Legal

Privacy Policy

Last updated: May 2026 · Journey, Andorfer Webdesign

1. Data Controller

The controller within the meaning of the GDPR is:
Andorfer Webdesign
Andre Andorfer
Mozartstr. 11, 94060 Pocking, Germany
Phone: +49 8531 1387471
Email: kollaboration@andorfer-webdesign.de
Web: journey-app.info

2. Data We Collect

  • Registration: Email address, phone number (optional), username
  • Profile: Profile picture (optional), display name
  • Messages: Text and image content, timestamps, sender/recipient IDs (E2E encrypted)
  • AI features: Message text sent to AI service for processing (opt-in per feature)
  • Location: GPS coordinates, only when explicitly enabled by the user
  • Device: Push token for notifications, IP address (server-side, not stored permanently)
  • Purchases: Transaction ID, product ID, purchase timestamp (no payment data)

3. Legal Basis

Contract performance (Art. 6(1)(b) GDPR): Operating the messenger service, message delivery, account management.

Legitimate interests (Art. 6(1)(f) GDPR): Security and abuse prevention, technical operation.

Consent (Art. 6(1)(a) GDPR): AI processing, location sharing, push notifications.

Legal obligation (Art. 6(1)(c) GDPR): Retention of purchase records.

4. Third-Party Processors

Supabase

Supabase Inc., USA. Data stored on AWS eu-central-1 (Frankfurt). DPA in place. Privacy Policy →

Anthropic (AI)

Anthropic PBC, USA. Message content processed for AI features. No personal identifiers transmitted. No training on API requests. Privacy Policy →

RevenueCat

RevenueCat Inc., USA. Subscription management. Transaction IDs and entitlement status. Privacy Policy →

Expo / Stream

Push notifications (Expo Services) and video/audio calls (Stream Inc.). Only technically necessary identifiers.

5. Retention Periods

  • Messages: until actively deleted by the user
  • Account data: until account deletion
  • Purchase records: 10 years (statutory tax retention)
  • Location data: for the period selected by the user

6. Your Rights (Art. 15–21 GDPR)

  • Access, Rectification, Erasure, Restriction, Portability, Objection
  • Delete your account directly in the app: Settings → Delete account
  • Contact: kollaboration@andorfer-webdesign.de

7. Data Security

All connections are TLS encrypted. Messages are end-to-end encrypted.