Privacy Policy for the Reclaim App

Privacy Policy for the Reclaim iOS App

Status: 24.03.2026

1. Controller

Responsible for the processing of personal data in connection with the use of the iOS app Reclaim is:

Lennard Louis Schmidtke
Großenbuschstraße 22a
Germany
Email: info@reclaimapp.de

2. Scope

This privacy policy applies exclusively to the use of the iOS app Reclaim.

It does not apply to the website reclaimapp.de, order processes there, Shopify functions or other web offerings. A separate privacy policy applies to these offerings.

The app is aimed at users aged 16 and over.

3. General Information on Data Processing

We process personal data only to the extent necessary to provide a functional app and its content or if consent has been given.

When using Reclaim, data may also be processed that allows conclusions to be drawn about highly personal areas of life, in particular about dealing with pornography consumption, relapses, progress within the program, and – depending on usage – health-related information.

4. Data Processing upon First Launch of the App

Upon the first launch of the app, an anonymous user ID is automatically created via Firebase Authentication. This is done to technically provide the basic functions of the app.

In particular, we process:

  • anonymous Firebase User ID
  • technical device and app information, e.g., device type, operating system, app version
  • connection and usage information, insofar as technically necessary for operation

Additionally, an empty user document is created in our database so that app-related settings and later progress data can be stored.

Purposes of processing:
Provision of the app, technical functionality, creation of an individual app session.

Legal basis:
Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. f GDPR.

5. Explicit Consent to the Processing of Sensitive Data

For Reclaim to provide the personal plan, progress, and core functions of the app, we also process data that may be classified as special categories of personal data, depending on usage.

This may include, in particular:

  • progress data
  • relapse data
  • well-being information
  • data from program areas related to health
  • content that users enter within the app and that allows corresponding conclusions

Before using these functions, we obtain explicit consent during onboarding.

Consent is documented by:

  • the status of consent
  • date and time of consent
  • the consent text displayed at the time of consent

Legal basis:
Art. 6 para. 1 lit. a GDPR in conjunction with Art. 9 para. 2 lit. a GDPR.

Consent can be revoked at any time with effect for the future.
Revocation is possible at any time in the app settings under Privacy or by email to info@reclaimapp.de.

6. Processing of Progress and Program Data

When you actively use Reclaim, we process the data necessary to provide the program and to display your personal progress.

This includes, in particular:

  • Streak and relapse data, e.g., streakStartDate, resetEvents, maxStreakDayReached
  • Program data, e.g., hasEnteredErektionsProgramm, erektionenCompletedDays, erektionenLastCompletedDate
  • Personal promises, e.g., versprechenMessage, versprechenDate
  • Progress and mood data, e.g., progressEntries, moodEntries
  • Points and development values, e.g., disziplinPoints, sozialPoints, mentalePoints, physisPoints, points_log
  • technical status data, e.g., whether website or app blockers are activated
  • Referral information, e.g., referralSource

Purposes of processing:
Provision of the program, progress display, personalization, motivation, technical provision of app functions.

Legal basis:
Art. 6 para. 1 lit. b GDPR; where special categories of personal data are concerned, additionally Art. 9 para. 2 lit. a GDPR.

7. Registration and User Account

The app initially starts with an anonymous guest access. Users can later convert this into a permanent account.

Depending on the chosen registration method, we process in particular:

  • email address
  • password (technically managed via Firebase Authentication)
  • authentication data for Sign in with Apple
  • authentication data for Sign in with Google
  • possibly shared account information of the respective provider

Existing app data is linked to the account.

Purposes of processing:
Provision of a permanent user account, login, account recovery, cross-device usage.

Legal basis:
Art. 6 para. 1 lit. b GDPR.

8. Optional Profile Data

Users can voluntarily add profile data, in particular:

  • Name
  • Email address
  • Profile picture

The provision of this data is voluntary, unless it is required for a specifically desired function.

Optional information such as age, gender, sexual orientation, and region are currently not stored server-side, but remain locally on the device for now, if they are used in the app at all.

Purposes of processing:
Display of the profile, community usage, personalization of the user account.

Legal basis:
Art. 6 para. 1 lit. a GDPR or Art. 6 para. 1 lit. b GDPR, depending on the function.

9. Camera, Photo Library, and Profile Pictures

If you want to upload a profile picture for your profile or a clan profile, the app will only access the following functions after your active selection:

  • Camera, to take a picture directly
  • Photo Library, to select an existing picture

Usage does not occur in the background.

Data processed:
uploaded image files, possibly technical metadata during the upload.

