← Back to Home

Privacy Policy

Last Updated: May 25, 2026  |  Version: 1.0

Part A: Website Privacy Policy

This section covers data processing when you visit this website (pokertrace.app). For data processing within the PokerTrace app itself, see Part B below.

A.1 Privacy at a Glance

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is all data with which you can be personally identified. Detailed information on the subject of data protection can be found in the privacy policy below.

A.2 Controller

The controller responsible for data processing on this website:

APTENTIC, Owner Denis Jegotin (sole trader, side business)
Regensburger Str. 32
92318 Neumarkt
Germany
Phone: 09181/4645217
Email: denis.jegotin@aptentic.com

The controller is the natural person who, as a sole trader in a side business, decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

A.3 Hosting and Content Delivery

Netlify

This website is hosted on servers of Netlify, Inc. The provider is Netlify, Inc., 2325 3rd Street, Suite 296, San Francisco, CA 94107, USA (hereinafter "Netlify").

When you visit this website, Netlify collects various log files including your IP addresses. For details, please refer to the Netlify privacy policy: https://www.netlify.com/privacy/

The use of Netlify is based on Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website. The company holds certification under the "EU-US Data Privacy Framework" (DPF).

A.4 General Information and Mandatory Disclosures

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

We point out that data transmission over the Internet (e.g. when communicating by email) can have security gaps. Complete protection of data from access by third parties is not possible.

Storage Duration

Unless a more specific storage period has been stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial law retention periods).

Legal Basis for Data Processing

Where we have obtained your consent for data processing, processing is carried out on the basis of Art. 6 Para. 1 lit. a GDPR. Where processing is necessary for the performance of a contract, processing is based on Art. 6 Para. 1 lit. b GDPR. Where processing is necessary for compliance with a legal obligation, it is based on Art. 6 Para. 1 lit. c GDPR. Processing may also be based on our legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR.

Right to Object to Data Collection in Special Cases and Direct Marketing (Art. 21 GDPR)

Where data processing is based on Art. 6 Para. 1 lit. e or f GDPR, you have the right to object at any time to the processing of your personal data on grounds relating to your particular situation; this also applies to profiling based on these provisions.

Right to Lodge a Complaint with a Supervisory Authority

In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement.

Right to Data Portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a commonly used, machine-readable format.

Access, Deletion and Correction

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient, and the purpose of data processing and, if applicable, a right to correct or delete this data.

SSL/TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

A.5 Data Collection on this Website

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources. The collection of this data is based on Art. 6 Para. 1 lit. f GDPR.

A.6 Fonts

System Fonts

This website uses exclusively system fonts already installed on your device (e.g. Arial, Segoe UI, San Francisco). No external fonts from third-party providers such as Google are loaded. This means that no data is transmitted to external servers and no personal data is processed in connection with fonts.

A.7 Email Contact

If you contact us by email, your request including all resulting personal data (name, request) will be stored and processed by us for the purpose of handling your request. We will not pass this data on without your consent.

The processing of this data is based on Art. 6 Para. 1 lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures.

A.8 Cookies and Similar Technologies

This website does not use cookies for tracking, analytics or advertising purposes. Only technically necessary functions are used that are required for the proper operation of the website. These do not require consent under the applicable regulations.

A.9 Disclaimer and Notices

Notice of Legal Violations

If you become aware of violations of applicable law, copyright infringements, or other legal problems on this website, please contact us immediately at denis.jegotin@aptentic.com. We will remove or correct the relevant content without delay after review.

Part B: App Privacy Policy

This section covers data processing within the PokerTrace mobile app.

