Features Preise Blog DE

Privacy Policy

Data Controller

Responsible for data processing on this website:

Christoph Bimmer bsigned.de Undeostr. 37 85661 Forstinning, Germany

Email: info@freipass.app Phone: +49 8121 9049909

General Information on Data Processing

The protection of your personal data is important to us. We process your data exclusively on the basis of legal provisions, in particular the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telecommunications Digital Services Data Protection Act (TDDDG).

This privacy policy informs you about which personal data we collect in connection with your visit to freipass.app and how it is processed.

Personal data is any information that relates to an identified or identifiable natural person, such as your name, email address, or IP address.

Hosting

This website is operated via Cloudflare Pages, a service of Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare is certified under the EU-US Data Privacy Framework. When you access our website, Cloudflare automatically collects data and stores it in server log files. Processing is based on our legitimate interest in the secure and efficient provision of our website pursuant to Art. 6(1)(f) GDPR.

Server Log Files

Each time you access our website, the following data is automatically recorded by the web server and stored in server log files:

  • IP address of the accessing device
  • Date and time of access
  • Name and URL of the retrieved page
  • Amount of data transferred
  • Notification of successful retrieval
  • Browser type and version
  • Operating system
  • Referrer URL (previously visited page)

This data generally cannot be attributed to specific individuals by us. It is not merged with other data sources. The data is used exclusively to ensure smooth operation of the website and to detect and prevent attacks.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest). Log files are automatically deleted after 30 days.

Cookies

Our website currently does not use cookies for analytics or advertising purposes. Should this change in the future, this privacy policy will be updated accordingly and a cookie banner will be displayed.

Fonts

This website uses Google Fonts. When loading the website, a connection to Google servers is established to retrieve the fonts. Your IP address may be transmitted to Google. Google is certified under the EU-US Data Privacy Framework.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in an appealing presentation of our website).

More information can be found in Google’s privacy policy at https://policies.google.com/privacy.

Freipass App

The following sections relate to the use of the Freipass app.

Cloudflare Workers

The Freipass app communicates via Cloudflare Workers, a serverless execution service by Cloudflare, Inc. that acts as a reverse proxy. The following data may be processed by Cloudflare:

  • IP address of the accessing device
  • Requested URL and HTTP method
  • HTTP headers (e.g., User-Agent, Referrer)
  • Time of request

This processing is technically necessary to provide the app’s functionality. The legal basis is Art. 6(1)(f) GDPR (legitimate interest).

AI Processing

AI requests (excuses, alibis, coach, situation analysis, receipts) are routed through our Cloudflare Worker proxy to the following services:

  • OpenAI (OpenAI, L.L.C., San Francisco, USA) — GPT-4o for text generation
  • Google Gemini/Imagen (Google Ireland Limited, Dublin, Ireland) — Gemini 2.5 Flash Lite as fallback AI and Imagen for photo generation
  • Claude/Anthropic (Anthropic, PBC, San Francisco, USA) — Claude Sonnet as additional fallback
  • fal.ai (fal.ai, Inc.) — FLUX Schnell for photo generation

The proxy strips IP headers before forwarding. API keys are stored exclusively on the server. Your inputs are not used for training AI models. All providers are certified under the EU-US Data Privacy Framework or offer comparable guarantees.

The legal basis is Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest).

Subscriptions and Payments (RevenueCat)

Subscriptions are handled through RevenueCat, Inc. (San Francisco, USA) and the respective app store (Google Play / Apple). We store your RevenueCat Customer ID for purchase management. This ID is tied to your store account (Google Play / Apple) and enables restoring your purchases after a reinstall. The ID contains no name, no email, and is not linked to your app content. Payment data is processed exclusively by the app store.

The legal basis is Art. 6(1)(b) GDPR (contract performance).

More information: https://www.revenuecat.com/privacy

Crash Reports (Sentry)

Freipass uses Sentry (Functional Software, Inc., San Francisco, USA) for crash reports. Collection is enabled by default and can be disabled in the app settings. Crash reports contain technical data (device type, OS version, stack trace) but no user data, alibis, or personal content. IP addresses are anonymized by Sentry.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in app stability and bug fixing).

More information: https://sentry.io/privacy/

Local Data Storage and Encryption

All alibis, excuses, and settings are stored exclusively on your device. Encryption uses AES-256. The key is derived from your PIN and stored securely. We have no access to your content.

Cloud Sync (Supabase)

If you enable Cloud Sync (Pro/Ultra), your data is transferred end-to-end encrypted to Supabase (Supabase, Inc., San Francisco, USA). The server only sees encrypted blobs. Decryption is only possible with your local key. Authentication is anonymous — no name, email, or password is collected.

The legal basis is Art. 6(1)(b) GDPR (contract performance).

No Advertising

The Freipass app does not display advertising and does not use ad trackers or ad networks.

General Provisions

The following sections apply to both the website and the app.

Contact

If you contact us via email, the data you provide (e.g., name, email address, message content) will be stored by us to process your inquiry and for follow-up questions.

The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures or contract performance) and Art. 6(1)(f) GDPR (legitimate interest in responding to your inquiry).

The data collected in this context will be deleted once storage is no longer necessary, or processing will be restricted if statutory retention obligations apply.

Storage Period

Unless otherwise specified in this privacy policy, your personal data will remain with us until the purpose of data processing no longer applies. If you assert a legitimate deletion request or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storage (e.g., tax or commercial law retention periods). In the latter case, deletion will occur after these reasons cease to apply.

Your Rights

You have the following rights at any time within the framework of applicable legal provisions regarding your personal data:

  1. Right of access (Art. 15 GDPR): You have the right to request confirmation as to whether personal data concerning you is being processed.

  2. Right to rectification (Art. 16 GDPR): You have the right to request the rectification of inaccurate personal data and the completion of incomplete data.

  3. Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data if one of the grounds listed in Art. 17 GDPR applies.

  4. Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing of your personal data.

  5. Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

  6. Right to object (Art. 21 GDPR): You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation.

  7. Right to withdraw consent (Art. 7(3) GDPR): If you have given consent to data processing, you may withdraw it at any time with effect for the future.

To exercise your rights, you can contact us at any time at: info@freipass.app

Supervisory Authority

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) Promenade 18 91522 Ansbach, Germany Phone: +49 981 180093-0 Email: poststelle@lda.bayern.de Website: https://www.lda.bayern.de

SSL/TLS Encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content.

Changes to This Privacy Policy

We reserve the right to update this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services.

Last updated: March 2026