Privacy Policy

Privacy Policy V5

§ 1 Who We Are and What We Do
LKK Together Development GmbH (hereinafter referred to as "Together"), located at Kärntnerstraße 521, 8054 Seierberg, is an active limited liability company operating a platform accessible at together-social.com. The Together app is a social network operated by LKK Together Development GmbH. Together combines a shared photo album with a social media platform. Users can create various albums with friends or family for different projects and experiences, capturing these memories in photos and videos to share according to their preferences. Together collects personal data to provide users with an enhanced service and to better address violations of community guidelines and terms of use. In providing our services, personal data is processed, and we inform you of this with this privacy policy. We comply with all data protection obligations and protect your data through digital security systems and technical measures.

§ 2 Who is Our Data Protection Officer
The responsible party according to Art. 4 para. 7 GDPR for compliance with the provisions of the GDPR and all other data protection regulations is: LKK Together Development GmbH Kärntnerstraße 521 8054 Seiersberg support@together-social.com You can assert your data protection concerns and especially your data protection rights with the data protection officer.

§ 3 General Information About the Processing of Personal Data, Storage, and Deletion of Processed Data

When using our services, we may collect and process the following categories of personal data:

Account & Profile Data:
a. First and last name
b. Username
c. Email address
d. Encrypted password
e. Selected interests

User-Generated Content & Interactions:
f. Photos and videos uploaded by the user, including captions
g. Emojis and comments posted by the user
h. Reactions to posts and other interactions
i. Accounts and pages the user subscribes to
j. Pages the user participates in
k. Posts viewed by the user
l. Reports or flags submitted by the user

Device & Technical Data:
m. Device type, operating system, app version
n. IP address and unique device identifiers
o. Browser information, time zone, and language settings
p. Crash data and diagnostic logs
q. In-app behavior and feature usage statistics

Location & Proximity Data:
r. Precise location data (if permission granted)
s. Movement and activity data (e.g., walking, traveling, stationary)
t. Nearby Wi-Fi networks and Bluetooth signals (for proximity detection)
u. Timestamps and contextual data at the time of media capture

Visual Content Analysis (AI-based):
v. Detected objects, patterns, or persons within uploaded media
w. Inferred context (e.g. shared events, similar backgrounds)
x. Grouping logic used to suggest participants of events

Communication & Support:
y. Support requests and direct communications
z. Optional feedback, surveys, or bug reports

Access to Contacts:

If you choose to grant access to your contacts, we may process:

• Names and phone numbers in your address book

• Email addresses (if available)

• Matching results to suggest existing Together users or enable friend invitations

This data is matched in a privacy-preserving manner. It is not stored permanently, used for advertising, or shared with third parties. Contact access can be revoked at any time in your device settings.

Legal Basis and Purpose:

We process your personal data in accordance with:

• Art. 6(1)(a) GDPR – consent (e.g., for gallery or contact access, AI analysis)

• Art. 6(1)(b) GDPR – to fulfill our contract with you

• Art. 6(1)(f) GDPR – our legitimate interest in providing and improving our service

• Art. 9(2)(a) GDPR – when special categories of data are involved (e.g. facial features)

We use this data to operate and improve the app, detect shared experiences, personalize content, ensure performance and security, and comply with legal requirements

1. When using our website or the services offered through it, personal data may be processed. Personal data includes all information that relates to you personally (e.g., name, birth date, contact addresses, and much more). Personal data processing only occurs in compliance with legal provisions (e.g., GDPR). This privacy information aims to provide all necessary information under Art. 13ff GDPR.

2. Contact data, profile data, account information, customer reviews, user data, verification data (identity check through IDs), payment information, company data, location information, and tax data may be processed. The purpose is to enable you to use our internet services.

3.When using Together, we generally collect and store your personal data only to the extent necessary to provide our service and payment service. This applies to customer data. When you create a customer account or profile, we process and store the data you entered in the input mask necessary for providing our services.

4. If you contact us via email, contact form, or other electronic means, the data you provide will also be processed and stored for the intended processing purposes, provided this is necessary.

