Privacy Policy

Mattenhänger – Discover and share hammock spots

1. Data Controller

The party responsible for processing your personal data within the meaning of the EU General Data Protection Regulation (GDPR) is:

Nico Kimpel
Karl-Marx-Allee 81
10243 Berlin
Germany

Contact: mattenhaenger@gmail.com

2. Data We Collect

When you use Mattenhänger we process the following personal data:

• Email address (on registration)
• Username (on registration)
• Location data (GPS coordinates of your hammock spots and, optionally, your home location for location-based notifications)
• Photos you upload to spots or use as a profile picture
• Social data (friendships, follow relationships, comments and ratings)
• Technical device data (push notification tokens)
• Crash and diagnostic data (device model, OS version, anonymized stack traces)
• Notification preferences (stored locally on your device)

3. Use Without Registration

You can use Mattenhänger without registering, as a guest (demo user). An anonymous account is created for you that does not require personal data such as an email address or name. Spots created as a guest are stored locally and in Firebase. You can link your guest account to an email address at any time to keep it permanently.

4. Purpose of Processing

We process your data solely to provide the app's features:

• Registration and authentication (including Google Sign-In)
• Password reset by email
• Storing and displaying your hammock spots
• Sharing spots with other users (public, friends-only or private)
• Social features: friendships, follows, comments and ratings
• Sending push notifications (new spots nearby, friend requests, etc.)
• Detecting, diagnosing and fixing crashes and technical errors

Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(a) GDPR (consent, e.g. for location access and notifications).

5. Sign-In with Google

You can sign in with your Google account (Google Sign-In). When you do, your name and email address are transmitted from Google to us and stored in your user profile. No additional Google data is retrieved. Legal basis: Art. 6(1)(a) GDPR (consent).

6. Service Providers (Processors)

We use the following external services that process your data on our behalf:

• Google Firebase (Authentication, Firestore, Storage) – authentication, database services and file storage. Servers: EU. Privacy policy
• Google Firebase Cloud Messaging – push notifications.
• Google Sign-In – sign-in via Google account. Privacy policy
• Sentry (Functional Software, Inc., operated via Sentry GmbH for the EU region) – crash and error reporting. We send anonymized stack traces, device model and OS version. No spot content, photos or message content is transmitted. Privacy policy
• MapLibre / OpenFreeMap – map tiles for the in-app map. When the map is loaded, your IP address is briefly transmitted to the tile server to deliver map data. No tracking cookies are set. More info
• Expo (EAS) – build services and push notification relay. Privacy policy
• Vercel Inc. – web hosting for the website mattenhaenger.de. Privacy policy
• Netcup GmbH, Karlsruhe – additional web hosting. Privacy policy
• Resend (Resend, Inc.) – transactional email delivery (e.g. password reset). Privacy policy

Data processing agreements pursuant to Art. 28 GDPR are in place with all processors. Where data is transferred to processors outside the EU/EEA (e.g. USA), the transfer is safeguarded by the EU Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework.

7. Disclosure of Data

Your data is not sold to third parties or used for advertising. Disclosure occurs only to the processors listed above and in the following cases:

• If you mark spots as "public" (name, description, photos and ratings are visible to all app users)
• If you mark spots as "friends" (visible only to your confirmed friends)
• Your username and profile picture are visible to other users when they view your profile
• Public spots may be displayed on partner websites via an embedded map. Visible items are: spot name, GPS position, photos and ratings. Hidden are: description, comments and the username of the creator. If you do not want this, set your spot to "friends" or "private".

8. Retention Period

Your data is stored as long as you have a Mattenhänger account. You can delete your account and all associated data at any time in the settings.

When the account is deleted, we remove:

• Your user profile and authentication data
• Your locally stored data

Note: Public spots may be retained after account deletion and assigned to an anonymous placeholder account so that the spot information remains available to the community.

9. Your Rights Under the GDPR

You have the following rights regarding your data:

• Access (Art. 15 GDPR): you may request information about the data we store about you at any time.
• Rectification (Art. 16 GDPR): you may have inaccurate data corrected.
• Erasure (Art. 17 GDPR): you may request the deletion of your data.
• Data portability (Art. 20 GDPR): you may receive your data in a machine-readable format.
• Objection (Art. 21 GDPR): you may object to the processing of your data.
• Withdrawal of consent (Art. 7(3) GDPR): you may withdraw consent (e.g. for location access, notifications) at any time.
• Complaint: you have the right to lodge a complaint with a data protection authority.

To exercise your rights, please contact: mattenhaenger@gmail.com

10. Information for California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following rights regarding your personal information.

Categories of Personal Information We Collect

In the past 12 months we have collected the following categories of personal information:

• Identifiers: email address, username, anonymous user ID, IP address, push notification tokens.
• Geolocation data: GPS coordinates of spots you create and, optionally, your home location.
• User-generated content: photos, comments, ratings.
• Internet or other electronic network activity: device model, operating system version, anonymized crash logs.

Sources and Purposes

We collect this information directly from you when you use the app, and from your device. We use it solely to provide the service as described in section 4 above.

Sale or "Sharing" of Personal Information

We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising within the meaning of the CCPA/CPRA. We have not sold or shared personal information of minors under 16.

Your California Privacy Rights

• Right to know: you may request the categories and specific pieces of personal information we have collected about you.
• Right to delete: you may request that we delete personal information we have collected from you.
• Right to correct: you may request that we correct inaccurate personal information.
• Right to opt out of sale/sharing: as we do not sell or share personal information, no opt-out is required. We honor Global Privacy Control (GPC) signals where applicable.
• Right to limit use of sensitive personal information: we do not use sensitive personal information for purposes that would trigger this right.
• Right to non-discrimination: we will not discriminate against you for exercising any of your CCPA/CPRA rights.

How to Exercise Your California Rights

Send a request to mattenhaenger@gmail.com with the subject line "California Privacy Request". We will verify your identity by matching the email address associated with your account. You may also designate an authorized agent to make a request on your behalf; the agent must provide written permission and we may require you to verify the request directly. We will respond within 45 days.

11. Children's Privacy

Mattenhänger is not directed to children under 13 (or under 16 in the EU/EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

12. Data Security

We use industry-standard technical and organizational measures to protect your data, including HTTPS/TLS encryption in transit, encryption at rest with our processors, and access controls. No method of transmission or storage is 100% secure, but we work continuously to protect your data.

13. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or for legal reasons. The current version is always available at mattenhaenger.de/privacy. Material changes will be communicated in the app or by email.

14. Contact

For any privacy-related questions, please contact:
mattenhaenger@gmail.com