Purposes of processing:
Provision of profile and clan pictures.

Legal basis:
Art. 6 para. 1 lit. b GDPR; for device access, additionally your consent via the iOS authorization system.

10. Family Controls / Website and App Blockers

Reclaim uses the iOS feature Family Controls to allow users to block distracting apps and websites.

The specific information about which apps or websites are blocked remains locally on the device and is not transmitted to our servers.

Server-side, we only process technical status information, in particular:

  • websiteBlockerEnabled
  • appBlockerEnabled

This information does not allow any conclusions to be drawn about specific blocked content.

Purposes of processing:
Provision of the blocker function, display of activation status.

Legal basis:
Art. 6 para. 1 lit. b GDPR.

11. Community, Clan Messages, Comments, Profile Pictures and Clans

Reclaim includes community features, including posts, comments, clans, and in-clan messaging functions.

We process, in particular:

  • content of posts and comments
  • content of messages within clans
  • clan-related information
  • profile pictures
  • internal user ID (authorId)
  • displayed username

Community content is visible to other authorized users within the app. Messages within clans are visible to the respective members of that clan. A clan can consist of 2 to any number of members.

Responsibility for user-generated content
For content that users publish or send within the community or within clans, particularly posts, comments, messages, images, profile pictures, or other user-generated content, the respective users themselves are generally responsible. This content is not adopted by the operator as its own content.

The operator's liability for third-party user-generated content is excluded, subject to mandatory legal provisions. As soon as we become aware of illegal, offensive, objectionable, or otherwise inadmissible content, we will review it and remove or block it if there are violations.

Purposes of processing:
Provision of community and clan functions, exchange between users, communication within clans, moderation, prevention of abuse.

Legal basis:
Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. f GDPR.

Our legitimate interest lies in the secure and functional provision of community and clan functions, as well as in protection against abuse.

12. Reporting System and Moderation

Users can report community content via a reporting system. In the event of multiple reports, content may be temporarily hidden and then manually reviewed.

In particular, we process:

  • reported posts, comments, clan messages, images, or other content
  • internal user IDs
  • information about reports
  • moderation decisions

Purposes of processing:
Detection, review, and removal of illegal or inadmissible content, protection of the community and clan communication.

Legal basis:
Art. 6 para. 1 lit. f GDPR.

13. Push Notifications

If you actively allow push notifications in iOS, we use them for app-related notices, in particular:

  • Milestone notifications
  • Reminders after a relapse
  • other function-related notices

For this purpose, we process your push token and technical delivery information.

Purposes of processing:
Communication of app-related notices and support within the program.

Legal basis:
Art. 6 para. 1 lit. a GDPR.

Push permission can be revoked at any time in the iOS settings.
Alternatively, permission can also be deactivated directly in the iOS system settings under Notifications → Reclaim.

14. Emails and Voluntary Communication Consents

If you voluntarily provide an email address, it may be processed for:

  • password reset
  • account-related notices
  • support communication
  • emails with information, tips, news, or offers regarding Reclaim, if you have given separate consent for this

We only send marketing or informational emails based on separate consent. The time of this consent can be documented.

Legal basis:

  • account-related emails: Art. 6 para. 1 lit. b GDPR
  • voluntary informational or marketing emails: Art. 6 para. 1 lit. a GDPR

You can revoke such consent at any time with effect for the future.

15. Subscriptions and Payments

Reclaim offers paid subscriptions.

For in-app purchases via iOS, payment processing is handled by Apple. We do not receive your full payment data, but only subscription-related information, particularly regarding purchase and subscription status.

To manage subscription status and technically validate purchases, we use RevenueCat.

In particular, the following may be processed:

  • internal user ID
  • transaction IDs
  • purchase metadata
  • subscription status

Purposes of processing:
Unlocking and managing paid features, validating purchases, subscription management.

Legal basis:
Art. 6 para. 1 lit. b GDPR.

The actual payment processing for in-app purchases is carried out by Apple under its own data protection responsibility.

16. Paywalls and Conversion Measurement

We use Superwall for the display and optimization of paywalls.

In particular, the following data may be processed:

  • internal user ID
  • technical session information
  • information about paywall impressions
  • conversion data

Purposes of processing:
Display, control, and optimization of paywalls.

Legal basis:
Art. 6 para. 1 lit. b GDPR; where further evaluations take place, Art. 6 para. 1 lit. f GDPR or – if necessary – Art. 6 para. 1 lit. a GDPR.

17. Usage Analysis with Firebase Analytics

We use Firebase Analytics to better understand app usage and to technically and content-wise develop the app further.