5. In providing our services, it may be necessary to share your personal data with third parties.

6. Our database is managed by Microsoft Azure. Microsoft Azure is thus our data processor under GDPR. Microsoft Azure has committed to complying with all data protection regulations and can only access the data you provide and store to fulfill your order.

7. Beyond the legal and factual necessity of data sharing, data is not shared with third parties without your consent or your own action. Also, data is only shared with authorized state institutions and authorities within the scope of legal disclosure obligations or if we are required to provide information by court decision or official order. Data is not transferred to third countries without your consent or explicit request.

8. After terminating your membership with Together, your data remains stored only as long as legal retention obligations exist (e.g., 7 years according to the Austrian Business Code) or it is necessary for legal proof, although we observe the principle of data minimization. If you have created a customer profile, the data remains stored for your own use and interest until you cancel the profile or request deletion. Exceptions are data that cannot or may not be deleted due to legal retention reasons.

9. The purpose of our data processing is to provide our services. By registering on our platform, you consent to the processing of the data you entered. We also have a legal interest in processing if you wish to use our platform.
If you want to register on our platform, we use the so-called double opt-in procedure to complete the registration process. This means we send you an sms to the provided phone number after your registration, asking for confirmation to complete the registration and subsequent use. If you do not confirm your registration within a reasonable time, your information will be locked and automatically deleted after 30 days.

10. During the registration process, the user's name and phone number are collected. The user's selected interests are determined in the onboarding process of the Together app. Photos and videos uploaded by the user are stored by Together in the selected page after creation. Which user gave which emoji on which post is stored by Together when assigning to show the creator of the respective post. If a user clicks the subscribe button of an account or a page, Together remembers this to inform the user in the future when new posts are available. If a user views a post, Together remembers this to avoid displaying the post twice in the feed. If a user accepts a page invitation, Together stores this.

§ 4 Automated Collection of Personal Data When Accessing and Using Our Website

1. When accessing and visiting our website, personal data processed by your browser is transmitted to our server.
2. This includes the following data: IP address, user agent, date/time/number of requests, browser, operating system, language, and version of the browser software, request information, or information on transferred data volume.
3. Data collection is for technical reasons so you can view our website without restrictions. It also serves to perform error analysis and ensure the website's stability and security.
4. The information is temporarily stored in a so-called log file and deleted after 30 days. The following data is stored in the named log file:
• the complete internet address (URL) of the accessed website
• browser and browser version (e.g., Chrome 87)
• the operating system used (e.g., Windows 10)
• the address (URL) of the previously visited page (referrer URL - e.g., https:// www.example.com/fromhereicame/)
• the hostname and IP address of the device from which access is made (e.g., 
5. COMPUTERNAME and 194.23.43.121)
• date and time

§ 5 Processing of Personal Data
When Using Our Platform as a Customer Registration process/steps for creating a profile as a customer:
a) The user enters their data. Here, the required fields are to be entered or the
Together terms confirmed:
• First name
• Last name
• Phone number
• Confirmation for marketing emails, community guidelines, terms of use, and privacy policy b) Data is sent to a Microsoft Azure server by our data processor and then a user is created in the Together database.
• Company: Microsoft Corporation
• Email: customers@microsoft.com
• Address: https://www.microsoft.com
• Location: Redmond, WA 98052-6399, USA
All data listed here is mandatory for creating a profile. All other data (see profile data, media) is optional; however, a profile as a location or service provider becomes visible to end customers or the public only after it is completed based on the mandatory fields defined by Together. This data is stored until the user requests deletion or the data is no longer needed.

1. To create a customer account, the personal data listed under § 5a is processed. You can then specify a password, with registration completed through email confirmation and link activation. To enable you to use the platform and profile, these and all other data you provide are stored and processed. After registration, you can set up your customer profile.
2. If you unsubscribe from our platform as a user, the collected data will be deleted, provided we are not legally required to retain it.
3. When you use our platform as a registered customer, your user data appears to other registered users. This includes profile data (customer type, etc.); your profile picture, if you upload one; and other self-published data. Third parties cannot view your contact data disclosed to us unless you publish it yourself or share it with those third parties.
4. When you use our platform's search options as a customer, you determine what data you want to search for.
5. For your own better overview, we store your activities on our platform in your account, providing a historical overview of your activities on our platform. This involves processing user data.