1. Controller

Data controller responsible for processing:

APTENTIC, Owner Denis Jegotin
Regensburger Str. 32
92318 Neumarkt
Germany
Email: denis.jegotin@aptentic.com

2. Principles of Data Processing

We process your personal data in accordance with the principles of the GDPR (General Data Protection Regulation):

  • Lawfulness: Processing only with your consent or on a legal basis
  • Purpose limitation: Data is used only for specified purposes
  • Data minimisation: Only necessary data is collected
  • Storage limitation: Data is automatically deleted after 3 years of inactivity
  • Integrity and confidentiality: Technical and organisational protective measures

3. What Data We Collect

3.1 Required Data (necessary to use the app)

Account data:

  • Email address (for login and authentication)
  • Account creation date
  • Last login timestamp

Device information:

  • Device ID (unique identifier of your device)
  • Device type (e.g. "iPhone 15 Pro", "iPad Pro")
  • Operating system version (e.g. "iOS 17.2.1")
  • App version (e.g. "1.0.0")
  • Platform
  • Last activity date

Hand data (poker terminology: a "hand" is a single played round; it may contain the cards dealt, player actions in a betting round across any phases the user recorded — pre-flop, flop, turn, river — and an outcome, but does not need to be complete: it contains exactly as much information as the user chose to enter and save; "betting round" is standard poker terminology for the phases of a hand — we do not imply placing money; only the actions the user actually made are stored (e.g. fold, call, raise); unrelated to any physical or biometric data):

  • Hands played (cards, actions, positions, outcomes)
  • Session timestamps (retained only while the account is active; permanently removed upon anonymisation at account deletion)

Hand data is stored on our servers in your account, processed exclusively to compute statistics and power AI-assisted analysis, and retained until account deletion or 3 years of inactivity (see Section 8). Hand data is not shared with third parties in raw form — when AI analysis is used, your text input (your question) is transmitted to OpenAI, and the AI response may incorporate game-related statistical information that our backend computes from your hand data, as well as contextual details of the hand you are currently viewing or entering where relevant; no full raw hand datasets, personal identifiers, or unrelated account data are transmitted to OpenAI (see Section 6.1). You may request a full export (Art. 15 GDPR) or deletion (Art. 17 GDPR) of your hand data at any time. For a detailed explanation of what a hand contains and how it is used as a feature, see our Terms of Service (§ 3).

Free tier storage limit (referred to as "Welcome" in the app after registration — both names describe the same feature set): Free accounts may store up to 50 hands. Hands recorded before a downgrade from a paid tier are never retroactively deleted, but no new hands can be saved once the limit is reached.

Anonymised use for engine improvement (deleted accounts): Upon account deletion, your hand data is irreversibly anonymised — all personal identifiers (user ID, email, device) are permanently removed. Once anonymised, this data is no longer personal data within the meaning of Art. 4(1) GDPR. We retain and may use it indefinitely for analytics engine improvement and may in future use it to train proprietary AI or statistical models. The anonymisation process is designed to meet EDPB standards (including singling-out and linkability tests). Legal basis: Art. 6(1)(f) GDPR (legitimate interest in product improvement using non-personal data).

Optional opt-in: engine data sharing for active accounts: You may voluntarily opt in to allow us to use your hand data — anonymised on-the-fly — to improve our analytics engine while your account is still active. This is entirely optional and has no effect on your access to any feature. Legal basis: Art. 6(1)(a) GDPR (explicit consent). You can grant or revoke this consent at any time in the app settings. Revoking consent stops future data use immediately; hand data used in anonymised form before revocation remains valid (anonymisation is irreversible). The full history of your consent decisions (timestamps of grant and revocation) is recorded and stored in accordance with Art. 7(1) GDPR.

The term "hand" exclusively refers to poker gameplay data — we do not collect, process, or store any biometric, physical, or health-related data of any kind. We are not liable for any misuse of the AI feature, nor for any biometric or personal data a user discloses in their own text input to the AI.

Consent data:

  • Timestamp of acceptance of the Privacy Policy and Terms of Service
  • Version of the accepted documents (e.g. "1.0")
  • Confirmation method (Apple Sign In)

Note on registration: Registration is completed via Sign in with Apple. Before the Apple Sign In sheet is presented, the app displays the Privacy Policy and Terms of Service, which must be acknowledged. Upon successful Apple authentication, consent is recorded automatically at the current policy version. The email address provided by Apple (either the user's real Apple ID email or an Apple private relay address) is stored to the account. Without completing registration, account-bound features (hand tracking, statistics, premium features) cannot be used.

