Privacy Policy - alligkeit

Privacy Policy for alligkeit

This Privacy Policy applies to the alligkeit app, the legal website at https://legal.alligkeit.com, and the future landing page at https://alligkeit.com once it is published.

1. Data controller and contact

The data controller for alligkeit and this Privacy Policy is:

Maximilian Benedikt Pöpping
Birkenweg 14
84061 Ergoldsbach
Deutschland
Email: info@alligkeit.com

2. Data Protection Officer

No Data Protection Officer has currently been appointed for alligkeit. Based on the current setup, the legal thresholds under Article 37 GDPR and Section 38 BDSG are not met.

3. What data we process, why we process it, and the lawful basis

Data category Purpose Lawful basis Recipient / location
Raw voice recording (D1) Transcribing your recording into text Explicit consent, Article 9(2)(a) GDPR and Article 6(1)(a) GDPR AssemblyAI, EU Dublin, via the alligkeit proxy
Transcript text (D2) Transforming your transcript into confirmable affirmations Article 6(1)(a) GDPR Anthropic, USA, via the alligkeit proxy
Confirmed affirmation text (D3) Generating synthetic voice output Article 6(1)(a) GDPR ElevenLabs, USA, via the alligkeit proxy
Reminder settings and local notification payloads (D4) Sleep / wake reminders on your device Article 6(1)(a) GDPR and your operating-system permission No external transfer; on-device only
Session metadata, audio files, consent state, and app settings (D5) Local playback, library, recovery, settings Purely local processing on your device; no separate external transfer No external transfer; on-device only
Technical safeguard data (D6): IP address, random installation identifier, platform, app version Abuse and cost protection for the alligkeit proxy (rate limits, daily caps, binding requests to an app installation) Legitimate interest, Article 6(1)(f) GDPR (protecting the infrastructure against abuse and cost explosion) alligkeit proxy on Cloudflare infrastructure (see section 4)

alligkeit does not use a user account or advertising identifier for this core processing. The proxy does not persist voice, transcript, or affirmation content in its own infrastructure; short-lived technical safeguard data (D6) is stored solely for abuse protection and expires automatically (see section 5). The installation identifier is a random ID with no link to your name, any account, or advertising identifiers.

3a. Minimum age and children

The cloud processing in alligkeit (D1–D3, see section 3) relies on your consent. alligkeit is intended for people aged 16 and over.

If you are under 16, your consent to cloud processing is not valid in Germany without the authorization of a holder of parental responsibility (Article 8 GDPR). For that reason, the app asks for a minimum-age self-declaration before every grant of consent: you actively confirm that you are at least 16 years old before you can consent to cloud processing. We do not offer cloud processing to anyone under 16. The app's purely local features are not affected by this.

We do not collect a date of birth or any other proof of age. We only store the time of your self-confirmation, and we store it solely on your device (as part of your local consent state, see section 6). This timestamp is not transmitted to the alligkeit proxy or to any external recipient; it serves only to demonstrate that consent was validly given (Article 7 GDPR).

4. Recipients and international transfers

The following recipients may be involved in your use of the app:

For Anthropic, we currently do not rely on a verified DPF claim in end-user text. Instead, the transfer is based on appropriate safeguards in the form of Standard Contractual Clauses under Article 46(2)(c) GDPR (part of the Anthropic Commercial Terms / DPA).

For ElevenLabs, we rely primarily on the provider's documented certification under the EU-US Data Privacy Framework. Should the Data Privacy Framework cease to apply or be declared invalid, the appropriate safeguards in the form of Standard Contractual Clauses under Article 46(2)(c) GDPR contained in the ElevenLabs Data Processing Addendum apply as a fallback.

You have the right to obtain a copy of, or to inspect, the appropriate safeguards relied upon for the third-country transfer (Article 13(1)(f) GDPR). To do so, contact the address named in section 1.

5. Retention periods

Processing activity Retention / deletion logic
AssemblyAI (D1) alligkeit triggers a best-effort deletion after transcription has completed. If that deletion fails, retention may temporarily continue under the provider's policy.
Anthropic (D2) Current standard retention according to Anthropic's policy: 30 days for API inputs and outputs. If a usage-policy flag is triggered, retention may be longer.
ElevenLabs (D3) No publicly documented fixed TTL for standard request history. Request data may remain in the account history under the provider's standard policy.
Local app data (D4/D5) Until you delete it in the app or uninstall the app.
Technical safeguard data in the proxy (D6) Automatic expiry: installation binding data no later than 7 days after last use, daily-cap counters no later than 48 hours, rate-limit windows after 10 minutes. No manual deletion required.