§ 6 Data Processing
When Contacting Us Via Support Form or Email If you contact us electronically, e.g., via email or support form, and this contains a request for processing, e.g., because you have questions about existing bookings or are applying for a job with us, additional personal data contained in your request may be processed and stored as necessary. We will store the data as long as necessary for processing, or as legally required, or as deemed necessary for legal reasons.

§ 7 Processing of Data for Artificial Intelligence (AI) Features
Together uses artificial intelligence (AI) to provide its core functionality. The AI system automatically analyzes and groups photos and videos based on shared experiences among users, enabling collaborative albums and a social experience from multiple perspectives. Without this AI functionality, the app cannot be used.

Scope and Type of AI Processing
To detect shared experiences and generate smart album suggestions, the AI system processes:

• Timestamps and location metadata of media

• Visual image content (e.g. faces, backgrounds, visual similarity)

• Device context data such as Wi-Fi networks, Bluetooth signals, and motion patterns

• User interactions (e.g. reactions, posts, shared albums)

• Inferred relationships between users based on mutual activity and media

Some of this data may be processed directly on the user’s device (“on-device processing”) to improve performance and privacy. Other data is processed on secure cloud servers.

Training and Improvement of AI Models
The AI models used by Together may be continuously improved using user data, including uploaded photos, usage patterns, and interaction data. This training is performed in a privacy-preserving manner and may involve both on-device learning and centralized training on our servers. The purpose is to enhance the accuracy and quality of AI-driven features for all users.

Legal Basis for AI Processing
The legal basis for this data processing includes:

• Art. 6 para. 1 lit. b GDPR (performance of a contract), as AI functionality is essential for the app’s core features

• Art. 6 para. 1 lit. a GDPR (consent), for training AI systems and analyzing sensitive image content

• Art. 6 para. 1 lit. f GDPR (legitimate interests), for improving the user experience and ensuring accurate AI behavior

• Art. 9 para. 2 lit. a GDPR, when processing special categories of personal data such as facial features within images

No Solely Automated Decisions with Legal Effect
Together does not make decisions that produce legal effects or similarly significant consequences solely based on automated processing, including profiling, unless legally required and with appropriate safeguards.

Data Transfers and Location of Processing
AI processing is conducted on both European and international infrastructure. Some data may be transferred to countries outside the European Union, including the United States, particularly when using services such as Google Cloud, Cloudflare and Microsoft Azure. These transfers are safeguarded using the European Commission’s Standard Contractual Clauses (SCCs) and other lawful mechanisms.

User Rights and Opt-Out
Since the AI functionality is essential to the operation of the Together app, opting out of this processing is not possible without disabling the service entirely. However, users retain the right to access, rectify, and request deletion of data, and to obtain further information about how AI-driven decisions are made.

§ 8 Cookies
Our website uses "cookies." These are small text files stored on your device using the browser. They do no harm and cannot access your programs. The use of cookies aims to provide us with certain information and to make our internet offering more user-friendly and effective. Our website uses "session cookies," temporarily stored on your device and automatically deleted when you close your browser. Additionally, we use "persistent cookies" on our website, stored on your device to recognize your browser upon a return visit. Using certain cookies is necessary for the functionality of our website and technically necessary to use the website's offering without restrictions and ensure stability (so-called "technical cookies"). Using technically necessary cookies serves to maintain our website's functionality, making the data processing by using these cookies required to safeguard legitimate interests (Art. 6 para. 1 lit. f GDPR). No explicit consent is required for using technically necessary cookies according to the mentioned provision. In addition to these technically necessary cookies, "non-essential cookies" are used on our website for the tracking and analysis tools mentioned under § 7. These cookies allow us to evaluate and better understand your interests. Using such cookies and services enables us to make our online offering more needs-based and effective and target our users with offers. You can choose your browser settings to be informed about the setting of cookies and decide individually whether to accept them in specific cases or generally reject them. Rejecting cookies may restrict the functionality of our website. If you disagree with using cookies, you can refuse or disable this feature in your browser settings.

