This Privacy Policy applies to the alligkeit app, the
legal website at https://legal.alligkeit.com, and the
future landing page at https://alligkeit.com once it is
published.
The data controller for alligkeit and this Privacy
Policy is:
Maximilian Benedikt Pöpping
Birkenweg 14
84061 Ergoldsbach
Deutschland
Email: info@alligkeit.com
No Data Protection Officer has currently been appointed for
alligkeit. Based on the current setup, the legal thresholds
under Article 37 GDPR and Section 38 BDSG are not met.
| Data category | Purpose | Lawful basis | Recipient / location |
|---|---|---|---|
| Raw voice recording (D1) | Transcribing your recording into text | Explicit consent, Article 9(2)(a) GDPR and Article 6(1)(a) GDPR | AssemblyAI, EU Dublin, via the alligkeit proxy |
| Transcript text (D2) | Transforming your transcript into confirmable affirmations | Article 6(1)(a) GDPR | Anthropic, USA, via the alligkeit proxy |
| Confirmed affirmation text (D3) | Generating synthetic voice output | Article 6(1)(a) GDPR | ElevenLabs, USA, via the alligkeit proxy |
| Reminder settings and local notification payloads (D4) | Sleep / wake reminders on your device | Article 6(1)(a) GDPR and your operating-system permission | No external transfer; on-device only |
| Session metadata, audio files, consent state, and app settings (D5) | Local playback, library, recovery, settings | Purely local processing on your device; no separate external transfer | No external transfer; on-device only |
| Technical safeguard data (D6): IP address, random installation identifier, platform, app version | Abuse and cost protection for the alligkeit proxy (rate limits, daily caps, binding requests to an app installation) | Legitimate interest, Article 6(1)(f) GDPR (protecting the infrastructure against abuse and cost explosion) | alligkeit proxy on Cloudflare infrastructure (see section 4) |
alligkeit does not use a user account or advertising
identifier for this core processing. The proxy does not persist voice,
transcript, or affirmation content in its own infrastructure;
short-lived technical safeguard data (D6) is stored solely for abuse
protection and expires automatically (see section 5). The installation
identifier is a random ID with no link to your name, any account, or
advertising identifiers.
The cloud processing in alligkeit (D1–D3, see section 3)
relies on your consent. alligkeit is intended for people
aged 16 and over.
If you are under 16, your consent to cloud processing is not valid in Germany without the authorization of a holder of parental responsibility (Article 8 GDPR). For that reason, the app asks for a minimum-age self-declaration before every grant of consent: you actively confirm that you are at least 16 years old before you can consent to cloud processing. We do not offer cloud processing to anyone under 16. The app's purely local features are not affected by this.
We do not collect a date of birth or any other proof of age. We only store the time of your self-confirmation, and we store it solely on your device (as part of your local consent state, see section 6). This timestamp is not transmitted to the alligkeit proxy or to any external recipient; it serves only to demonstrate that consent was validly given (Article 7 GDPR).
The following recipients may be involved in your use of the app:
alligkeit, this path is configured to the EU endpoint in
Dublin.For Anthropic, we currently do not rely on a verified DPF claim in end-user text. Instead, the transfer is based on appropriate safeguards in the form of Standard Contractual Clauses under Article 46(2)(c) GDPR (part of the Anthropic Commercial Terms / DPA).
For ElevenLabs, we rely primarily on the provider's documented certification under the EU-US Data Privacy Framework. Should the Data Privacy Framework cease to apply or be declared invalid, the appropriate safeguards in the form of Standard Contractual Clauses under Article 46(2)(c) GDPR contained in the ElevenLabs Data Processing Addendum apply as a fallback.
You have the right to obtain a copy of, or to inspect, the appropriate safeguards relied upon for the third-country transfer (Article 13(1)(f) GDPR). To do so, contact the address named in section 1.
| Processing activity | Retention / deletion logic |
|---|---|
| AssemblyAI (D1) | alligkeit triggers a best-effort deletion after
transcription has completed. If that deletion fails, retention may
temporarily continue under the provider's policy. |
| Anthropic (D2) | Current standard retention according to Anthropic's policy: 30 days for API inputs and outputs. If a usage-policy flag is triggered, retention may be longer. |
| ElevenLabs (D3) | No publicly documented fixed TTL for standard request history. Request data may remain in the account history under the provider's standard policy. |
| Local app data (D4/D5) | Until you delete it in the app or uninstall the app. |
| Technical safeguard data in the proxy (D6) | Automatic expiry: installation binding data no later than 7 days after last use, daily-cap counters no later than 48 hours, rate-limit windows after 10 minutes. No manual deletion required. |
alligkeit stores most of your data locally on your
device, in particular:
The Settings screen includes an Alle Daten loeschen /
Delete all data action. This removes local session data and
local audio files. alligkeit does not use an account
system, so there is no separate web account that needs to be closed.