3.2 Optional Data

Push notification token:

  • Device token for push notifications
  • Stored when push notifications are enabled in your device's system settings and the app registers the token
  • The token is deleted when you log out (single-device logout or logout from all devices) or when your account is permanently deleted. During an active 30-day grace period (deletion request in the app), the token remains active — it is only removed upon final account deletion.
  • Note: Disabling push notifications in your device's system settings stops the delivery of notifications, but does not automatically delete the token — logging out is required for that

Purchase data (for in-app purchases):

  • Subscription status (active/inactive/expired)
  • Product ID (which subscription or purchase)
  • RevenueCat-linked identifiers for subscription synchronisation (app user ID / customer ID, entitlement ID)
  • Purchase and subscription event history received from RevenueCat webhooks
  • Purchase date
  • Note: Payment processing is handled exclusively by the respective app store (Apple App Store or Google Play Store). We have no access to payment data (credit cards, bank details). Subscription status is mirrored locally in our database so purchased features can be unlocked reliably. Statutory retention obligation of 10 years (German tax law).

4. Legal Bases for Processing

Data typeLegal basisGDPR Article
Account dataPerformance of contractArt. 6(1)(b)
Hand dataPerformance of contractArt. 6(1)(b)
Device informationLegitimate interest (security)Art. 6(1)(f)
Consent dataLegal obligationArt. 6(1)(c)
Purchase dataLegal obligation (tax law)Art. 6(1)(c)
Push tokenConsentArt. 6(1)(a)
AI text processing (NLP)Performance of contract; legitimate interestArt. 6(1)(b), (f)
Anonymised hand data (engine improvement, deleted accounts)Legitimate interest — data is no longer personal data after anonymisationArt. 6(1)(f) / Art. 4(1) GDPR
Hand data (engine improvement, active accounts — opted-in only)ConsentArt. 6(1)(a) GDPR

5. How We Use Your Data

5.1 Core Services (required)

  • Authentication: Exclusively via Sign in with Apple
    • Existing sessions are automatically terminated upon security events (e.g. explicit logout from all devices)
  • Hand management: Storage of your poker hands for statistics (Free tier: up to 50 hands; paid tiers: unlimited)
  • Device tracking: Support for multiple devices
  • Account management: Profile management, settings

5.2 Extended Features (optional)

  • AI-powered game analysis:
    • You can ask questions about your hands in natural language
    • Your text input is transmitted to the OpenAI API for processing; the AI response may incorporate game-related statistical information computed by our backend, as well as contextual details of the hand you are currently viewing where relevant — no full raw hand datasets or personal identifiers are passed to OpenAI
    • Important: AI provides informational and coaching-style guidance based on your personal game history — any percentage figures are statistically derived from your recorded data, not from theoretical hand equity or GTO solver algorithms (see Terms of Service § 8.2–8.3)
    • AI queries are subject to per-session limits (4-hour rolling window, tier-dependent); Free tier has a fixed lifetime cap (see Terms of Service § 3.6)
    • For more details on AI usage, see our Terms of Service (§ 8).
  • Engine data sharing (optional opt-in):
    • If you choose to opt in, your hand data is anonymised on-the-fly and may be used to improve our analytics engine
    • You can withdraw consent at any time in the app settings — this stops future use immediately
    • See Section 3.1 for full details
  • Push notifications:
    • Once you have enabled push notifications in your device's system settings and the app detects this, your push token is stored (see Section 3.2)
    • No notifications are sent without your consent

5.3 Legal Purposes

  • Statutory tax retention: Purchase receipts for 10 years (§ 147 AO)
  • Compliance: Documenting GDPR consents

6. Automated Decision-Making (Art. 22 GDPR)

We do NOT use automated decision-making processes that have legal effect or similarly significantly affect you.

AI analysis is used solely to provide information about your game statistics. It makes no decisions about your account, your eligibility to play, contractual conditions, or other rights. All critical decisions (e.g. account suspensions) are made by human staff.

