via the Apple App Store and Google Play.
1. Controller
MamaKlar
Judith Jachthuber-Pabst and Tobias Jachthuber
Römerstr. 14
76669 Bad Schönborn
Germany
Email: hallo@mamaklar.de
2. General Information on Data Processing
Personal data is any information relating to an identified or identifiable person, e.g. name, email address, device identifiers, IP address, or usage data.
We process personal data in particular in order to:
• provide the app, website, and content,
• manage user accounts and subscriptions,
• respond to support requests,
• ensure security, stability, and abuse prevention,
• provide AI features,
• fulfil legal obligations.
3. Legal Bases
- Art. 6(1)(b) GDPR for processing necessary to perform a contract or to take pre-contractual steps, e.g. registration, login, support, subscriptions, and use of paid features.
- Art. 6(1)(a) GDPR for processing based on your consent, e.g. for newsletters or optional analytics/marketing technologies, where used.
- Art. 6(1)(c) GDPR for processing to fulfil legal obligations, e.g. commercial and tax retention obligations.
- Art. 6(1)(f) GDPR for processing based on legitimate interests, e.g. for IT security, fraud prevention, error analysis, abuse detection, and the technically stable provision of our services.
- Section 25 TDDDG for storing information on your device or accessing it, where legally required.
4. App Download and Distribution via Apple App Store / Google Play
Our app is provided via the Apple App Store and Google Play. When downloading, making in-app purchases, taking out subscriptions, and using the store, the respective store operators process personal data under their own data protection responsibility.
This may include in particular usage, device, payment, transaction, and account data, insofar as this is necessary for download, license management, billing, refunds, fraud prevention, or store features.
We have only limited influence on this data processing by Apple or Google, namely insofar as the respective store provides us with technical information or subscription status information.
Apple privacy notice: https://www.apple.com/legal/privacy/data/en/app-store/
Google privacy notice: https://policies.google.com/privacy
5. Access Data, Log Files, and Technical Events
When using the website, the app, or connected technical services, technical data is automatically processed.
This may include in particular:
• IP address,
• date and time of access,
• content and features accessed,
• device and operating system information,
• app version,
• language and region,
• error messages,
• status codes,
• referrer and protocol data, where technically generated.
Purpose: provision, security, stability, error analysis, defence against attacks, and abuse prevention.
Legal basis: Art. 6(1)(f) GDPR.
6. Hosting and Technical Infrastructure
6.1 Website Hosting (Raidboxes)
Our website may be operated via the hosting provider Raidboxes GmbH. The data necessary for technical operation is processed.
Legal basis: Art. 6(1)(f) GDPR.
Data processing agreement: Where required, a data processing agreement pursuant to Art. 28 GDPR is in place.
6.2 App Operation, API, Delivery, and Technical Infrastructure (e.g. Cloudflare)
For the operation of the app, the delivery of technical content, API requests, protection against attacks, and high-performance provision, we may use technical infrastructure and CDN services, in particular Cloudflare.
Technically necessary connection and security data may be processed, in particular IP address, device and browser information, time of access, requested content, and protocol data.
Legal basis: Art. 6(1)(f) GDPR.
Privacy notice: https://www.cloudflare.com/privacypolicy/
7. Contact and Support
If you contact us, e.g. by email, we process the data you transmit, in particular your name, email address, the content of your message, and any further information you provide as part of your request.
Purpose: handling your request, support, contractual communication, documentation.
Legal basis: Art. 6(1)(b) GDPR and/or Art. 6(1)(f) GDPR.
8. Registration, Login, and User Account
Certain features may require a user account. In this context we process in particular:
• email address,
• login data,
• user ID,
• encrypted or hashed authentication data,
• account status,
• technical identifiers,
• timestamps of registration, login, and account-related changes.
Depending on the login method offered, sign-in may be by email, magic link, “Sign in with Apple”, or “Sign in with Google”.
Purpose: account management, authentication, access protection, contract performance.
Legal basis: Art. 6(1)(b) GDPR.
9. Sign-In via Apple or Google
If you sign in via Apple or Google, we receive the information required for authentication and account creation from the respective provider. Which data this includes specifically depends on your settings, your consent, and the respective provider.
With “Sign in with Apple”, this may include in particular a pseudonymous identifier and –
depending on your settings – an email address or a relay email address provided by Apple.
With “Sign in with Google”, this may include in particular an identifier, name, email address,
and – if released – further basic profile data.
Purpose: authentication, simplified registration, and login handling.
Legal basis: Art. 6(1)(b) GDPR.
Apple privacy: https://www.apple.com/legal/privacy/data/en/sign-in-with-apple/
Google privacy: https://policies.google.com/privacy
10. Subscriptions, In-App Purchases, and Contract Management
If you take out a paid subscription or in-app purchase via the Apple App Store or Google Play,
we process the information necessary to unlock and manage your access. This may include in particular:
• product and tariff information,
• purchase or subscription status,
• term,
• renewal status,
• transaction or confirmation identifiers,
• country or region information,
• technical assignment data.
Payment data itself is generally processed by the respective store operator. We usually do not receive your full credit card or account details.
