Privacy Policy

As of: March 2026

1. Controller

The controller responsible for data processing on this website and in the KarmaFlow app is:

SHOP-Construct UG (haftungsbeschränkt)
von-Schwind-Str. 17, 45768 Marl, Germany
Email: info@shop-construct.de

2. Data Collected

We collect and process the following data:

  • Account data: Email address and encrypted password upon registration
  • Usage data: Your karma journal entries, karma scores, dimension ratings, streaks, levels, and achievements
  • Technical data: Device information, app version, time zone

3. Purpose of Processing

Your data is used exclusively for:

  • Providing KarmaFlow functionality (entries, analysis, streaks, achievements)
  • Authentication and account security
  • Improvement of the Service

The legal basis for processing is Article 6(1)(b) GDPR (performance of a contract) and Article 6(1)(f) GDPR (legitimate interests in improving our Service).

4. AI Processing

Your journal entries are analysed by AI systems to assign karma dimensions, generate karma scores, and provide feedback. This processing is carried out on our servers. Important notes:

  • AI-generated results are for informational and motivational purposes only
  • We do not guarantee the accuracy or completeness of AI-generated output
  • Your data is not used for advertising purposes or shared with third parties for their own purposes
  • AI processing is necessary for the performance of our Service (Article 6(1)(b) GDPR)

5. Data Storage and Security

  • All data is stored on secure servers within the European Union (EU)
  • Passwords are stored exclusively as cryptographic hashes (bcrypt) and are never stored in plain text
  • All data transmission is encrypted using HTTPS/TLS
  • We implement appropriate technical and organisational measures to protect your data

6. Your Rights

Under the GDPR, you have the following rights at any time:

  • Right of access (Art. 15 GDPR): Information about what data we store about you
  • Right to rectification (Art. 16 GDPR): Correction of inaccurate data
  • Right to erasure (Art. 17 GDPR): Complete deletion of your account and all associated data
  • Right to data portability (Art. 20 GDPR): Export of your data in a machine-readable format
  • Right to restriction of processing (Art. 18 GDPR): Restriction of the processing of your data
  • Right to object (Art. 21 GDPR): Objection to data processing based on legitimate interests

You can delete your account directly in the app under Settings. You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

7. Cookies and Tracking

This website does not use tracking cookies or analytics tools. Only technically necessary cookies for session management are used. No personal data is collected through cookies.

8. Premium Subscriptions

Premium purchases are processed exclusively through the app stores (Apple App Store, Google Play Store). We do not have access to your payment data (credit card numbers, bank details, etc.). Payment processing is subject to the privacy policies of Apple or Google respectively.

We store only the subscription status (active/inactive) and the subscription type (monthly/annual) for the purpose of providing premium features. This data is deleted when your account is deleted.

9. Data Retention

Your data is stored for the duration of your account. Upon account deletion, all personal data including journal entries, karma scores, and profile information is permanently deleted. We may retain anonymised, aggregated data for statistical purposes.

10. Third-Party Services

We do not share your personal data with third parties for their own purposes. Data may be processed by technical service providers (hosting, error monitoring) who act as data processors under appropriate data processing agreements in accordance with Art. 28 GDPR.

11. Contact

For questions about data protection, please contact us at: info@shop-construct.de