In particular, the following may be processed:

  • daily and monthly active users
  • session duration
  • retention values
  • device types
  • iOS versions
  • general usage and interaction data

Firebase Analytics is only activated if you have given your separate voluntary consent for this.

Purposes of processing:
Analysis of app usage, technical optimization, further development, and improvement of user-friendliness.

Legal basis:
Art. 6 para. 1 lit. a GDPR.

Consent can be revoked at any time with effect for the future.
Revocation of consent to Firebase Analytics is possible at any time in the app settings under Privacy.

18. Support by Email

If you contact us by email at info@reclaimapp.de, we process the data you submit, in particular:

  • email address
  • content of the message
  • possibly name and other information you submit

Processing is carried out via the email services we use, currently in particular IONOS and Outlook.

Purposes of processing:
Processing support inquiries and communicating with users.

Legal basis:
Art. 6 para. 1 lit. b GDPR or Art. 6 para. 1 lit. f GDPR.

19. Recipients and Service Providers Used

To provide the app, we use external service providers:

a) Google Firebase / Google Cloud

  • Firebase Authentication
  • Cloud Firestore
  • Firebase Storage
  • Firebase Cloud Messaging
  • Firebase Analytics

Purposes: Authentication, database, file storage, push notifications, usage analysis.
The primary database and storage resources are configured in Frankfurt am Main according to your specifications.

b) RevenueCat

Purpose: Subscription management and purchase validation.

c) Superwall

Purpose: Display and optimization of paywalls.

d) Apple

Purpose: App distribution via the App Store, in-app purchases, possibly Sign in with Apple.

e) Google Sign-In

Purpose: Login via a Google account.

f) IONOS / Outlook

Purpose: Email communication and support.

Insofar as these providers act as processors for us, we only use them on the basis of a corresponding data processing agreement.

20. Third-Country Transfers

When using individual service providers, the processing of personal data outside the European Union or the European Economic Area, particularly in the USA, cannot be ruled out.

This particularly concerns services from:

  • Google / Firebase
  • RevenueCat
  • Superwall
  • Apple
  • Google Sign-In
  • possibly other technical service providers in connection with email or infrastructure services

Insofar as personal data is transferred to third countries, we ensure that appropriate safeguards for an adequate level of data protection are in place, e.g., standard contractual clauses or other permissible transfer mechanisms of the respective provider.

21. Storage Duration

We store personal data only for as long as necessary for the respective purposes or as required by legal retention periods.

In particular, the following applies according to current planning:

  • Account data and app data: until the account is deleted
  • Support emails: generally up to 3 years, unless longer retention is required
  • Server and system logs: according to the specifications of the service providers used, typically approx. 30 to 90 days
  • Analytics data: depending on the service settings, typically 2 to 14 months
  • Image files: until the account is deleted or until removed by the user or the operator
  • Backups: according to the technical specifications of the respective service provider

Insofar as legal retention periods exist, further storage remains unaffected.

22. Account Deletion and Impact on Community Content

Users can initiate the deletion of their account directly in the app.

In the event of account deletion, the user account, personal profile data, and other app data related to the user are generally deleted, unless legal retention obligations prevent this.

Already published community posts, comments, clan messages, images, and other user-generated content will also be removed during account deletion. Instead of the original content, a neutral notice such as "Deleted Content" may be displayed within the app to maintain the technical and content structure of discussions and clan conversations in a comprehensible manner, without retaining the original content or its attribution to the person.

23. Data Security

We implement technical and organizational measures to protect personal data from loss, misuse, and unauthorized access.

This includes, in particular:

  • encrypted transmission via TLS/HTTPS
  • encryption of stored data provided by the providers
  • access restrictions
  • Firestore Security Rules to limit user access
  • internal access restriction to the operator

24. No Automated Decisions in the Sense of Art. 22 GDPR

No automated decision-making in the sense of Art. 22 GDPR takes place that produces legal effects concerning you or similarly significantly affects you.

25. Your Rights

You have the following rights under the GDPR, in particular:

  • Right to information
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Right to withdraw consent given with effect for the future

To exercise your right to data portability, you can request a copy of your personal data by email at info@reclaimapp.de. We will usually process your request within one month.

To exercise your rights, an email to: info@reclaimapp.de is sufficient.

You also have the right to lodge a complaint with a data protection supervisory authority. The State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia is particularly responsible.

26. Changes to this Privacy Policy

We reserve the right to amend this privacy policy if this is necessary due to technical, legal, or organizational changes. The current version published in the app shall always apply.