6. Local storage on your device

alligkeit stores most of your data locally on your device, in particular:

The Settings screen includes an Alle Daten loeschen / Delete all data action. This removes local session data and local audio files. alligkeit does not use an account system, so there is no separate web account that needs to be closed. Independently of this, the short-lived technical safeguard data in the proxy (D6, sections 3 and 5) expires automatically after no more than 7 days.

Device backup. This local data is part of your operating system's regular backup (for example the iCloud backup on iOS or the device backup on Android), provided you have enabled it. As a result, your sessions may be preserved across a restore or a device change. This backup is entirely under your control and stored in the typically encrypted storage of your operating-system provider; alligkeit never transmits your sessions to its own servers and has no access to your device backup. You can disable the backup, or exclude alligkeit from it, at any time in your operating system's settings.

6b. Your rights

Under the GDPR, you have the following data subject rights in particular:

Right What it means for alligkeit How to exercise it
Right of access (Art. 15 GDPR) You may request information about the processing of your personal data. Contact us at info@alligkeit.com.
Right to rectification (Art. 16 GDPR) You may request correction of inaccurate personal data. Contact us at info@alligkeit.com.
Right to erasure (Art. 17 GDPR) You may request deletion of personal data where the legal requirements are met. You can delete local data directly in the app and you can also contact us at info@alligkeit.com.
Right to restriction of processing (Art. 18 GDPR) You may request that processing be restricted. Contact us at info@alligkeit.com.
Right to data portability (Art. 20 GDPR) Where the legal requirements are met, you may request a structured export of the data you provided. Contact us at info@alligkeit.com.
Right to object (Art. 21 GDPR) You may object where processing is based on Article 6(1)(e) or (f) GDPR. For alligkeit, this mainly concerns the website and security processes described in section 14.
Right to withdraw consent (Art. 7(3) GDPR) You may withdraw consent at any time with effect for the future. In the app via the consent settings or by emailing info@alligkeit.com.

7. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement.

For the current operator location in Bavaria, the competent authority is:

Bayerisches Landesamt fuer Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
Email: poststelle@lda.bayern.de
Web: https://www.lda.bayern.de/

8. Security

We use appropriate technical and organizational measures to protect your data. This includes in particular:

However, no electronic transmission or storage can ever be completely risk-free.

9. AI-generated audio content

The voice tracks generated by alligkeit are synthetic audio content. The app marks this functionally through product labeling (a visible "AI voice" label) and technically through machine-readable marking in the metadata of the generated audio. In addition, the speech-synthesis provider ElevenLabs offers its own detection tool for audio generated with its technology.

10. No analytics, no tracking, and no advertising cookies in the app

At the current stage, the app itself does not use analytics SDKs, advertising tracking, or marketing cookies. alligkeit does not create user profiles inside the app for advertising or tracking purposes.

This statement applies to the app itself. For the separate websites, see section 14.

11. Changes to this Privacy Policy

We may update this Privacy Policy if the app, the service providers, the legal framework, or the processing flows change. The current version will be published at https://legal.alligkeit.com. Since alligkeit does not operate user accounts, there is no separate email notification flow.

12. Voluntariness and the consequences of your choices

Using alligkeit is voluntary. Consent to cloud processing is also voluntary.

If you do not grant consent for cloud processing, or if you later withdraw it:

13. No automated decision-making and no profiling

alligkeit does not use automated decision-making within the meaning of Article 22 GDPR. It also does not perform profiling that produces legal effects or similarly significant effects for you.

14. Notice about the websites (legal.alligkeit.com / alligkeit.com)

The legal website is hosted on Cloudflare Pages. These notices also apply to a future landing page at https://alligkeit.com to the extent that it is delivered in the same or a comparable technical setup. When you access these websites, technical connection data may be processed, in particular your IP address, time of access, requested URL, referrer, browser / user-agent data, and security / request metadata. This serves the secure and stable delivery of the sites and abuse prevention.

Cloudflare may set strictly necessary cookies, in particular __cf_bm for bot-management functions and _cfuvid for certain rate-limiting or security functions, if those functions are active. alligkeit currently does not use its own analytics or marketing technology on the legal website. If the landing page later uses additional features, first-party tracking, or different hosting, this Privacy Policy will be updated before those changes go live.

The lawful basis for the technically necessary hosting and protection of this website is Article 6(1)(f) GDPR (legitimate interests in the secure, stable, and abuse-resistant delivery of legally required information).

15. Status of this Privacy Policy

This Privacy Policy is available in a German and an English version. The German version is authoritative; the English version is provided for convenience.

Last updated: 2026-06-12
Version: v1.6-prelaunch (device-backup paragraph section 6: "encrypted" → "typically encrypted" hedge, #74 pre-research; previously v1.5: device-backup paragraph #196; v1.4: SCC fallback + right-to-a-copy reference Art. 13(1)(f), section 4)