Purpose: contract performance, access control, subscription management, evidence, and abuse prevention.
Legal basis: Art. 6(1)(b) GDPR.
11. Account and Data Deletion
If you have created a MamaKlar user account, you can request the deletion of your account. Where technically implemented, this is possible in the app itself; in addition, you can contact us via the contact channels mentioned in this Privacy Policy or – if provided by us – use a designated web resource.
Within the scope of an account deletion, we delete personal data insofar as no statutory retention obligations, documentation obligations, or legitimate grounds for further storage exist.
Please note: data we are required to retain for commercial or tax reasons will first be blocked and only deleted after the statutory retention periods have expired.
12. Cookies, Local Storage, and Similar Technologies
On our website and – where technically necessary – within app-related web views or local app storage mechanisms, cookies, local storage, tokens, or comparable technologies may be used.
These technologies may serve in particular to:
• store login status,
• ensure security and session control,
• store settings,
• document consent,
• avoid technical errors.
Legal bases:
Necessary technologies: Art. 6(1)(f) GDPR in conjunction with Section 25(2) TDDDG.
Non-necessary technologies: Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG, where used.
13. Consent Management on the Website (Real Cookie Banner)
On the website we may use a consent management tool, in particular Real Cookie Banner, in order to manage and document consent for optional technologies.
Consent status, timestamps, device/browser information, and technical evidence data may be processed.
Legal bases: Art. 6(1)(c) GDPR, Art. 6(1)(f) GDPR, and – where relevant – Section 25 TDDDG.
Information: https://devowl.io/rcb/data-processing/
14. Video Hosting / Streaming
For the playback of videos and media content, we may use services such as Cloudflare Stream or comparable technical delivery services.
Technically necessary data is processed, in particular IP address, device information, time of access, protocol data, and possibly performance and security data, insofar as this is necessary for delivery and stability.
Purpose: provision of video content, high-performance delivery, security, and stability.
Legal basis: Art. 6(1)(f) GDPR.
15. Newsletter (MailPoet)
If you subscribe to our newsletter, we process in particular your email address as well as the information required for subscription, confirmation, and documentation of your consent.
For sending the newsletter, we may use MailPoet.
Purpose: sending information, news, and product-related communication, where you have consented.
Legal basis: Art. 6(1)(a) GDPR.
Withdrawal: You can withdraw your consent at any time with effect for the future, e.g. via the unsubscribe link in the newsletter.
Privacy notice: https://www.mailpoet.com/privacy-notice/
16. AI Features / Processing via OpenAI
If you use AI features within MamaKlar, we process the content you enter (e.g. questions, texts, prompts), the generated responses, and technical metadata, insofar as this is necessary to provide the feature, ensure quality, prevent abuse, and ensure system security.
For this processing, we may use services from OpenAI as a technical service provider.
Purpose: provision of AI-supported features, system security, abuse prevention, technical error analysis.
Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
Privacy notice: https://openai.com/policies/eu-privacy-policy/
Note: Please do not enter any data into AI features that you do not wish to transmit, in particular no unnecessarily sensitive health data or confidential data of third parties.
17. Recipients, Processors, and Third-Country Transfers
We only pass on personal data if this is necessary to provide our services, you have consented, we are legally obliged to do so, or this is covered by legitimate interests.
Recipients may include in particular:
• hosting and infrastructure service providers,
• video/CDN service providers,
• newsletter service providers,
• AI service providers,
• Apple and Google in the context of store, login, and subscription features,
• tax, legal, or other advisors, where necessary.
Insofar as service providers act on our behalf, we conclude – where required – data processing agreements pursuant to Art. 28 GDPR.
Insofar as data is processed in countries outside the EU or the EEA, we ensure – where required – appropriate safeguards, in particular standard contractual clauses or an adequacy decision.
18. Storage Period
We only store personal data for as long as is necessary for the respective purposes.
The decisive factors are in particular:
• the duration of use of your account,
• the duration of active subscriptions or contractual relationships,
• statutory retention periods,
• limitation periods for legal claims,
• requirements of IT security and abuse prevention.
As soon as the respective purpose ceases to apply and no statutory or legitimate grounds for further storage exist, the data is deleted or anonymized.
19. Your Rights
Subject to the statutory requirements, you have in particular the following rights:
• right of access (Art. 15 GDPR),
• right to rectification (Art. 16 GDPR),
• right to erasure (Art. 17 GDPR),
• right to restriction of processing (Art. 18 GDPR),
• right to data portability (Art. 20 GDPR),
• right to object (Art. 21 GDPR),
• right to withdraw consent with effect for the future (Art. 7(3) GDPR).
In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).
20. Data Security
We take appropriate technical and organizational measures to protect personal data against loss, manipulation, unauthorized access, disclosure, or any other unauthorized processing.
These include in particular access restrictions, secured transmission paths, role-based access, authentication mechanisms, and measures to ensure availability, integrity, and confidentiality.
21. Changes to This Privacy Policy
We reserve the right to adapt this Privacy Policy if this becomes necessary due to changes in the legal situation, technical developments, new features, or changes in data processing. The current version published in the app or on our website applies in each case.
As of: March 2026