Orcaflow LogoExplore Apps

Privacy Policy

The protection of your personal data is a top priority for Orcaflow e.U. We process your data exclusively on the basis of legal regulations (GDPR, TKG 2021, DSG). This policy informs you about the data processing practices for our website, our mobile applications, and our browser-based applications (Web Apps).

1. Controller and Contact

The responsible party for data processing is:

Orcaflow e.U.
Owner: Moritz Hessenberger
Kuferzeile 28, 4810 Gmunden, Austria
Email: hello@orcaflow.io

2. Scope of Services

This privacy policy covers the following "Services":

  • The marketing website (orcaflow.io).
  • Our mobile applications for iOS and Android.
  • Our browser-based software applications (SaaS).

3. Data Collection and Purposes

A. Account & Authentication

Data: Name, email address, and authentication tokens.

Purpose: To create and manage your user account.

Social Login: If you use Apple or Google login services, we receive your basic profile data (name, email) to authenticate your identity.

B. Functional Usage (Apps & Web Apps)

Mobile Permissions: Our mobile apps request access to the Camera and Gallery/Photos only when you actively use features requiring image capture or upload.

Browser Storage: Our web apps use Local Storage and Session Storage to maintain your login session and save user-specific settings.

Notifications: We send push notifications (mobile) or browser alerts only upon your explicit opt-in.

Contact Form: Data entered into our website contact form (Name, Email) is processed solely to handle your inquiry.

C. Advertising and Monetization

Our mobile applications may display advertisements to keep certain features free of charge.

Service Provider: We use Google AdMob to serve advertisements.

Data Processed: This service may collect technical identifiers (e.g., Apple IDFA or Google Advertising ID), IP addresses, and interaction data to serve relevant ads and measure performance.

Control: You can restrict personalized advertising at any time via your mobile device's system settings.

4. Service Providers and Infrastructure

To provide a secure and high-performance environment, we work with specialized sub-processors. Data is processed primarily within the European Economic Area (EEA):

Cloud Infrastructure & Hosting: We utilize a leading cloud platform (Google Firebase) with server locations in the European Union to host our databases and application logic.

Analytics & Performance: We use EU-hosted analytics frameworks (PostHog and Firebase Analytics) to monitor technical performance and improve user experience through pseudonymized usage data.

Security & Optimization: Web traffic is routed through specialized security providers (Cloudflare, Groq) to protect against cyber attacks and optimize load times. These providers process technical data (e.g., IP addresses) in a transient state; no personal identifying profiles are stored by these technical intermediaries.

5. Legal Basis

Processing is based on:

  • Contractual Performance (Art. 6 para. 1 lit. b GDPR) for app functionality and account management.
  • Legitimate Interest (Art. 6 para. 1 lit. f GDPR) for technical security and service optimization.
  • Consent (Art. 6 para. 1 lit. a GDPR) for notifications and specific analytics.

6. Data Retention

We store personal data for the duration of your active relationship with us.

Statutory Retention: Per Austrian commercial and tax law, certain data (e.g., related to subscriptions or contracts) is stored for 7 years.

Deletion: Upon an account deletion request or an informal request via email, we will erase your personal data unless legal retention periods apply.

7. Your Rights

Under the GDPR, you have the following rights:

  • Access, Rectification, and Erasure of your data.
  • Restriction of processing and Data Portability.
  • Right to Object to processing based on legitimate interests.

To exercise these rights, please contact hello@orcaflow.io. You also have the right to lodge a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde).