Privacy Policy

Last updated: March 2026

We take the protection of your personal data very seriously. This privacy policy informs you about how we handle your data when you use our app Still OK.

1. Data Controller

The data controller responsible for data processing is:

Nicolas Autzen
Heinrich-Vogeler-Weg 18
27726 Worpswede
Germany
Email: contact@still-ok.com

2. Data We Collect

We collect and process the following data:

• Your name (for personalized notifications)
• Your check-in times
• Your check-in interval settings
• Emergency contact names and email addresses
• Device token for push notifications
• Language preference
• Anonymous device identifier (UUID)
• Account creation date
• Your GPS location (only if you explicitly enable location sharing)
• Emergency contact phone numbers (used for WhatsApp and SMS notifications)
• Custom notification messages (if you configure personalized messages for your contacts)
• Subscription and purchase data (processed by your app store and our subscription management provider)
• Phone number type (mobile, landline, or VoIP — determined via our messaging provider to select the appropriate notification channel)
• WhatsApp availability status per contact (cached temporarily to optimize message delivery)
• Emergency profile information (Premium only) — safety details you voluntarily provide, such as medical conditions, allergies, blood type, dependents, pet care needs, home access details, and key contacts. This data is included in emergency notifications sent to your contacts.
• Account credentials (optional) — if you create an account via Apple Sign-In or Google Sign-In, your email address and authentication provider are stored to enable account recovery and multi-device access. The app works fully without an account.

3. Purpose and Legal Basis

We process your data for the following purposes:

a) Core App Functionality

• To provide the deadman's switch functionality
• To send reminder notifications before your check-in deadline
• To notify your emergency contacts via email, WhatsApp, and/or SMS if you miss a check-in

Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) - this processing is necessary to provide the service you requested.

b) App Improvement

• To improve our app through crash reports (Firebase Crashlytics)
• To analyze app usage patterns (Firebase Analytics)

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) - we have a legitimate interest in improving our app and fixing bugs.

c) Ad-Free Experience

Still OK is completely ad-free — both the free and premium versions. We do not display advertisements or share data with advertising networks.

privacySection3cLegal

d) Location Sharing (Optional)

If you enable location sharing, your GPS location is recorded during each check-in and stored securely. In an emergency, this location is included in notifications (email, WhatsApp, and SMS) sent to your contacts to help them find you.

If you grant "Always" location permission, the app uses low-power background location monitoring (iOS: significant-change location service; Android: balanced-accuracy location updates) to keep your location current even when the app is closed. This data is stored exclusively on EU servers and is only used for emergency notifications.

Legal basis: Consent (Art. 6(1)(a) GDPR) - you explicitly opt in to location sharing. You can withdraw your consent at any time by disabling location sharing in the app settings, which will also delete your stored location data.

e) Premium Features and Messaging

If you subscribe to premium features, we process your subscription status to unlock premium functionality such as flexible check-in intervals, WhatsApp and SMS notifications, GPS location sharing, SOS alerts, unlimited contacts, and an emergency profile. The emergency profile lets you store structured safety information (medical details, dependents, pet care, home access) that is automatically included in alert emails sent to your contacts. Your contacts' phone numbers are transmitted to our messaging provider for WhatsApp and SMS delivery, and to determine the phone number type (mobile, landline, or VoIP) for automatic channel selection. WhatsApp messages are delivered via the Meta/WhatsApp Business Platform through our messaging provider.

Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) - this processing is necessary to provide the premium services you purchased.

f) Optional Account (Social Login)

The app works without an account (anonymous mode). If you choose to create an account via Apple Sign-In or Google Sign-In, we receive your email address and an authentication token from the provider. This data is processed by Firebase Authentication to enable account recovery and multi-device access. We do not receive or store your Apple or Google password.

Legal basis: Consent (Art. 6(1)(a) GDPR) - you explicitly choose to create an account. You can disconnect your account at any time in the app settings.

4. Third-Party Services

We use the following third-party services:

Firebase (Google)

For data storage, authentication (including optional Apple/Google Sign-In), push notifications, crash reporting, and analytics. Your data is stored exclusively in European data centers (EU).

Firebase Privacy Policy

Email Service (Resend)

Emergency notifications and test emails are sent via Resend, an email service provider that processes your data in the EU (Ireland). The emails contain your name and are sent to the email addresses you specified as emergency contacts.

Resend Privacy Policy

Messaging & Phone Lookup (Twilio)

WhatsApp messages, SMS messages, and phone number lookups are processed via Twilio, a US-based communications platform. Twilio is used for: (1) delivering WhatsApp notifications via the Meta/WhatsApp Business Platform, (2) delivering SMS notifications, and (3) determining the phone number type of your contacts (mobile, landline, or VoIP) to select the appropriate notification channel. The data transmitted includes your contacts' phone numbers, your name, an alert message, and optionally your location. Phone type results and WhatsApp availability are cached for up to 30 days to avoid repeated lookups. Twilio processes this data under Standard Contractual Clauses (SCCs) to ensure GDPR compliance.

Twilio Privacy Policy

Subscription Management (RevenueCat)

In-app subscriptions and purchases are managed through RevenueCat, a US-based subscription management platform. RevenueCat processes your anonymous app user ID, subscription status, purchase history, and app store country. No personal data such as your name or email is shared with RevenueCat. RevenueCat processes this data under Standard Contractual Clauses (SCCs) to ensure GDPR compliance.

RevenueCat Privacy Policy

5. Local Data Storage

In addition to cloud storage, we store the following data locally on your device for offline access: your name, check-in settings, emergency contacts, and device ID. This data remains on your device and is deleted when you uninstall the app or delete your account.

6. Data Retention

Your data is stored as long as you have an active account. When you delete your account, all your data is permanently removed from our servers within 30 days. Crash reports and analytics data are automatically deleted after 90 days.

7. Data Transfer to Third Countries

Your data stored in Firebase remains in European data centers. However, some services may transfer data to the USA: Twilio (for SMS and WhatsApp delivery and phone type detection), Meta/WhatsApp (as sub-processor for WhatsApp message delivery), and RevenueCat (for subscription management). These providers have implemented appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Your Rights

Under GDPR, you have the following rights:

• Right to access your personal data (Art. 15 GDPR)
• Right to rectification of inaccurate data (Art. 16 GDPR)
• Right to erasure - 'right to be forgotten' (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing (Art. 21 GDPR)

You can exercise these rights directly in the app (Settings > Data Export / Delete Account) or by contacting us.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR. In Germany, you can contact the data protection authority of your federal state or:

Die Landesbeauftragte für Datenschutz Niedersachsen
Prinzenstraße 5
30159 Hannover
www.lfd.niedersachsen.de

10. Data Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or manipulation. All data transmission is encrypted using TLS. Data at rest is encrypted using industry-standard encryption.

11. Minimum Age

This app is intended for users aged 16 years or older. We do not knowingly collect personal data from children under 16. If you are under 16, please do not use this app without parental consent.

12. Automated Decision-Making

The app does not use automated decision-making or profiling that produces legal effects or significantly affects you. The sending of notifications is based solely on whether you checked in within your specified interval.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any significant changes through the app. The current version is always available at this URL.

14. Contact

If you have questions about this privacy policy, please contact us at:

Nicolas Autzen
Heinrich-Vogeler-Weg 18
27726 Worpswede
Germany
contact@still-ok.com