§ 9 Tracking and Analysis
This website uses the following web analytics and tracking tools. Using these services enables us to optimize the website's offering, design, and usage. Using these analysis and tracking services also serves to statistically capture and evaluate website usage. This is done by using cookies (§ 9), small text files stored on your device, and enabling analysis of your website use. Thus, this processing activity pursues a legitimate interest within the meaning of Article 6 para. 1 lit. f GDPR. Using web analytics and tracking tools leads to the transmission and storage of information about your website use on a server of the provider. If you disagree with this use, you can disable this feature in your browser settings.

§ 10 Google Analytics
Our website optionally uses the web analysis service "Google Analytics" by Google LLC (hereinafter "Google"). Google Analytics uses cookies to analyze user website activity. The information generated by cookies (e.g., IP address, browser information, operating system, referrer URL, server request time) is usually transmitted to a Google server in the USA and stored there. Google uses this information to evaluate website use, compile reports on website activity for operators, and provide other services related to website and internet use for market research and website design purposes. Google may also transfer this information to third parties if required by law or if third parties process this data on behalf of Google. The IP addresses collected by Google Analytics will not be linked with other Google information. IP address collection can be prevented by activating IP anonymization on this website, within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted. You can prevent the storage of cookies by appropriately adjusting your browser software settings. In this case, some website functions may not be available. Furthermore, you can prevent Google from collecting and processing the data generated by cookies and related to your website use (including your IP address) by installing the corresponding browser software (browser plug-ins).

§ 11 Meta Pixel and Custom Audiences
Our platform uses the "Meta Pixel" service by Meta Platforms Inc. (hereinafter "Meta") for optional analysis and optimization. Meta operates, among other things, the social media platform "Facebook." Using Meta Pixel and Custom Audiences ensures that our Facebook advertising activities only show to potential interested parties and are not intrusive. With the service's help, we can also understand the effectiveness of Facebook ads for statistical and market research purposes by logging whether users were redirected to our website after clicking a Facebook ad.

§ 12 YouTube
Some pages of our website include videos and content from the "YouTube" platform, stored at http://www.YouTube.com and viewable or accessible from our website. YouTube is a video platform by YouTube LLC, a subsidiary of Google LLC. Videos are embedded using the so-called two-click solution or extended data protection mode. This means that no personal data is initially transmitted to YouTube when visiting our website. Only when you activate the video by clicking does YouTube receive the information that you accessed the corresponding subpage of our website. Furthermore, information such as IP address, date, and time of the request; time zone difference to Greenwich Mean Time; content of the request (specific website); access status/HTTP status code; transferred data volume; website from which the request comes, browser; operating system, its interface, and language and version of the browser software are transmitted. The transmission of information occurs regardless of whether the user has an account on the YouTube platform and is logged in. If you are logged into Google, your data is directly assigned to your account. If you do not want your information collected by YouTube to be linked to your account, you must log out before activating the button. In the case of an existing account, YouTube can use the collected information, in particular, to contextualize and personalize advertising activities on its platform. The data stored by YouTube is used to create user profiles, for advertising purposes, market research, and/or the platform's needs-based design, regardless of whether an account exists. The collected information is evaluated, particularly to provide demand-oriented advertising and to inform other users about your activities on our website. You have the right to object to such user profiling, for which you must contact YouTube to exercise this right. More information about the purpose and scope of data collection and processing by YouTube can be found in Google's privacy policy (https://policies.google.com/privacy?hl=de). There you will also find more information about your rights and settings to protect your privacy.

