Privacy Policy for "What's Going On"

Last updated: 05/01/2025

Introduction

Welcome to "What's Going On," an iOS app developed by Fabian Gruß. This privacy policy outlines how we handle your data when you use our app.

Responsible for data processing regarding this app within the meaning of the General Data Protection Regulation (GDPR) is Fabian Gruß, Schneiderberg 29a, 30167 Hannover, Germany. The person responsible for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.

Data Collection and Usage

1. Account Data

When you create an account, we collect:

  • Email address (when using Sign in with Apple)

  • Name (optional)

  • Profile picture (optional)

Legal Basis: This data is processed to perform the contract between you and us, ensuring the core functionality of the app (Art. 6(1)(b) GDPR).

2. User Content

We store the following user-generated content:

  • Entries (text, dates, locations)

  • Media files (images, voice notes, map snapshots)

  • Friend connections

  • Places

Legal Basis: The processing of user content is necessary for the performance of the contract, enabling the app's core features such as saving entries and sharing with friends (Art. 6(1)(b) GDPR).

3. Technical Data

We collect minimal technical data necessary for the app's functionality:

  • Firebase Authentication tokens

  • Device tokens for push notifications

  • Basic device information for deep linking (via Branch.io)

Legal Basis: This data is processed to fulfill our legitimate interests in maintaining app security, ensuring functionality, and improving user experience (Art. 6(1)(f) GDPR).

4. Local Data

The following data is stored locally on your device:

  • Cached media files (limited to 100MB)

  • Temporary app data

Legal Basis: Local data storage is necessary for the performance of the contract, ensuring efficient app performance and usability (Art. 6(1)(b) GDPR).

Use of Your Personal Data

Your personal data is used exclusively for:

  • Providing core app functionality

  • Enabling friend connections and sharing features

  • Processing and storing your entries and media files

  • Authentication and account management

  • Sending push notifications about friend activities (when enabled)

Legal Basis: Each purpose relies on either the performance of the contract (Art. 6(1)(b) GDPR) or your consent, such as for push notifications (Art. 6(1)(a) GDPR).

Data Storage and Security

We use the following services to store and process your data:

  • Firebase Services:

    • Authentication: Secure user account management

    • Firestore: Database for entries and user data

    • Storage: Secure storage for media files

    • Cloud Functions: Processing friend connections

  • Branch.io:

    • Managing deep links for friend invitations

    • Basic device information for link attribution

All data is encrypted in transit and at rest using industry-standard protocols.

Legal Basis: Data storage and processing are necessary for the performance of the contract (Art. 6(1)(b) GDPR) and for legitimate interests in maintaining security and functionality (Art. 6(1)(f) GDPR).

Data Sharing

We share your data only in the following cases:

  1. With friends you explicitly choose to share with:

    • When you share entries with friends, the data remains encrypted and is only accessible to specifically authorized users.

    • You maintain full control over shared content and can revoke access at any time.

    • Shared entries remain protected by the same security measures as private entries.

  2. With our service providers (Firebase, Branch.io), who are bound by data processing agreements.

  3. When required by law or to protect rights.

We never:

  • Sell your personal data

  • Share your data for advertising purposes

  • Analyze your data for marketing

  • Use your data for purposes other than providing app functionality

Legal Basis: Data sharing is based on the performance of the contract (Art. 6(1)(b) GDPR) or legal obligations (Art. 6(1)(c) GDPR).

Data Retention

We retain your data for as long as you maintain an active account. When you delete your account:

  • Your personal data is immediately deleted

  • Your entries and media files are permanently removed

  • Cached data is cleared from our systems

Legal Basis: Data retention policies align with the necessity to perform the contract (Art. 6(1)(b) GDPR) and comply with legal obligations (Art. 6(1)(c) GDPR).

Children's Privacy

"What's Going On?" is suitable for users of all ages but does not specifically target children under 13. We do not knowingly collect personal information from children under 13.

Legal Basis: Any processing of children’s data relies on compliance with applicable laws, including parental consent where required (Art. 6(1)(a) GDPR).

Third-Party Links and Services

"What's Going On" may contain links to third-party websites and services, including but not limited to:

  • Apple's Terms and Conditions: The app may provide links to Apple's Terms and Conditions for users' reference. Please note that these terms and conditions are governed by Apple Inc.'s policies, and we do not have control over or responsibility for their content or practices. Users are encouraged to review Apple's Privacy Policy and Terms and Conditions when accessing these links.

  • Firebase (Google LLC). Privacy Policy: https://firebase.google.com/support/privacy, Purpose: Core app functionality, data storage, authentication

  • Branch.io. Privacy Policy: https://branch.io/policies/privacy-policy/, Purpose: Deep linking, friend invitations

  • Third-Party Service Providers: We use RevenueCat for in-app purchases and Superwall for displaying paywalls. Please refer to their privacy policies for more information:

Users should exercise caution and review the privacy policies and terms of any third-party websites or services they visit through "What's Going On." We are not responsible for the content, privacy policies, or practices of these third-party websites or services.

Your Privacy Choices

You can:

  • Access or delete your account data at any time

  • Control push notification permissions

  • Manage contact access permissions

  • Control location permissions

  • Choose what to share with friends

Rights of the Data Subject

The applicable data protection law grants you comprehensive data subject rights (rights to information and intervention) vis-à-vis the person responsible for the processing of your personal data, about which we will inform you below:

  • Right to information in accordance with Art. 15 GDPR: In particular, you have a right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data was or will be disclosed, planned storage period or the criteria for determining the storage period, the existence of a right to correction, deletion, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if they were not collected from you by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed which guarantees pursuant to Art. 46 GDPR when your data is forwarded to third countries exist;

  • Right to rectification in accordance with Art. 16 GDPR: You have the right to immediate rectification of incorrect data concerning you and/or completion of your incomplete data stored by us;

  • Right to deletion according to Art. 17 GDPR: You have the right to request the deletion of your personal data if the requirements of Art. 17 Para. 1 GDPR are met. However, this right does not apply in particular if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

  • Right to restriction of processing in accordance with Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is being checked, if you refuse to delete your data because of inadmissible data processing and instead request the restriction of the processing of your data if you need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;

  • Right to information in accordance with Art. 19 GDPR: If you have asserted the right to correction, deletion or restriction of processing against the person responsible, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

  • Right to data portability in accordance with Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible, insofar as this is technically feasible;

  • Right to revoke granted consent in accordance with Art. 7 Para. 3 DSGVO: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation;

  • Right to lodge a complaint pursuant to Art. 77 GDPR: If you believe that the processing of your personal data violates the GDPR, you have - without prejudice to any other administrative or judicial remedy - the right to lodge a complaint with a supervisory authority, in particular in the Member State where you live, work or where the alleged infringement took place.

Updates to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

Contact Us

For any questions or concerns regarding this privacy policy or the handling of your data, please contact us at gruss.dev+goingon@gmail.com.