Features Preise Blog DE

Privacy Policy

Data Controller

Responsible for data processing:

Christoph Bimmer bsigned.de Undeostr. 37 85661 Forstinning, Germany

Email: info@freipass.app Phone: +49 8121 9049907

General Information on Data Processing

The protection of your personal data is important to us. We process your data exclusively on the basis of legal provisions, in particular the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telecommunications Digital Services Data Protection Act (TDDDG).

This privacy policy informs you about which personal data we collect in connection with the use of the website freipass.app and the Freipass app, and how it is processed.

Personal data is any information that relates to an identified or identifiable natural person, such as your name, email address, or IP address.

Website freipass.app

The following sections relate to the use of the website freipass.app.

Hosting

This website is operated via Cloudflare Pages, a service of Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare is certified under the EU-US Data Privacy Framework, ensuring an adequate level of data protection for the transfer of personal data to the USA.

When you access our website, Cloudflare automatically collects data and stores it in server log files. Processing is based on our legitimate interest in the secure and efficient provision of our website pursuant to Art. 6(1)(f) GDPR.

More information on data protection at Cloudflare: https://www.cloudflare.com/privacypolicy/

Server Log Files

Each time you access our website, the following data is automatically recorded by the web server and stored in server log files:

  • IP address of the accessing device
  • Date and time of access
  • Name and URL of the retrieved page
  • Amount of data transferred
  • Notification of successful retrieval
  • Browser type and version
  • Operating system
  • Referrer URL (previously visited page)

This data generally cannot be attributed to specific individuals by us. It is not merged with other data sources. The data is used exclusively to ensure smooth operation of the website and to detect and prevent attacks.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest). Log files are automatically deleted after 30 days.

Cookies

Our website uses cookies for the following purposes:

Technically necessary cookies: Cloudflare may set technically necessary cookies (e.g. __cf_bm) for bot detection and to ensure website availability. These cookies do not contain personal data and are not used to track your browsing behaviour. The legal basis is Art. 6(1)(f) GDPR (legitimate interest). No consent is required for technically necessary cookies.

Analytics cookies (Google Analytics): With your consent, Google Analytics cookies are set to analyse the use of our website (see “Web Analytics” section below). The legal basis is Art. 6(1)(a) GDPR (consent). You can withdraw your consent at any time by deleting the cookies in your browser.

Web Analytics (Google Analytics)

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics is only activated after your explicit consent via the cookie banner.

Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. Google is certified under the EU-US Data Privacy Framework.

We use Google Analytics with IP anonymisation enabled. This means your IP address is truncated by Google within the EU/EEA before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.

Google will use this information on our behalf to evaluate the use of the website and to compile reports on website activity. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.

The legal basis is Art. 6(1)(a) GDPR (consent). You can withdraw your consent at any time with effect for the future by deleting the cookies in your browser.

More information: https://policies.google.com/privacy

Fonts

The fonts used on this website (Inter) are loaded locally from our own server. No connection to external servers (e.g. Google) is made. No personal data is transmitted to third parties in the process.

Freipass App

The following sections relate to the use of the Freipass app.

No Advertising, No Tracking

The Freipass app does not display advertising and does not use ad trackers, ad networks, or analytics tools. No data is transmitted to advertising service providers.

Cloudflare Workers

The Freipass app communicates via Cloudflare Workers with downstream services. Cloudflare Workers is a serverless execution service by Cloudflare, Inc. that acts as a reverse proxy and forwards incoming requests.

The following data may be processed by Cloudflare:

  • IP address of the accessing device
  • Requested URL and HTTP method
  • HTTP headers (e.g. User-Agent, Referrer)
  • Time of request

This processing is technically necessary to provide the app’s functionality. The data is processed by Cloudflare in accordance with their privacy policy and is not used for their own purposes.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the technical provision and functionality of our app).

AI Processing

AI requests (excuses, alibis, coach, situation analysis, receipts) are routed through our Cloudflare Worker proxy to the following services:

  • OpenAI (OpenAI, L.L.C., San Francisco, USA) — GPT-4o for text generation
  • Google Gemini/Imagen (Google Ireland Limited, Dublin, Ireland) — Gemini 2.5 Flash Lite as fallback AI and Imagen for photo generation
  • Claude/Anthropic (Anthropic, PBC, San Francisco, USA) — Claude Sonnet as additional fallback
  • fal.ai (fal.ai, Inc.) — FLUX Schnell for photo generation

The proxy strips IP headers before forwarding. API keys are stored exclusively on the server. Your inputs are not used for training AI models. All providers are certified under the EU-US Data Privacy Framework or offer comparable guarantees.