§ 13 Newsletter
With your consent, you can subscribe to our newsletter. This allows us to inform you about our services and offers and keep you updated. We use the double opt-in procedure to register for our newsletter. This means we send you an email to the provided email address after your registration, asking for confirmation to receive the newsletter. If you do not confirm your registration within a reasonable time, your information will be locked and automatically deleted after one month. Additionally, we store your used IP addresses and registration and confirmation times. The purpose of this procedure is to verify your registration and clarify any possible misuse of your data. After your confirmation, we store your email address to send you the newsletter. You can withdraw your consent to receive the newsletter at any time and unsubscribe from it. You can declare your revocation by clicking the link provided in every newsletter email, emailing support@together-social.com, or using the contact information provided in the imprint on our homepage. As a data subject under GDPR, you have the right to rectification, erasure, restriction, and objection regarding your personal data use, according to Art. 16 ff GDPR. To exercise your rights, please contact our data protection officer (§ 2). If you believe that processing your data violates data protection law or your data protection rights have been infringed, you can contact the supervisory authority and lodge a complaint.

§ 14 Use of Cloud Solutions
According to legal requirements, we inform you that we use the following cloud solutions: Microsoft Azure is a cloud platform that receives your full name, email address, and password in encrypted form. The privacy policy of Microsoft Azure can be found at: https://privacy.microsoft.com/de-de/privacystatement. Cloudflare is a cloud platform that receives your uploaded media. The privacy policy of Cloudflare can be found at: https://www.cloudflare.com/de-de/privacypolicy/. 

Google Workspace is used for sending emails and internally storing Together's documents to ensure business operations. Terms of use: https://workspace.google.com/intl/de/terms/premier_terms.html Meta Business Manager is used for communication between users and Together. Terms of use: https://www.facebook.com/legal/terms/businesstools 

§ 15 Your Data Protection Rights
As a person affected by data collection and processing under GDPR, you have the following rights, which we explain below in accordance with the GDPR:

• Right to confidentiality

• Right to information (Art. 15 GDPR)

• Right to rectification (Art. 16 GDPR)

• Right to erasure (Art. 17 GDPR)

• Right to restriction of processing (Art. 18 GDPR)

• Right to data portability (Art. 20 GDPR)

• Right to object (Art. 21 GDPR)

• Right not to be subject to a decision based solely on automated processing, including profiling (Art. 22 GDPR)

1. To exercise your rights, please contact the person responsible under § 2 (Email: support@together-social.com). This person is also available for questions and further explanations.
   
   

2. If you believe there has been a data protection violation by us, you can file a complaint with the data protection authority/supervisory authority (Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna).
   
   

3. If you have consented to receive newsletters, you have the right to revoke this consent at any time.

Following are your data protection rights:
§ 16 Right of Access by the Data Subject (corresponds to Art. 15 GDPR)
(1) The data subject has the right to obtain confirmation from the controller as to whether personal data concerning them is being processed; if so, they have the right to access this personal data and the following information:

(2) If personal data is transferred to a third country or an international organization, the data subject has the right to be informed of the appropriate safeguards under Article 46 GDPR relating to the transfer.

(3) The controller provides a copy of the personal data undergoing processing. For any additional copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. If the data subject makes the request electronically, the information must be provided in a commonly used electronic format unless otherwise requested.

(4) The right to obtain a copy under paragraph 1b must not adversely affect the rights and freedoms of others.

§ 17 Right to Rectification (corresponds to Art. 16 GDPR)
The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the processing purposes, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
a) the purposes of the processing;
b) the categories of personal data being processed;
c) the recipients or categories of recipients to whom the personal data has been or will be disclosed, especially recipients in third countries or international organizations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) where the personal data is not collected from the data subject, any available information as to its source;
h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

For the purposes of processing, the data subject has the right to request the completion of incomplete personal data - even by means of a supplementary declaration.

§ 18 Right to erasure ("Right to be Forgotten") (corresponding to Article 17 GDPR)
(1) The data subject has the right to demand from the controller the immediate deletion of personal data concerning them, and the controller is obliged to delete personal data immediately if one of the following reasons applies:

(2) If the controller has made the personal data public and is obliged to delete it according to paragraph 1, the controller must take appropriate measures, including technical measures, to inform other data controllers processing the personal data that the data subject has requested the deletion of all links to, or copies or replications of, those personal data.