Independently of this, the short-lived technical safeguard data in the
proxy (D6, sections 3 and 5) expires automatically after no more than 7
days.
Device backup. This local data is part of your
operating system's regular backup (for example the iCloud backup on iOS
or the device backup on Android), provided you have enabled it. As a
result, your sessions may be preserved across a restore or a device
change. This backup is entirely under your control and stored in the
typically encrypted storage of your operating-system provider;
alligkeit never transmits your sessions to its own servers
and has no access to your device backup. You can disable the backup, or
exclude alligkeit from it, at any time in your operating
system's settings.
Under the GDPR, you have the following data subject rights in particular:
| Right | What it means for alligkeit |
How to exercise it |
|---|---|---|
| Right of access (Art. 15 GDPR) | You may request information about the processing of your personal data. | Contact us at info@alligkeit.com. |
| Right to rectification (Art. 16 GDPR) | You may request correction of inaccurate personal data. | Contact us at info@alligkeit.com. |
| Right to erasure (Art. 17 GDPR) | You may request deletion of personal data where the legal requirements are met. | You can delete local data directly in the app and you can also contact us at info@alligkeit.com. |
| Right to restriction of processing (Art. 18 GDPR) | You may request that processing be restricted. | Contact us at info@alligkeit.com. |
| Right to data portability (Art. 20 GDPR) | Where the legal requirements are met, you may request a structured export of the data you provided. | Contact us at info@alligkeit.com. |
| Right to object (Art. 21 GDPR) | You may object where processing is based on Article 6(1)(e) or (f) GDPR. | For alligkeit, this mainly concerns the website and
security processes described in section 14. |
| Right to withdraw consent (Art. 7(3) GDPR) | You may withdraw consent at any time with effect for the future. | In the app via the consent settings or by emailing info@alligkeit.com. |
You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement.
For the current operator location in Bavaria, the competent authority is:
Bayerisches Landesamt fuer Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
Email: poststelle@lda.bayern.de
Web: https://www.lda.bayern.de/
We use appropriate technical and organizational measures to protect your data. This includes in particular:
However, no electronic transmission or storage can ever be completely risk-free.
The voice tracks generated by alligkeit are synthetic
audio content. The app marks this functionally through product labeling
(a visible "AI voice" label) and technically through machine-readable
marking in the metadata of the generated audio. In addition, the
speech-synthesis provider ElevenLabs offers its own detection tool for
audio generated with its technology.
At the current stage, the app itself does not use analytics SDKs,
advertising tracking, or marketing cookies. alligkeit does
not create user profiles inside the app for advertising or tracking
purposes.
This statement applies to the app itself. For the separate websites, see section 14.
We may update this Privacy Policy if the app, the service providers,
the legal framework, or the processing flows change. The current version
will be published at https://legal.alligkeit.com. Since
alligkeit does not operate user accounts, there is no
separate email notification flow.
Using alligkeit is voluntary. Consent to cloud
processing is also voluntary.
If you do not grant consent for cloud processing, or if you later withdraw it:
alligkeit does not use automated decision-making within
the meaning of Article 22 GDPR. It also does not perform profiling that
produces legal effects or similarly significant effects for you.
legal.alligkeit.com /
alligkeit.com)The legal website is hosted on Cloudflare Pages. These notices also
apply to a future landing page at https://alligkeit.com to
the extent that it is delivered in the same or a comparable technical
setup. When you access these websites, technical connection data may be
processed, in particular your IP address, time of access, requested URL,
referrer, browser / user-agent data, and security / request metadata.
This serves the secure and stable delivery of the sites and abuse
prevention.
Cloudflare may set strictly necessary cookies, in particular
__cf_bm for bot-management functions and
_cfuvid for certain rate-limiting or security functions, if
those functions are active. alligkeit currently does not
use its own analytics or marketing technology on the legal website. If
the landing page later uses additional features, first-party tracking,
or different hosting, this Privacy Policy will be updated before those
changes go live.
The lawful basis for the technically necessary hosting and protection of this website is Article 6(1)(f) GDPR (legitimate interests in the secure, stable, and abuse-resistant delivery of legally required information).
This Privacy Policy is available in a German and an English version. The German version is authoritative; the English version is provided for convenience.
Last updated: 2026-06-12
Version: v1.6-prelaunch (device-backup paragraph section 6: "encrypted"
→ "typically encrypted" hedge, #74 pre-research; previously v1.5:
device-backup paragraph #196; v1.4: SCC fallback + right-to-a-copy
reference Art. 13(1)(f), section 4)