Last Revised: 12 May 2025

Introduction

[Your Company Name] (“Company”, “we”, “us”, or “our”) is committed to protecting the privacy and security of the personal data of our users, especially those residing in the European Economic Area (EEA), the United Kingdom (UK), and Switzerland. This statement outlines our practices regarding the collection, use, processing, and protection of personal data in compliance with the General Data Protection Regulation (GDPR) and applicable local data protection laws.

This statement applies to the Gubb desktop application (the “App”) and the Gubb website (https://www.gubb.net/) (the “Website”), collectively referred to as the “Services”.

Data Controller

For the purposes of GDPR, the data controller is:

Email for data protection inquiries: [email protected]

Personal Data We Collect and Process

We collect and process personal data necessary to provide and improve our Services. The types of personal data may include:

  • Account Information: Name, email address, password (hashed), subscription details, and payment information (processed by our third-party payment provider).
  • Usage Data: Information about how you interact with the App and Website, such as features used, session duration, crash reports, and performance data. This is often collected in an aggregated or anonymized form.
  • Device and Technical Information: Operating system type and version, application version, device identifiers (where applicable), IP address, browser type.
  • User Content: Notes, tasks, and other content you create within the App. If you use features like cloud synchronization or backup (e.g., via AWS or CloudKit), this content may be stored on third-party servers under our instruction. We treat your content as confidential.
  • Support Communications: Information you provide when you contact us for support, including your email address and the content of your communications.
  • Website Interaction Data: Information collected via cookies or similar technologies when you visit our Website (See our Cookie Policy [Link to Cookie Policy, if applicable]).

Legal Basis for Processing Personal Data

We process your personal data based on the following legal grounds under GDPR:

  • Contract Necessity (Art. 6(1)(b) GDPR): Processing necessary to fulfill our contract with you, such as providing the core functionalities of the App, managing your account and subscription, processing payments, and providing customer support.
  • Legitimate Interests (Art. 6(1)(f) GDPR): Processing necessary for our legitimate interests, provided these are not overridden by your interests or fundamental rights. This includes:
    • Improving and developing the Services.
    • Ensuring the security and integrity of our Services.
    • Analyzing usage patterns to enhance user experience (often using aggregated or anonymized data).
    • Sending essential service-related communications.
    • Sending marketing communications about our products (where permissible and subject to your right to object/opt-out).
  • Consent (Art. 6(1)(a) GDPR): For specific processing activities where we ask for your explicit consent, such as non-essential cookies or certain marketing communications. You can withdraw your consent at any time.
  • Legal Obligation (Art. 6(1)(c) GDPR): Processing necessary to comply with our legal obligations (e.g., tax laws, accounting requirements).

Data Sharing and Third Parties

We do not sell your personal data. We may share your personal data with trusted third-party service providers only when necessary to provide or improve our Services, under strict contractual obligations. These may include:

  • Payment Processors: To securely handle payments (e.g., Stripe, Paddle). We do not store your full credit card details.
  • Cloud Hosting/Storage Providers: For data storage, synchronization, and backup features (e.g., Amazon Web Services (AWS), Apple CloudKit).
  • Email Service Providers: For sending transactional emails and, if you consent, marketing emails (e.g., Amazon SES).
  • Analytics Providers: To help us understand service usage (often using anonymized or aggregated data).
  • Support Platforms: To manage customer support communications.

We ensure these third parties provide adequate protection for your data and comply with GDPR requirements.

International Data Transfers

Your personal data may be processed in countries outside the EEA, UK, or Switzerland, including the United States, where our Company or our third-party service providers operate. When we transfer personal data outside these regions, we ensure appropriate safeguards are in place to protect the data, such as:

  • Using Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Transferring data to countries deemed to have adequate data protection laws by the European Commission (Adequacy Decision).
  • Implementing supplementary measures as necessary to ensure data protection equivalent to that within the EEA/UK/Switzerland.

Specifically, transfers related to services like AWS or CloudKit are governed by their respective data processing agreements and safeguards.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration. These measures include encryption (both in transit and at rest where feasible), access controls, regular security assessments, and employee training. However, no method of transmission or storage is 100% secure.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including providing the Services, complying with legal obligations (e.g., financial record-keeping), resolving disputes, and enforcing our agreements. Account data is generally retained for the duration your account is active and for a reasonable period afterward in case you decide to reactivate or for legal/audit purposes. Usage data may be anonymized or aggregated and retained for longer periods for analytical purposes.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request correction of inaccurate or incomplete personal data.
  • Right to Erasure (‘Right to be Forgotten’): You can request deletion of your personal data under certain conditions (e.g., it’s no longer necessary for the purpose collected, you withdraw consent).
  • Right to Restriction of Processing: You can request that we limit the processing of your personal data under certain circumstances.
  • Right to Data Portability: You can request to receive your personal data in a structured, commonly used, machine-readable format and have it transferred to another controller where technically feasible.
  • Right to Object: You can object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw your consent at any time.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your Member State of residence, place of work, or place of the alleged infringement.

To exercise these rights, please contact us at . We may need to verify your identity before processing your request.

Cookies

Our Website may use cookies. For detailed information on the cookies we use and the purposes for which we use them, please see our Cookie Policy [Link to Cookie Policy, if applicable].

Children’s Privacy

Our Services are not intended for individuals under the age of 16 (or the relevant age of consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete it promptly.

Changes to This Statement

We may update this GDPR Compliance Statement from time to time. We will notify you of any significant changes by posting the new statement on our Website or through other communication channels. We encourage you to review this statement periodically.

Contact Us

If you have any questions or concerns about this GDPR Compliance Statement or our data protection practices, please contact us at: