Privacy Policy

What Data We Process

• Account: Email, password hash, verification/reset tokens (short TTL), login attempts/lockUntil, alias.
• App Content: Todos (text, due dates, reminder settings), lists/tags, optional notes, shared list data (share codes, collaborators).
• Encryption model: Data is encrypted in transit (TLS) and at rest by infrastructure providers. Todo content is currently not end-to-end encrypted and is processed server-side for sync, collaboration and reminders.
• Push: Web push subscriptions (VAPID) and native push tokens (Google FCM). The latter is purely optional and only active via cross-device opt-in. We store device metadata (browser/OS) and delivery health status.
• Settings: UI/privacy/performance flags. Technical logs (error reports) are collected to ensure system stability and for error analysis.
• Technical: Server logs, session/auth cookies. Local: Offline snapshots of lists and caches (localStorage/IndexedDB) for performance and offline use.
• Audio: Voice commands are processed via Microsoft Azure Speech Service (EU servers). We receive only the transcribed text and store no raw audio.
• Images: Braille art and photos are stored exclusively locally on your device's filesystem (Documents/GigaGrindset/). No upload to our servers takes place.
• Biometrics: If biometric login is active, authentication is performed by the operating system (Secure Enclave / Android BiometricManager). The app only receives a success/failure signal; we have no access to your biometric data.

Speech Recognition & Providers

• Microsoft Azure Speech Service (EU region): Audio is sent to Azure servers in the EU (Frankfurt or Amsterdam) for transcription. Azure claims GDPR compliance and does not permanently store audio data. We receive only the transcript and store no raw audio.
• Neither we nor Azure store your voice recordings. Only the transcript (recognized text) is transferred to your todo input field. The microphone is active only during recording.

Purpose & Legal Basis

• App features (Todos, sync, reminders, collaboration): Art. 6(1)(b) GDPR (contract).
• Security/abuse prevention (login protection, health): legitimate interest, Art. 6(1)(f).
• Push notifications, microphone, camera and biometrics: consent in client.

Where Data Is Stored / Recipients

• Hosting/API/Cron: Railway.
• Database: MongoDB Atlas (production cluster).
• Push Services: Web push (VAPID via browser providers) and native notifications via Google FCM (Firebase Cloud Messaging).
• Capacitor App: Loads web assets locally from the device. API communication is encrypted with gigagrindset.de.
• This means: secure transport and encrypted storage at provider level, but no end-to-end encryption for Todo content yet.

Storage & Deletion

• Data is retained until account deletion.
• Tokens (verification/reset) have short TTL; push subscriptions are cleaned up on errors/inactive; logs rotate/short-term.
• Self-Service: Account and data can be deleted directly in the app (Main Menu → Account → My Data) or via web:
  • Delete Data (keeps account): https://gigagrindset.de/account/delete-data
  • Delete Account (removes everything): https://gigagrindset.de/account/delete-account
• Export/deletion on request via giga-grindset@proton.me.

Permissions

• Microphone (RECORD_AUDIO): For speech-to-text via Microsoft Azure (EU).
• Notifications (POST_NOTIFICATIONS): For local and optional push reminders.
• Camera (CAMERA): For the Braille camera and photo function. Images stay local.
• Biometrics (USE_BIOMETRIC): For the optional biometric login.
• No location or contact access.

Cookies & Local Storage

• Session/auth cookies for login.
• Service worker caches for performance.
• localStorage for notification fallbacks/prefs.

Your Rights

Access, rectification, erasure, restriction, data portability, objection; complaints to the competent supervisory authority possible. Contact: giga-grindset@proton.me.