Privacy Policy
At Vitatrellis, we are committed to protecting your privacy. This Privacy Policy describes how we collect, use, and handle your personal information when you use our mobile application (iOS and Android), web application, and backend services.
1. Information We Collect
We only collect information that is necessary to provide the features of the app:
1.1 Account Data
- Email Address: Used for account management, authentication, and essential communications
- Name: Used to identify you within your household
- Password: Encrypted with industry-standard bcrypt hashing (we can never see your password)
1.2 Social Login Data
When you choose to sign in using social authentication providers, we collect:
- Google Sign-In: Email address, name, profile picture (optional)
- Sign in with Apple: Email address (or private relay email), name
- Facebook Login: Email address, name, profile picture (optional)
- Social Provider IDs: Unique identifiers from the authentication provider (used for account linking)
We only request the minimum necessary information to create and authenticate your account. You can revoke social login access at any time through your provider's settings.
1.3 User Content
- Tasks, shopping lists, and recipes you create
- Household names and memberships
- This data is shared with other members of the same household as part of the app's core functionality
1.4 Device Information
- Device model and operating system version
- App version and crash logs (to ensure app stability and fix bugs)
- Device advertising identifiers (for ad serving, see Section 3)
- Device Tokens: For push notifications via Firebase Cloud Messaging (FCM)
2. Location Data (Foreground Only)
Important: We do NOT track your location in the background. Location is only accessed when the app is actively in use.
Vitatrellis accesses your device's location to enable features such as:
- Marking task locations on a map
- Tagging tasks with specific places
- Providing location-based reminders
How we handle location data:
- Access Level: Location data is accessed only while the app is actively in use (foreground only)
- Background Location: We do NOT collect or track your location in the background
- Usage: Your location is processed locally on your device or used to display points of interest
- Storage: We do not store a history of your movements on our servers
- Encryption: Any location data stored is encrypted using AES-256-GCM
3. Third-Party Services and Data Sharing
We do NOT sell your personal data. To provide specific features, we work with the following third-party providers:
3.1 Firebase Cloud Messaging (FCM)
- Used to deliver push notifications for task reminders, household updates, and service messages
- Collects device tokens to route notifications to your device
- Operated by Google LLC
- Governed by Firebase Privacy Policy
3.2 Social Authentication Providers
We support the following social login options to make account creation easier:
- Google Sign-In: Operated by Google LLC - Google Privacy Policy
- Sign in with Apple: Operated by Apple Inc. - Apple Privacy Policy
- Facebook Login: Operated by Meta Platforms Inc. - Facebook Privacy Policy
When you use social login, these providers may share basic profile information with us as described in Section 1.2. You can revoke access at any time through your provider's account settings or by unlinking the account in the Vitatrellis app settings.
3.3 Google Play Services
- Used for app infrastructure, updates, and push notifications on Android devices
- Governed by Google's Privacy Policy
3.4 Apple Services
- Used for app distribution, updates, and push notifications on iOS devices
- Governed by Apple's Privacy Policy
3.5 Google AdMob
- We display advertisements to keep the app free
- AdMob may use device advertising identifiers to show relevant ads
- You can opt out of personalized ads in your device settings
- Learn more: Google Ad Privacy
3.6 In-App Billing (Google Play / Apple App Store)
- All financial transactions for subscriptions are handled securely by Google Play or Apple App Store
- We do NOT store your credit card information
- Payment data is processed according to Google's and Apple's payment policies
3.7 Cloudflare R2 Storage
- Used for storing app assets and user-uploaded content (if applicable)
- Data is stored securely with encryption
- Governed by Cloudflare's Privacy Policy
3.8 Authentication & Security
- We use standard encryption and security protocols to protect your data during transmission and storage
- All data transmission uses TLS 1.3 (HTTPS)
- Passwords are hashed using bcrypt with salt
4. Data Storage and GDPR Compliance
EU Data Protection: All your personal data is stored in Europe on AWS infrastructure to comply with GDPR requirements.
4.1 Data Location
- All personal data is stored on AWS servers located in Europe (EU region)
- This ensures compliance with GDPR and European data protection laws
- Data is NOT transferred outside the European Economic Area (EEA) without appropriate safeguards
4.2 Data Security
| Data Type | Protection Method |
|---|---|
| Passwords | Bcrypt hashing with salt (irreversible) |
| GPS Coordinates | AES-256-GCM encryption |
| Addresses | AES-256-GCM encryption |
| Data in Transit | TLS 1.3 (HTTPS) |
| API Access | JWT-based authentication |
5. Communications and Notifications
5.1 Transactional Emails
We send essential emails for:
- Account verification
- Password resets
- Security alerts
These are mandatory for account security and cannot be disabled.
5.2 Push Notifications
We use Firebase Cloud Messaging (FCM) to deliver push notifications to your device. Push notifications include:
5.2.1 Service Messages (Mandatory)
- Security alerts and account notifications
- Household invitations and membership changes
- Important service updates and maintenance notices
These notifications are essential for the proper functioning of the app and cannot be disabled.