The legal basis is Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in providing the app’s functionality).

Subscriptions and Payments (RevenueCat)

Subscriptions are handled through RevenueCat, Inc. (San Francisco, USA) and the respective app store (Google Play / Apple). We store your RevenueCat Customer ID for purchase management. This ID is tied to your store account (Google Play / Apple) and enables restoring your purchases after a reinstall. The ID contains no name, no email, and is not linked to your app content. Payment data is processed exclusively by the app store.

The legal basis is Art. 6(1)(b) GDPR (contract performance).

More information: https://www.revenuecat.com/privacy

Crash Reports (Sentry)

Freipass uses Sentry (Functional Software, Inc., San Francisco, USA) for crash reports. Collection is disabled by default and must be actively enabled during onboarding or in the app settings (opt-in). Crash reports contain exclusively technical data (device type, OS version, stack trace) but no user data, alibis, or personal content. IP addresses are anonymised by Sentry.

The legal basis is Art. 6(1)(a) GDPR (consent).

More information: https://sentry.io/privacy/

Local Data Storage and Encryption

All alibis, excuses, and settings are stored exclusively on your device. Encryption uses AES-256. The key is derived from your PIN and stored securely. We have no access to your content.

Cloud Sync (Supabase)

If you enable Cloud Sync (Pro/Ultra), your data is transferred end-to-end encrypted to Supabase (Supabase, Inc., San Francisco, USA). The server only sees encrypted blobs. Decryption is only possible with your local key. Authentication is anonymous — no name, email, or password is collected.

The legal basis is Art. 6(1)(b) GDPR (contract performance).

General Provisions

The following sections apply to both the website and the app.

Contact Form

Our website provides a contact form. When you use it, the following data is processed:

  • Name
  • Email address
  • Subject (optional)
  • Message content

This data is used exclusively to process your inquiry and will be deleted once storage is no longer necessary.

Spam protection (Cloudflare Turnstile): To prevent automated spam, we use Cloudflare Turnstile, a service provided by Cloudflare, Inc. Technical data (e.g. IP address, browser information) may be transmitted to Cloudflare. Cloudflare is certified under the EU-US Data Privacy Framework. More information: https://www.cloudflare.com/privacypolicy/

Email delivery: Messages submitted via the contact form are delivered through Cloudflare Email Workers (Cloudflare, Inc.). No external email service provider is used.

The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures or contract performance) and Art. 6(1)(f) GDPR (legitimate interest in responding to your inquiry).

Contact

If you contact us via email, the data you provide (e.g. name, email address, message content) will be stored by us to process your inquiry and for follow-up questions.

The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures or contract performance) and Art. 6(1)(f) GDPR (legitimate interest in responding to your inquiry).

The data collected in this context will be deleted once storage is no longer necessary, or processing will be restricted if statutory retention obligations apply.

Storage Period

Unless otherwise specified in this privacy policy, your personal data will remain with us until the purpose of data processing no longer applies. If you assert a legitimate deletion request or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storage (e.g. tax or commercial law retention periods). In the latter case, deletion will occur after these reasons cease to apply.

Your Rights

You have the following rights at any time within the framework of applicable legal provisions regarding your personal data:

  1. Right of access (Art. 15 GDPR): You have the right to request confirmation as to whether personal data concerning you is being processed, and to obtain information about this data.

  2. Right to rectification (Art. 16 GDPR): You have the right to request the rectification of inaccurate personal data and the completion of incomplete data.

  3. Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data if one of the grounds listed in Art. 17 GDPR applies.

  4. Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing of your personal data.

  5. Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

  6. Right to object (Art. 21 GDPR): You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation.

  7. Right to withdraw consent (Art. 7(3) GDPR): If you have given consent to data processing, you may withdraw it at any time with effect for the future.

To exercise your rights, you can contact us at any time at: info@freipass.app

Supervisory Authority

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) Promenade 18 91522 Ansbach, Germany Phone: +49 981 180093-0 Email: poststelle@lda.bayern.de Website: https://www.lda.bayern.de

SSL/TLS Encryption

This website and the app’s communication use SSL/TLS encryption for security reasons and to protect the transmission of confidential content.

Changes to This Privacy Policy

We reserve the right to update this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services. The new privacy policy will apply to your next visit.

Last updated: March 2026