(3) Paragraphs 1 and 2 do not apply to the extent that processing is necessary:

a) The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
b) The data subject withdraws their consent, which was the basis for processing according to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.
c) The data subject objects to the processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
d) The personal data have been unlawfully processed.
e) The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
f) The personal data have been collected in relation to services offered by the information society according to Article 8(1) GDPR.

These exceptions also apply to processing:
a) for the exercise of the right to freedom of expression and information;
b) for compliance with a legal obligation requiring processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
c) for reasons of public interest in the area of public health according to Article 9(2)(h) and (i) GDPR and Article 9(3) GDPR.

§ 19 Right to Restriction of Processing (corresponds to Art. 18 GDPR)
(1) The data subject has the right to obtain from the controller the restriction of processing if one of the following applies: 
a) The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data; 
b) The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of its use instead; 
c) The controller no longer needs the personal data for the purposes of the processing, but the data subject requires it for the establishment, exercise, or defense of legal claims; 
d) The data subject has objected to processing pursuant to Article 21 para. 1 GDPR pending the verification of whether the legitimate grounds of the controller override those of the data subject. 

(2) If processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. 

(3) A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction is lifted.

§ 20 Right to Data Portability (corresponds to Art. 20 GDPR)
(1) The data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format, and they have the right to transmit those data to another controller without hindrance from the controller to which the personal data has been provided, where:
a) The processing is based on consent pursuant to Article 6 para. 1 letter a GDPR or Article 9 para. 2 letter a GDPR or on a contract pursuant to Article 6 para. 1 letter b GDPR; and
b) The processing is carried out by automated means. 

(2) In exercising their right to data portability pursuant to paragraph 1, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible.

(3) Exercising the right under paragraph 1 of this Article shall not adversely affect Article 17 GDPR. This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. 

(4) The right pursuant to paragraph 2 must not adversely affect the rights and freedoms of others.

§ 21 Right to Object (corresponds to Art. 21 GDPR)
(1) The data subject has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on Article 6 para. 1 letters e or f GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.
(2) Where personal data is processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.
(3) If the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
(4) The data subject must be explicitly informed of the right referred to in paragraphs 1 and 2 at the latest at the time of the first communication with them; this information shall be presented clearly and separately from any other information.
(5) In the context of using information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise their right to object by automated means using technical specifications.
(6) Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 para. 1, the data subject has the right, on grounds relating to their particular situation, to object to processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

§ 22 Automated Individual Decision-Making, Including Profiling (corresponds to Art. 22 GDPR)
(1) The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
(2) Paragraph 1 does not apply if the decision:
a) Is necessary for entering into, or performance of, a contract between the data subject and a data controller;
b) Is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or
c) Is based on the data subject's explicit consent.
(3) In the cases referred to in paragraph 2 letters a and c, the data controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view, and to contest the decision.
(4) Decisions referred to in paragraph 2 must not be based on special categories of personal data referred to in Article 9 para. 1, unless Article 9 para. 2 letter a or g applies and suitable measures to safeguard the data subject's rights and freedoms and legitimate interests are in place.

§ 23 Service Providers:
To provide you with our services, we collaborate with a select group of trusted partners. These partners assist us with technical and hosting support, sending notifications, publishing and sharing content, conducting user analytics and satisfaction surveys, managing security incidents, preventing fraudulent activities, and more. In order to deliver our services effectively, we may share your information with these partners as necessary. The table below lists our service providers:

Who/What:
Google Cloud —> Cloud Services
Firebase —> Cloud Services
One Signal —> Push Notifications
Cloudflare —> Cloud Services
Google Worspace —> Team communication
Meta Business Manager —> Advertising
Google Crashlytics —> Data analytics
Atlassian —> Team communication
GitHub —> Code Management
Figma —> Design Tool
Intelliy —> IDE
Postman —> Debugging Tool
Adobe —> Design Tool
OpenAI —> AI Tools
Google Fonts —> Provision of Webfonts
1Password —> Security Tool
Google Ads —> Advertising
Google Analytics —> Data analytics