KA:OS
deen
Inquiry

1. Controller

Webentwicklung Thomsen

Nils Thomsen

Westerende 3, 25584 Norstedt, Germany

Email: kontakt@webentwicklungthomsen.de

2. Scope

This privacy policy applies to the mobile app KA:OS and the related pages under /apps/kaos. It explains which data may be processed when using the app, opening this website and getting in touch with support.

3. Local use of the app

KA:OS primarily processes habits, anti-habits, planner entries, goals, daily reflections, moods, journal notes, buddy profiles, challenge progress and personal settings locally on your iPhone when you use these functions.

The purpose of the processing is to provide the core functions of the app. The legal basis is Art. 6(1)(b) GDPR where processing is necessary for using the app and Art. 6(1)(f) GDPR for the secure and stable operation of the digital service.

4. Local reminders, widgets and device context

If you activate reminders, local reminder schedules are created on your device. Widget content may be prepared as local summaries so mood, streak or circle context can be shown on your home screen.

The legal basis is Art. 6(1)(b) GDPR for app functions you actively request.

5. Apple Health and health context (optional)

If you connect Apple Health, the app may read steps, sleep and workout context to enrich habits, weekly insights or challenges with real-life context. If the relevant function is enabled, the app may also later write selected habit data or mindful-minutes context back to Apple Health.

This only happens after your explicit permission on the device. The legal basis is Art. 6(1)(a) GDPR. Any processing by Apple takes place under Apple's own data protection responsibility.

6. Contacts and circle invites (optional)

If you grant access to contacts, the app may suggest people from your address book so you can invite them into your private circle more easily.

This only happens if you actively allow the access. The legal basis is Art. 6(1)(a) GDPR.

7. Speech input and transcription (optional)

If you use speech features or voice notes for reflections, speech input may be converted into text. Depending on iOS configuration this may use Apple's speech recognition services.

The legal basis is your consent under Art. 6(1)(a) GDPR.

8. Optional cloud account, magic links and circles sync

If you use the optional cloud layer, email address, user ID, session data, circle profiles, buddy links, shared challenges, progress and proof notes may be processed in order to provide magic-link login, circle sync and shared challenges.

Based on the current project setup, a Supabase backend is used for this, with an EU-near deployment intended for configuration. The legal basis is Art. 6(1)(b) GDPR for the sync feature you request and Art. 6(1)(f) GDPR for a stable and secure operation.

9. In-app purchases and app store

If Pro features or unlocks are handled through Apple, payment processing is carried out by Apple as the platform provider. Apple processes the data required for purchase, billing and proof under its own responsibility. Webentwicklung Thomsen only receives the information technically required to assign or restore an unlock.

10. Support requests by email or form

If you contact support, the data you submit is processed to answer your request. This may include your name, email address, device information, screenshots, screen recordings and a description of the issue.

The legal basis is Art. 6(1)(b) GDPR where it concerns your concrete request and Art. 6(1)(f) GDPR for efficient communication and support handling.

11. Provision of the landing, support and legal pages

These pages are provided through Vercel. When the pages are accessed, technically necessary connection data such as IP address, time of access, requested URL, referrer and user agent may be processed so the website can be delivered and secured.

The legal basis is Art. 6(1)(f) GDPR. There is a legitimate interest in a secure, performant and stable operation of the website.

12. Cookies and technically necessary storage

The related web pages may use technically necessary cookies or similar storage technologies where required for security, consent management, presentation or functions you expressly request.

The legal basis is Art. 6(1)(f) GDPR in conjunction with Section 25(2) TDDDG. Optional technologies, if used, are only processed on the basis of consent under Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

13. Storage period

Locally stored app data generally remains on your device until you delete it yourself or remove the app, unless there is a legal obligation to retain it further. Support requests and web-related communication data are only stored as long as necessary for handling the request, traceability or legal retention duties.

14. Disclosure to third parties

Personal data is only disclosed where this is necessary to provide the service, where you have given consent or where a legal obligation exists. This may include Apple, hosting and communication service providers, Supabase for the optional cloud layer and the app store you use.

15. Your rights

Under the GDPR, you have the following rights in particular:

  • Access under Art. 15 GDPR
  • Rectification under Art. 16 GDPR
  • Erasure under Art. 17 GDPR
  • Restriction of processing under Art. 18 GDPR
  • Data portability under Art. 20 GDPR
  • Objection under Art. 21 GDPR
  • Complaint to a data protection supervisory authority under Art. 77 GDPR

16. Changes to this policy

This privacy policy will be updated if features of KA:OS or legal requirements change. The current version published on this page applies.

Updated: March 19, 2026