5.2.2 Task and Reminder Notifications (Optional)
- Task reminders based on time or location
- Shopping list updates
- Household activity notifications
- Recipe meal planning reminders
You can enable or disable these notifications at any time in the app's Profile settings or through your device's notification settings.
5.2.3 Marketing Communications (Opt-in)
- New feature announcements
- Tips and best practices
- Special offers and promotions
Marketing notifications require explicit consent and can be easily disabled at any time through the app settings. We will never send marketing communications without your permission.
5.3 Task Reminders (Email)
You can choose to receive:
- Daily summaries via email
- Local push notifications
- Task reminders
You can manage or disable these at any time in the app's "Profile" settings.
6. Your Rights (GDPR)
Under GDPR, you have the following rights:
6.1 Right to Access (Article 15)
- You can request a copy of all your personal data
- Available via the data export feature in the app
- Or by contacting us at privacy@vitatrellis.com
6.2 Right to Erasure (Article 17)
- You have full control over your data
- Delete your account and all associated data instantly via the "Delete Account" button in the app's Profile screen
- Important: Before deleting your account, you must leave all households you're a member of. The app will guide you through this process.
- Deletion is permanent and irreversible
- For detailed instructions, see our Data Deletion Guide
6.3 Right to Data Portability (Article 20)
- Export your data in machine-readable JSON format
- Use the data export feature in the app settings
6.4 Right to Rectification (Article 16)
- Update your profile information at any time via the app
6.5 Right to Object
- Object to data processing by deleting your account
- Opt out of optional notifications in settings
7. Data Retention and Account Deletion
We keep your data for as long as your account is active.
7.1 Account Deletion
⚠️ Important Household Requirement: Before you can delete your account, you must leave all households you're a member of. This ensures household data integrity and proper transition of household ownership if needed.
- You can delete your account instantly via the "Delete Account" button in the app's Profile screen or webapp Settings page
- The app will check if you're a member of any households and guide you through leaving them first
- This will permanently delete:
- Your personal data
- All your personal tasks, recipes, and shopping lists
- Your social login connections (you may also want to revoke access separately - see our Data Deletion Guide)
- Your FCM device tokens and notification preferences
- Alternatively, contact us at privacy@vitatrellis.com to request deletion
- For step-by-step deletion instructions, see our Data Deletion Guide
7.2 Data Retention Periods
- Account Data: Kept until you delete your account
- Location Data: Kept encrypted until you delete the location or your account
- Logs: Anonymized logs kept for 30 days for debugging purposes
- Backup Data: Deleted from backups within 30 days of account deletion
8. Children's Privacy
Age Requirement: Vitatrellis is not intended for children under the age of 13.
We do not knowingly collect personal information from children under 13 years of age. If we become aware that a child under 13 has provided us with personal data, we will delete it immediately.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@vitatrellis.com.
9. International Data Transfers
Your data is primarily stored in the European Union (EU) on AWS infrastructure. If data needs to be transferred outside the EU for service provision, we ensure:
- Adequate protection through Standard Contractual Clauses (SCCs)
- Compliance with GDPR Article 46
- Appropriate technical and organizational measures
10. Security Measures
We implement industry-standard security measures to protect your data:
- End-to-end encryption for sensitive data
- Regular security audits and updates
- Access controls and authentication
- Secure development practices
- Regular backups in secure locations
11. Cookies and Tracking
The web version of Vitatrellis uses only technically necessary cookies:
- Session cookies to maintain your login
- Preference cookies for language settings
We do NOT use tracking cookies or third-party analytics on the web app.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect:
- Changes in our practices
- Legal or regulatory requirements
- New features or services
We will notify you of any significant changes by:
- Posting the new policy in the app
- Sending you an email notification
- Displaying a notice on our website
Your continued use of the service after changes constitutes acceptance of the updated policy.
13. Contact Us
If you have any questions, feedback, or need support, please reach out to us.
Support & Inquiries
For general questions or technical support:
- Email: support@vitatrellis.com
Privacy & Data
For questions regarding your data or privacy:
- Email: privacy@vitatrellis.com
- Data Protection Officer: dpo@vitatrellis.com
In-App Feedback
You can also send us feedback directly through the Feedback screen in the Vitatrellis app or webapp.
Legal Information
Vitatrellis is developed and operated by:
Benjamin Lunnet
Carlsvej 15
3300 Frederiksværk
Denmark
Email: developer@vitatrellis.com
14. Supervisory Authority
If you are located in the EU/EEA, you have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.
Last Updated: December 30, 2025
Version: 3.0 - Added Firebase FCM, social login disclosures (Google, Apple, Facebook), and enhanced push notification details
Previous Version: 2.0 - Updated for mobile app (iOS/Android), Cloudflare R2, and EU data storage