Back to homepage

Privacy Policy

This privacy policy informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as "Data") in the context of using this website. With regard to the terminology used, such as "Processing" or "Controller", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

1. Name and contact details of the controller responsible for processing

This data protection information applies to data processing by:

Controller:
Dominik Dewitz
Albanikirchhof 9
37073 Göttingen
Germany
E-Mail: hello[at]dominikdewitz.com

2. Collection and storage of personal data and the nature and purpose of their use

a) When visiting the website

When you visit our website, information is automatically sent to the server of our website by the browser running on your device. This information is temporarily stored in a so-called log file.

The following information is collected without your intervention and stored until automated deletion:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which access is made (referrer URL)
  • Browser used and, if applicable, the operating system of your computer

The aforementioned data is processed by us for the following purposes:

  • Ensuring a smooth connection setup of the website
  • Ensuring comfortable use of our website
  • Evaluation of system security and stability as well as
  • for other administrative purposes

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above for data collection. In no case do we use the collected data for the purpose of drawing conclusions about your person.

b) When using the application

When using our expense management application, the following data is stored encrypted:

  • Group name and group description
  • Names of group members
  • Expenses and their descriptions
  • Repayments between group members

End-to-End Encryption:
All sensitive data is stored with end-to-end encryption. This means that only you and the members of your group have access to the unencrypted data. We as operators cannot view your personal expenses and names. The encryption takes place in your browser before the data is transmitted to our servers.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR, since the processing is necessary for the performance of the contract or for the implementation of pre-contractual measures.

3. Hosting

We host the content of our website with the following provider:

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany
https://www.hetzner.com/

The legal basis for using Hetzner is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the most reliable possible presentation of our website.

4. Cookies

We do not use cookies on our website. The application works completely without the use of cookies or similar technologies for storing information on your device. All necessary functions are implemented through local browser technologies (Local Storage), which are used exclusively for storing your encrypted group data and do not serve tracking or analysis purposes.

5. Data sharing

Your personal data is not transmitted to third parties for purposes other than those listed below.

We only share your personal data with third parties if:

  • You have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR
  • the sharing is necessary in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not sharing your data
  • in the event that there is a legal obligation to share data in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR
  • this is legally permissible and necessary in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR for the processing of contractual relationships with you

6. Data subject rights

You have the right:

  • in accordance with Art. 15 GDPR to request information about your personal data processed by us. In particular, you may request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to complain, the origin of your data, if it was not collected from us, as well as the existence of automated decision-making including profiling
  • in accordance with Art. 16 GDPR to immediately request the correction of incorrect or completion of your personal data stored with us
  • in accordance with Art. 17 GDPR to request the deletion of your personal data stored with us, unless the processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims
  • in accordance with Art. 18 GDPR to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR
  • in accordance with Art. 20 GDPR to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller
  • in accordance with Art. 7 para. 3 GDPR to revoke your consent given to us at any time. This means that we may not continue the data processing based on this consent for the future
  • in accordance with Art. 77 GDPR to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace for this purpose

7. Right to object

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided there are grounds arising from your particular situation. If you wish to exercise your right to object, an e-mail to: dominik@dewitz.org is sufficient

8. Data security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in accordance with technological developments. Particularly noteworthy is our end-to-end encryption, which ensures that sensitive data is encrypted before transmission.

9. Storage period

Your encrypted group data is stored as long as you actively use the application. You can delete a group at any time, which will irreversibly remove all associated data. Server log files are automatically deleted after 30 days. Unless a more specific storage period is mentioned within this privacy policy, your personal data remains with us until the purpose for data processing ceases to apply.

10. Currency and changes to this privacy policy

This privacy policy is currently valid and is dated January 2025.

Due to the further development of our website and offers about it or due to changed legal or official requirements, it may become necessary to change this privacy policy. The current privacy policy can be retrieved on the website at any time.