Privacy Policy

Last updated: February 2026

We take the protection of your personal data very seriously. This privacy policy informs you about how we handle your data when you use our app Still OK.

1. Data Controller

The data controller responsible for data processing is:

Nicolas Autzen
Heinrich-Vogeler-Weg 18
27726 Worpswede
Germany
Email: n.autzen@gmail.com

2. Data We Collect

We collect and process the following data:

• Your name (for personalized notifications)
• Your check-in times
• Your check-in interval settings
• Emergency contact names and email addresses
• Device token for push notifications
• Language preference
• Anonymous device identifier (UUID)
• Account creation date
• Your GPS location (only if you explicitly enable location sharing)
• Emergency contact phone numbers (if you enable SMS notifications)
• Custom notification messages (if you configure personalized messages for your contacts)
• Subscription and purchase data (processed by your app store and our subscription management provider)

3. Purpose and Legal Basis

We process your data for the following purposes:

a) Core App Functionality

• To provide the deadman's switch functionality
• To send reminder notifications before your check-in deadline
• To notify your emergency contacts via email and/or SMS if you miss a check-in

Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) - this processing is necessary to provide the service you requested.

b) App Improvement

• To improve our app through crash reports (Firebase Crashlytics)
• To analyze app usage patterns (Firebase Analytics)

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) - we have a legitimate interest in improving our app and fixing bugs.

c) Advertising

We display non-personalized advertisements to support the free version of the app.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) - to finance the free app.

d) Location Sharing (Optional)

If you enable location sharing, your GPS location is recorded during each check-in and stored securely. In an emergency, this location is included in notification emails and SMS messages sent to your contacts to help them find you.

If you grant "Always" location permission, the app uses low-power background location monitoring (iOS: significant-change location service; Android: balanced-accuracy location updates) to keep your location current even when the app is closed. This data is stored exclusively on EU servers and is only used for emergency notifications.

Legal basis: Consent (Art. 6(1)(a) GDPR) - you explicitly opt in to location sharing. You can withdraw your consent at any time by disabling location sharing in the app settings, which will also delete your stored location data.

e) Premium Features and SMS Notifications

If you subscribe to premium features, we process your subscription status to unlock premium functionality such as shorter check-in intervals, ad removal, and SMS notifications. For SMS notifications, your contacts' phone numbers are transmitted to our SMS service provider to deliver alert messages.

Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) - this processing is necessary to provide the premium services you purchased.

4. Third-Party Services

We use the following third-party services:

Firebase (Google)

For data storage, push notifications, crash reporting, and analytics. Your data is stored exclusively in European data centers (EU).

Firebase Privacy Policy

Google Mobile Ads

We display non-personalized ads in the app. Google may collect device identifiers for ad delivery. On iOS, we request your consent via App Tracking Transparency before any tracking occurs.

Google Privacy Policy

Email Service (Brevo)

Emergency notifications and test emails are sent via Brevo (formerly Sendinblue), an EU-based email service provider headquartered in France. The emails contain your name and are sent to the email addresses you specified as emergency contacts. Your data is processed within the EU.

Brevo Privacy Policy

SMS Service (Twilio)

If you use the SMS notification feature, emergency SMS messages and test SMS are sent via Twilio, a US-based communications platform. The SMS messages contain your name, an alert message, and optionally your location. Your contacts' phone numbers are transmitted to Twilio for message delivery. Twilio processes this data under Standard Contractual Clauses (SCCs) to ensure GDPR compliance.

Twilio Privacy Policy

Subscription Management (RevenueCat)

In-app subscriptions and purchases are managed through RevenueCat, a US-based subscription management platform. RevenueCat processes your anonymous app user ID, subscription status, purchase history, and app store country. No personal data such as your name or email is shared with RevenueCat. RevenueCat processes this data under Standard Contractual Clauses (SCCs) to ensure GDPR compliance.

RevenueCat Privacy Policy

5. Local Data Storage

In addition to cloud storage, we store the following data locally on your device for offline access: your name, check-in settings, emergency contacts, and device ID. This data remains on your device and is deleted when you uninstall the app or delete your account.

6. Data Retention

Your data is stored as long as you have an active account. When you delete your account, all your data is permanently removed from our servers within 30 days. Crash reports and analytics data are automatically deleted after 90 days.

7. Data Transfer to Third Countries

Your data stored in Firebase remains in European data centers. However, some services may transfer data to the USA: Google Mobile Ads (for ad delivery), Twilio (for SMS delivery), and RevenueCat (for subscription management). All these providers have implemented appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Your Rights

Under GDPR, you have the following rights:

• Right to access your personal data (Art. 15 GDPR)
• Right to rectification of inaccurate data (Art. 16 GDPR)
• Right to erasure - 'right to be forgotten' (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing (Art. 21 GDPR)

You can exercise these rights directly in the app (Settings > Data Export / Delete Account) or by contacting us.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR. In Germany, you can contact the data protection authority of your federal state or:

Die Landesbeauftragte für Datenschutz Niedersachsen
Prinzenstraße 5
30159 Hannover
www.lfd.niedersachsen.de

10. Data Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or manipulation. All data transmission is encrypted using TLS. Data at rest is encrypted using industry-standard encryption.

11. Minimum Age

This app is intended for users aged 16 years or older. We do not knowingly collect personal data from children under 16. If you are under 16, please do not use this app without parental consent.

12. Automated Decision-Making

The app does not use automated decision-making or profiling that produces legal effects or significantly affects you. The sending of notifications is based solely on whether you checked in within your specified interval.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any significant changes through the app. The current version is always available at this URL.

14. Contact

If you have questions about this privacy policy, please contact us at:

Nicolas Autzen
Heinrich-Vogeler-Weg 18
27726 Worpswede
Germany
n.autzen@gmail.com