6.1 Use of Artificial Intelligence (OpenAI)

We currently use the OpenAI API as a natural language interface. All statistical analysis of your hand data is performed exclusively by our own analytics engine on our servers — the AI companion does not analyse your hands. The AI companion's role is solely to interpret your question and formulate a human-readable response based on the computed results our engine provides. The AI backend may change over time (e.g. different third-party providers or a proprietary model) — any material change will be reflected in an updated Privacy Policy.

Data transmitted to OpenAI:

  • Your text input (the question you ask)
  • Game-related statistical information computed by our analytics engine from your hand data (e.g. aggregate metrics, summaries) — this is the context needed to generate a response
  • Where relevant, contextual details of the hand you are currently viewing or entering (e.g. cards, actions, position data for that specific hand)
  • Partial session context from your current conversation (e.g. prior questions and responses within the same session) where needed to maintain coherence of the response
  • No full raw hand datasets, no personal identifiers (email, name, user ID, device IDs), no unrelated account data

Conversation history across sessions is not stored by us. Each session starts fresh — the AI has no memory of previous sessions. Within a single session, partial context may be passed to OpenAI to improve response coherence. Your text input and session context are transmitted to OpenAI solely to generate the current response and are not retained by us beyond the session. For information on how OpenAI handles transmitted data on their end, see OpenAI's Privacy Policy.

For information on data processing by OpenAI, please refer to OpenAI's Privacy Policy: https://openai.com/policies/privacy-policy

For more details on AI analysis, see our Terms of Service (§ 8).

7. Disclosure of Data to Third Parties (Processors)

We share your data only with the following service providers (all based in the USA):

7.1 Resend (Email delivery)

  • Purpose: Sending transactional account notifications (e.g. deletion confirmations, inactivity warnings, data export). Marketing emails are optional and only sent if explicitly activated in the app settings.
  • Data shared: Email address
  • Location: USA
  • Legal basis: Data processing agreement (Art. 28 GDPR)
  • Privacy Policy: https://resend.com/legal/privacy-policy
  • Data Processing Agreement: https://resend.com/legal/dpa

7.2 RevenueCat (Subscription management)

  • Purpose: Retrieving, validating and managing the subscription status of your app account
  • Data we transmit: Your app user ID (an internal UUID) to link your app account to the subscription purchased through the respective app store
  • Note: You do not create a RevenueCat user account and do not interact directly with RevenueCat. For information on how RevenueCat processes your data, please refer to RevenueCat's Privacy Policy.
  • Location: USA
  • Legal basis: Data processing agreement (Art. 28 GDPR)
  • Privacy Policy: https://www.revenuecat.com/privacy
  • Data Processing Agreement: https://www.revenuecat.com/dpa

7.3 OpenAI (AI analysis)

  • Purpose: Processing text input to answer questions about game statistics
  • Data shared: Your text input (the question asked) and game-related statistical summaries computed by our analytics engine (e.g. aggregate metrics from your hand data) — NO raw hand records, NO personal identifiers
  • Location: USA
  • Legal basis: Performance of contract (Art. 6(1)(b) GDPR) for users who actively use the AI companion feature; legitimate interest (Art. 6(1)(f) GDPR) in providing an enhanced user experience
  • Privacy Policy: https://openai.com/policies/privacy-policy
  • Data Processing Addendum: https://openai.com/policies/data-processing-addendum

Note: Please review the terms of service and privacy policies of the third-party providers listed above. Data transfers to the USA are made on the basis of standard contractual clauses (Art. 46 GDPR).

7.4 What Happens When an Account is Deleted?

Upon deletion of your account:

  • OpenAI: For information on data retention by OpenAI, please see their Privacy Policy: https://openai.com/policies/privacy-policy
  • Resend: For information on data retention by Resend, please see their Privacy Policy: https://resend.com/legal/privacy-policy
  • Subscriptions / RevenueCat: After final account deletion, access to all premium features is permanently terminated. We attempt to delete the linked RevenueCat customer using your app user ID. Local purchase history is anonymised (not deleted — statutory retention obligation). For information on cancelling active subscriptions, see our Terms of Service (§ 5.2 and § 10.4).

