Skip to main content

Privacy Policy (Datenschutzerklaerung)

Last updated: June 5, 2026

This privacy policy explains how personal data is processed when using FlokiGuide. It is a working draft and should be reviewed by legal counsel before production use.

1. Data controller (Verantwortlicher)

Devrupt UG
Letteallee 6
13409 Berlin
Germany
Email: info@flokiguide.is / info@flokiguide.com

2. Categories of processed data

  • Account data (e.g. email address, login details)
  • Usage and device data (e.g. browser type, timestamps, technical logs)
  • Analytics preference records (consent status, version, and decision timestamp)
  • Pseudonymous analytics identifiers and event data (only when analytics consent is granted)
  • User-generated trip planning content
  • Communication data when contacting support

3. Purposes and legal bases (Art. 6 GDPR)

  • Provision of the service and account management (Art. 6(1)(b) GDPR)
  • Platform security, abuse prevention, and operations (Art. 6(1)(f) GDPR)
  • Compliance with legal obligations (Art. 6(1)(c) GDPR)
  • Optional product analytics via PostHog based on consent (Art. 6(1)(a) GDPR)
  • Optional marketing communications, where separately enabled, based on consent (Art. 6(1)(a) GDPR)

4. Recipients and processors

We use processors (Auftragsverarbeiter) that process data on our behalf, including:

  • Supabase (authentication and database infrastructure)
  • RevenueCat (subscription and billing orchestration)
  • PostHog (product analytics, only when analytics consent is granted)
  • Mapbox/CDN providers (map content and static asset delivery)

For analytics, we use pseudonymous identifiers and avoid sending direct identifiers like email addresses.

5. International data transfers

Where processors transfer personal data outside the EEA, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) and supplementary measures where required. For analytics, we configure PostHog to use EU ingestion by default.

6. Retention periods

  • Account and profile data: retained while your account is active and as needed for contractual/legal obligations.
  • Operational logs and security events: retained for a limited period according to security and abuse-prevention needs.
  • Analytics data: retained according to configured PostHog retention settings and deleted or anonymized when no longer required.

7. Your rights

You may have rights to access, rectification, erasure, restriction, portability, and objection under GDPR. You may also revoke analytics consent at any time with effect for the future using the “Privacy settings” link in the footer.

8. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your residence, place of work, or the place of the alleged infringement.

9. Security

We use technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.

10. Changes to this policy

We may update this privacy policy from time to time. The latest version is published on this page.

Privacy settings

We use necessary storage for sign-in/session and optional analytics to help us make Flóki better for you. You can change this anytime in Privacy settings.