Privacy Policy

Last updated: April 2026

🔒 ErstattungsTracker stores all your data exclusively on your device. No personal health data is transferred to external servers.

Overview

This privacy policy applies to the iOS app ErstattungsTracker and its website. We place great importance on protecting your personal data and complying with the GDPR.

1. Controller

[Full name]
[Street and number]
[Postal code and city]
Email: [Email address]

2. Data storage in the app

Local storage

ErstattungsTracker processes and stores all data you enter — including medical bills, reimbursement amounts, person data and attachments — exclusively locally on your iPhone or iPad. This data is never transmitted to external servers.

  • No server connection for health-related data
  • No user account required
  • No cloud backup initiated by the app
  • No telemetry or usage analytics
  • No advertising or tracking

Data encryption

Sensitive data and attachments are stored locally in encrypted form. Access to the app can additionally be protected with Face ID or Touch ID. Biometric authentication is handled entirely by iOS — the app never receives access to raw biometric data.

iCloud backup

If iCloud Backup is enabled on your iPhone, app data may be included in the device backup managed by iOS. This is subject to Apple’s privacy policies. The app itself does not initiate cloud synchronisation.

3. External services

RevenueCat (in-app purchases and subscriptions)

ErstattungsTracker uses RevenueCat (RevenueCat, Inc., 633 Tasman Drive, San Jose, CA 95134, USA) to manage in-app purchases and subscriptions.

RevenueCat may process the following data:

  • Anonymous user IDs (system-generated, no name or email)
  • Purchase history and subscription status (via Apple App Store)
  • Device information (anonymised, for technical diagnostics)

This data is used solely for the technical handling of subscriptions. RevenueCat does not have access to your health data or other app content.

More information: revenuecat.com/privacy

Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

4. Website

Server logs

When you access this website, technical access data such as IP address, browser type and timestamps may be stored in server logs. This data is used solely for technical operation and security. Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

Cookies

This website does not use cookies.

Analytics

This website does not use web analytics services.

5. Your rights

Under the GDPR, you have the following rights regarding your personal data:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR)

Because app data is stored exclusively on your device, you can delete it yourself at any time within the app or by uninstalling the app.

For questions regarding data processed by RevenueCat or on the website, please contact: [Email address]

You also have the right to lodge a complaint with the competent supervisory authority.

6. Data security

We use technical and organisational security measures to protect your data against accidental or intentional manipulation, loss or unauthorised access. The app relies on the security infrastructure of iOS and encrypts local data.

7. Changes to this privacy policy

We may update this privacy policy if necessary to reflect legal changes or updates to the app. The current version is always available on this page.