8. Retention Periods

Data typeRetention periodLegal basis
Account dataUntil account deletion OR 3 years of inactivityArt. 5(1)(e) GDPR
Hand data (linked)Until account deletion OR 3 years of inactivityArt. 5(1)(e) GDPR
Hand data (anonymised)Indefinitely (no longer personal data after anonymisation)N/A — not personal data
Device informationUntil account deletionArt. 5(1)(e) GDPR
Consent dataUntil account deletionProof obligation Art. 7(1) GDPR
Purchase data and subscription event history (anonymised)10 years after purchase§ 147 AO (German tax law)
Push tokenUntil logout or final account deletionArt. 5(1)(e) GDPR

8.1 Automatic Deletion Due to Inactivity

3-year rule (automated, checked daily):

  • After 2 years of inactivity: Warning by email
  • After 3 years of inactivity: Automatic account deletion
  • Purpose: Data minimisation and storage limitation (Art. 5(1)(e) GDPR)

9. Your Rights Under GDPR

You have the following rights regarding your data:

9.1 Right of Access (Art. 15 GDPR)

You can request a copy of your stored personal data at any time. The export is triggered directly in the app and automatically sent as a JSON file to your registered email address. Alternatively, contact denis.jegotin@aptentic.com (response time: 30 days).

Includes:

  • Account information
  • All device data
  • Consent history
  • Hand data (all hands linked to your account at the time of export)
  • Local subscription status and locally stored subscription event history
  • Note: Store-native receipts remain managed by Apple / Google and RevenueCat.

Note: Internal algorithms, AI system logic, and technical processing models are not personal data of the user and are therefore not included in the export. Aggregate statistics displayed in the App are computed in real-time from your hand data and are never stored separately — they are fully reproducible from the exported hand records and are therefore not included as a separate item in the export.

9.2 Right to Rectification (Art. 16 GDPR)

Your email address is completely bound to your Apple ID and managed exclusively by Apple. We store it as provided by Apple and do not manage it independently. To exercise rectification rights regarding your email address, please refer to Apple's account management.

9.3 Right to Erasure / Right to be Forgotten (Art. 17 GDPR)

Option 1 – In-app deletion with grace period (recommended):

  • Deletion directly in the app under account settings
  • 30-day grace period (you can cancel the deletion)
  • Automatic deletion after 30 days
  • We recommend cancelling the deletion request well before the grace period expires. Cancellation requests received shortly before or simultaneously with the automated deletion process may no longer be technically possible to process.

Option 2 – Automatic deletion (inactivity):

  • Automatically deleted after 3 years without activity
  • Warning after 2 years

What is deleted / anonymised:

  • Account data
  • All devices
  • Consents
  • Active local subscription state is deleted
  • Purchase data and subscription event history are ANONYMISED (not deleted — tax law)
  • Hands are ANONYMISED (not deleted) — all personal identifiers are irreversibly removed. The anonymised records are no longer personal data within the meaning of Art. 4(1) GDPR and are retained by APTENTIC indefinitely for analytics engine improvement. The anonymisation meets EDPB standards. They cannot be linked back to you.

9.4 Right to Restriction of Processing (Art. 18 GDPR)

The right to restriction applies in certain legal exceptional cases (e.g. disputed data accuracy or ongoing legal claims). In practice, the most effective measure is the complete deletion of your data (see Section 9.3). For individual requests, contact us at denis.jegotin@aptentic.com.

9.5 Right to Data Portability (Art. 20 GDPR)

The export is triggered directly in the app and automatically sent to your registered email address. Alternatively: denis.jegotin@aptentic.com (response time: 30 days).

