Privacy Policy - SwipeList

Last updated: January 22, 2026

                Summary: We take your privacy seriously. This policy explains how we collect, use, and protect your data.
            

1. Data Controller

The entity responsible for data processing is:

                CorSch Inh. Robert Scheer

                Zellerhornstraße 32

                72406 Bisingen, Germany

                Email: info@corsch.net

                Website: swipelist.corsch.net

2. Data Collected

We collect and process the following categories of personal data:

Data Category	Examples	Legal Basis
Account Data	Username, email address, password (encrypted)	Art. 6(1)(b) GDPR (contract performance)
Usage Data	Shopping lists, purchased items, product preferences	Art. 6(1)(b) GDPR (contract performance)
Technical Data	IP address, device ID, app version, operating system	Art. 6(1)(f) GDPR (legitimate interest)
Location Data	Approximate location for supermarket finder and deals	Art. 6(1)(a) GDPR (consent)
Voice Data	Temporary voice recordings (processed locally)	Art. 6(1)(a) GDPR (consent)
Camera/Photos	Scanned shopping lists, receipts (temporary)	Art. 6(1)(a) GDPR (consent)
Region & Language	Country code (e.g., DE, AT), preferred language	Art. 6(1)(f) GDPR (legitimate interest)

3. Purpose of Data Processing

Your data is processed for the following purposes:

Providing app features: Creating and managing shopping lists
Personalization: AI-based product recommendations based on your preferences
Collaboration: Sharing lists with other users
Deal Alerts: Notifications about offers near you
Security: Protection against misuse and fraud
Improvement: Analysis of anonymized data for app optimization
Support: Answering inquiries and technical support
Regional Services: Providing location-appropriate deals and content

4. Data Sharing

Your data is only shared with third parties in the following cases:

4.1 Hosting and Technical Service Providers

Server Hosting: Storage on secure servers in Germany/EU
Firebase (Google): Push notifications and analytics

4.2 Map Services and Location Data

OpenStreetMap (OSM Foundation): Display of supermarket locations near you
- Server location: EU (Germany)
- Privacy compliant, Open Data Initiative
- No sharing of personal data
Nominatim (OpenStreetMap): Converting GPS coordinates to addresses (geocoding)
- Server location: EU
- Only anonymized location queries
- No storage of personal data

4.3 Deal and Product Data

Marktguru API: Offer data from supermarkets (REWE, EDEKA, Lidl, ALDI, etc.)
- Server location: Germany
- No sharing of your personal data
- Only retrieval of public offer data
OpenFoodFacts: Product information for barcode scans
- Non-profit, Open Database
- Server location: EU (France)
- No personal data transmitted

4.4 AI Services

Claude AI (Anthropic): Used for multiple features
- Optional processing of voice commands and photo scans
- Translation of support messages and feedback (admin feature)
- AI-powered product suggestions and recommendations
- Server location: USA (third country)
- Data is encrypted in transit and not stored permanently
- Legal basis: Art. 49(1)(a) GDPR (consent) for optional features, Art. 6(1)(f) GDPR (legitimate interest) for admin translations

4.5 Data Transfer to Third Countries

                Important - US Services:

                Some services (Firebase, Claude AI) have servers in the USA.
                Data transfer is based on:
                Standard Contractual Clauses (SCC) of the EU Commission
Your explicit consent (Art. 49(1)(a) GDPR)
Adequate level of data protection at the recipient

                You can disable these services in the settings.
            

4.6 No Sharing for Advertising Purposes

                Important: We never sell or rent your data to third parties for advertising purposes.
            

5. Storage Duration

Account data: Until account deletion
Shopping lists: Until manual deletion by you
Technical logs: Maximum 90 days
Voice recordings: Deleted immediately after processing (local)
Scanned photos: Deleted immediately after text recognition
Translation cache: Automatically deleted after 24 hours

6. Your Rights (GDPR)

You have the following rights regarding your personal data:

Right of access (Art. 15 GDPR): You can request information about your stored data
Right to rectification (Art. 16 GDPR): You can have incorrect data corrected
Right to erasure (Art. 17 GDPR): You can request deletion of your data
Right to restriction (Art. 18 GDPR): You can have processing restricted
Right to data portability (Art. 20 GDPR): You can receive your data in a common format
Right to object (Art. 21 GDPR): You can object to processing
Right to withdraw consent (Art. 7(3) GDPR): You can withdraw given consents at any time

                Data Export: In the app under Settings → Privacy → "Export Data"
                you can download all your data as a JSON file.
            

7. Data Security

We implement technical and organizational security measures:

Encryption: TLS/SSL for all data transmissions
Password Hashing: Passwords are hashed with bcrypt
Two-Factor Authentication: Optionally available
Access Controls: Strict permission systems
Regular Audits: Security reviews
Backups: Encrypted, regular data backups

8. Cookies and Tracking

The app uses minimal cookies and tracking:

Necessary Cookies: Authentication and session management
Analytics: Anonymized usage statistics (Firebase Analytics)
No Ad Trackers: We do not use advertising tracking cookies

For more details, see our Cookie Policy.

9. Data Processing for Minors

The app is intended for persons aged 16 and older. If we discover that data has been collected from persons under 16 without parental consent, it will be deleted immediately.

10. International Use

SwipeList is available internationally. Deal features are currently limited to Germany and Austria. We track your region to provide location-appropriate services and to inform you when features become available in your area.

11. Automated Decision-Making and Profiling (Art. 22 GDPR)

SwipeList uses AI-powered features for product suggestions, categorization, and price estimates. These serve solely to improve your user experience.

                Important: No automated decision-making takes place
                that produces legal effects or similarly significantly affects you.
                The AI suggestions are non-binding recommendations that you can ignore or
                adjust at any time. There is no scoring or profiling for credit decisions,
                advertising purposes, or similar.
            

12. Required and Optional Data

For using SwipeList, we distinguish between:

Required Data: Email address and password (for registration and login)
Optional Data: Username, profile picture, location (for extended features like nearby deals)

Without the required data, you cannot use the app. The optional data enhances your experience but is not mandatory.

13. Changes to the Privacy Policy

We reserve the right to update this privacy policy to adapt it to changed legal situations or features. You will be notified of significant changes via email or in-app notification.

14. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your data violates the GDPR.

Competent supervisory authority:
State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Lautenschlagerstraße 20, 70173 Stuttgart, Germany
Website: www.baden-wuerttemberg.datenschutz.de

15. Contact for Privacy

For questions about data protection or to exercise your rights, contact us:

                Email: info@corsch.net

                Subject: Privacy Request SwipeList

We will respond to your request within 30 days in accordance with Art. 12(3) GDPR.