Privacy Policy
1. Controller
The controller responsible for processing personal data under this Privacy Policy is:
Lukas Ruszkowski
Switzerland
Email: luke2222@gmx.ch
2. What data we process and why
2.1 Account and Authentication
To register and sign in we require:
- Email address
- Password (stored exclusively as an encrypted hash)
Purpose: providing a personal account and secure login. Legal basis: performance of a contract (Art. 6(1)(b) GDPR / Art. 31(2)(a) revDSG).
2.2 App Content
You voluntarily enter data about your contacts:
- Names and notes about people
- Birthdays and personal events
- Conversation reminders and notes
- Photos (only when you explicitly add them)
This data is stored in your account on Supabase infrastructure and is accessible only to you. Purpose: core app functionality. Legal basis: performance of a contract.
2.3 Contact Import (optional)
If you use the import feature, the app will request one-time access to your address book. Device contacts are processed locally only during selection — nothing is transferred to servers before you explicitly import. Only the contacts you select are saved to your account.
2.4 Push Notifications
With your consent we process an Expo push token to deliver reminders to your device. The token is stored in your account. You can disable push notifications at any time in your device settings.
2.5 Payments and Subscriptions
Purchases (Pro subscription) are processed exclusively through Apple In-App Purchase. We do not receive any payment details (no credit card data, no billing address). RevenueCat manages the subscription status technically; this involves processing a user ID (corresponding to your account ID) and purchase data (products purchased, subscription status, timestamps, App Store country/currency). Apple's and RevenueCat's privacy policies also apply to payment processing.
2.6 Usage Analytics and Error Diagnostics
We use PostHog to understand how the app is used and to improve it. We collect usage events (e.g. "Onboarding started", "Paywall shown", completed reminders). We do not collect the contents of your contacts, notes, photos or messages, or any names.
After you sign in, these events are linked to a pseudonymous identifier corresponding to your account ID. We can therefore associate usage patterns with an account without viewing your content. The data is pseudonymous, not fully anonymous.
We also collect technical error diagnostics (error context and abbreviated system/SDK messages) to fix crashes. These contain no content you have entered.
PostHog is operated in the EU Cloud (eu.i.posthog.com). IP-based geolocation is disabled — no location data is derived from your IP address. There is no automatic capture of clicks or screens (no autocapture). Legal basis: legitimate interest in a functioning, improved app (Art. 6(1)(f) GDPR). You may object to analytical processing (see Section 5).
2.7 Session Recording (Onboarding and Purchase screens only)
To improve the onboarding experience and the clarity of our purchase screens, we record screen interactions via PostHog Session Replay — but exclusively during onboarding and on paywall / purchase screens. No recording takes place in the rest of the app (in particular on your contacts, notes, photos and reminders).
To protect your data, all text inputs and images are automatically masked (blacked out) in these recordings — entered content is not readable in the recordings. The recordings help us understand usability and drop-off points only; they are not used to identify individuals. Legal basis: legitimate interest (Art. 6(1)(f) GDPR). You may object to this processing (see Section 5).
3. Processors and Data Transfers
To provide the app we use the following service providers who process data on our behalf:
- Supabase Inc. — database, authentication, and file storage (photos). Server location: [PLEASE ENTER: your actual Supabase region, e.g. "EU (Frankfurt)" — visible in Supabase Dashboard → Project Settings → General]. Supabase Privacy Policy
- RevenueCat, Inc. — technical subscription management. Processing in the USA; safeguarded via EU Standard Contractual Clauses (SCCs). RevenueCat Privacy Policy
- PostHog, Inc. — product analytics. Operated via EU Cloud (eu.i.posthog.com). PostHog Privacy Policy
- Apple Inc. — payment processing (In-App Purchase) and push notification delivery. Apple Privacy Policy
Where data is transferred to countries outside Switzerland/the EEA (in particular the USA), this is done on the basis of appropriate safeguards such as EU Standard Contractual Clauses. We do not sell your data and do not share it with third parties for advertising purposes.
4. Retention
We store your data for as long as your account is active. If you delete your account (in the app under Settings → Delete Account), all your data will be completely and irreversibly deleted within 30 days.
5. Your Rights
You have the right to:
- Access your stored data
- Rectification of inaccurate data
- Deletion of your data (via "Delete Account" in the app or by email)
- Data portability (export all your data via Settings → Export Data)
- Object to processing based on legitimate interests
To exercise your rights, contact: luke2222@gmx.ch
6. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection authority. In Switzerland: Federal Data Protection and Information Commissioner (FDPIC). In the EU: the supervisory authority of your country of residence.
7. Security
All transmission between the app and servers uses encrypted HTTPS connections exclusively. Passwords are stored as hashes and are not accessible to us.
8. Children
BeeBetter is not directed at children under 13. We do not knowingly collect data from children.
9. Changes to this Policy
We may update this policy. The current version is always available at this URL. We will notify you within the app of any material changes.