9.6 Right to Object (Art. 21 GDPR)

You can object to processing at any time:

  • Push notifications: When you log out, your push token is automatically deleted. To stop receiving notifications, disable push notifications in your device's system settings — this is outside the app and controlled by the operating system.
  • Processing based on legitimate interest (Art. 6(1)(f) GDPR): You may object to processing activities based on legitimate interest — e.g. device information processing or AI feature processing. Contact us at denis.jegotin@aptentic.com. We will assess whether our legitimate interests override your rights in the specific case and respond within 30 days.

Note on anonymised hand data: After account deletion, your hand data is irreversibly anonymised and no longer constitutes personal data within the meaning of Art. 4(1) GDPR. Because anonymised data cannot be linked back to any individual, the right to object does not apply to it — it is no longer your personal data and cannot be attributed to you.

Response time: We will process your objection within 30 days (Art. 12(3) GDPR).

Note on data deletion: For a regular account deletion (see Section 9.3), a 30-day grace period applies during which you can cancel the deletion. This grace period does not apply if you object to the processing of required data — in that case, your account is immediately and irrevocably deleted (see Section 9.3).

10. Account Access and Apple ID

Authentication is handled exclusively via Sign in with Apple. Your Apple ID is your identity anchor — we do not store passwords, OTP codes, or any independent login credential.

Access to your account is entirely dependent on your Apple ID. If you lose access to your Apple account, please use Apple's own account recovery process. We have no ability to verify your identity independently or restore access to your account.

Disclaimer: We accept no liability for damages arising from loss of access to your Apple ID or unauthorised use of your Apple account.

11. Age Restriction (App Store Compliance)

This app is designed for users aged 18 and over.

Age verification:

  • Age verification is carried out by the respective platform (App Store) through their age rating system — we do not conduct independent age verification.

If we discover or become aware that a user is under 18 years of age, we will immediately suspend the account and delete all associated data. Parents or guardians may contact us at denis.jegotin@aptentic.com.

12. Data Security

We implement technical and organisational measures to protect your data:

Technical measures:

  • SSL/TLS encryption for all data transmissions
  • Encrypted database connections
  • Token-based authentication

Organisational measures:

  • Access restrictions (only admins have access)
  • Regular security updates
  • Audit logging for admin actions
  • Rate limiting against brute-force attacks

Hosting:

  • Database: PostgreSQL (encrypted)
  • Backend: Hosted on secure cloud servers located in Frankfurt, Germany (EU). Data transfers to third-party processors outside the EU/EEA are described in Section 7.
  • Backup strategy (regular backups)

13. Cookies and Tracking

Our app does NOT use cookies.

Tracking:

  • We collect internal aggregate usage statistics (e.g. which analytics functions are called and how often, broken down by subscription tier). This data contains no personal identifiers — no user ID, email, or device data — and is used solely for product development and service improvement.
  • No individual user behaviour is tracked or profiled.
  • We do not use advertising trackers, third-party analytics SDKs, or any form of cross-app tracking.

14. Changes to This Privacy Policy

For material changes:

  • You will be informed by push notification or email
  • The new version will be displayed in the app
  • You must accept the new version to continue using the app
  • Version history is accessible in the app

Current version: 1.0 (May 25, 2026)

15. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority:

Responsible authority for Bavaria:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Phone: +49 (0) 981 180093-0
Email: poststelle@lda.bayern.de
Website: https://www.lda.bayern.de

Note: Please check the authority responsible for your place of residence at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

16. Contact

Email: denis.jegotin@aptentic.com

Response time: Within 30 days (GDPR Art. 12)

Imprint (Legal Notice): Available in the App under "Settings" → "Legal". The Imprint contains the mandatory provider information pursuant to § 5 DDG (formerly § 5 TMG).

17. Data Breaches (Art. 33, 34 GDPR)

In the event of a personal data breach (e.g. unauthorised access to personal data):

  • Notification to supervisory authority: Within 72 hours of becoming aware (Art. 33 GDPR)
  • Notification of affected users: By email, if there is a high risk to your rights and freedoms (Art. 34 GDPR)
  • Content of notification: Nature of the breach, categories of data affected, countermeasures taken, and recommendations for self-protection

End of Privacy Policy