Privacy policy

Last updated: March 26, 2026

On this page you will find 2 privacy policies:

  1. The privacy policy for this website
  2. The privacy policy for the Reclaim iOS app

Reclaim operates this store and website, including all related information, content, features, tools, products, and services, in order to provide you as a customer with a personalized shopping experience (the “Services”). Reclaim is powered by Shopify, which enables us to provide you with the Services. This Privacy Policy describes how we collect, use, or disclose personal data when you visit, use, or make a purchase or other transaction using the Services, or otherwise communicate with us. If there is a conflict between our General Terms and Conditions and this Privacy Policy, this Privacy Policy shall prevail with regard to the collection, processing, and disclosure of your personal data.

Please read this Privacy Policy carefully. By using or accessing any of the Services, you confirm that you have read this Privacy Policy and agree to the collection, use, and disclosure of your information as described in this Privacy Policy.

What personal data do we collect or process?

When we use the term “personal data,” we mean information that identifies you or another person, or that can be directly linked to you. Personal data does not include information that is collected anonymously or has been anonymized in such a way that you can no longer be identified or linked to it. Depending on how you interact with the Services, where you live, and as permitted or required by applicable law, we may collect or process the following categories of personal data, including inferences drawn from such personal data:

  • Contact details, including name, postal address, billing address, shipping address, telephone number, and email address.
  • Financial data, including credit card, debit card, and financial account numbers, payment card information, financial account information, transaction details, payment method, payment confirmation, and other payment details.
  • Account information, including username, password, security questions, configurations, and settings.
  • Transaction information, including the items you view, add to your cart, add to your wishlist, purchase, return, exchange, or cancel, as well as your past transactions.
  • Communications with us, including information you provide when contacting us, for example when you send a customer support request.
  • Device information, including information about your device, browser, or network connection, IP address, and other unique identifiers.
  • Usage information, including information about your interaction with the Services, including how and when you interact with or browse the Services.

Sources of personal data

We may collect personal data from the following sources:

  • Directly from you: for example, when you create an account, access or use the Services, communicate with us, or otherwise provide us with your personal data.
  • Automatically through the Services: for example, from your device when you use our products or services or visit our website, including through cookies and similar technologies.
  • From our service providers: for example, when we engage service providers to enable certain technologies and they collect or process your personal data on our behalf.
  • From our partners and other third parties.

How do we use your personal data?

Depending on how you interact with us or which Services you use, we may use personal data for the following purposes:

Providing, customizing, and improving the Services. We use your personal data to provide the Services to you. This includes, for example, fulfilling our contract with you, processing your payments, fulfilling your orders, storing your settings and items you are interested in, sending notifications related to your account, creating, maintaining, and otherwise managing your account, arranging shipping, facilitating returns and exchanges, allowing you to submit reviews, and creating a personalized shopping experience for you by, for example, recommending products based on your purchases. This may also include using your personal data to better tailor and improve the Services.

Marketing and advertising. We use your personal data for marketing and advertising purposes, for example to send marketing and promotional messages by email, SMS, or post, and to show you online advertisements for products or services on the Services or other websites, including based on items you previously purchased or placed in your cart, as well as other activity related to the Services.

Security and fraud prevention. We use your personal data to authenticate your account, provide a secure payment and shopping experience, detect, investigate, or take action regarding potentially fraudulent, illegal, unsafe, or malicious activity, protect public safety, and maintain the security of our Services. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We strongly recommend that you do not share your username, password, or other access details with anyone else.

Communicating with you. We use your personal data to provide customer support and effective Services, respond to your requests in a timely manner, and maintain our business relationship with you.

Legal reasons. We use your personal data to comply with applicable law or respond to lawful legal processes, including requests from law enforcement or regulatory authorities, to investigate or participate in civil investigations, potential or actual litigation, or other adversarial proceedings, and to investigate potential violations of our terms or policies or enforce those terms and policies.

How do we disclose personal data?

Under certain circumstances, we may disclose your personal data to third parties for legitimate purposes in accordance with this Privacy Policy. Such circumstances may include:

  • To Shopify, vendors, and other third parties who perform services on our behalf (e.g. IT management, payment processing, data analytics, customer support, cloud storage, fulfillment, and shipping).
  • We disclose personal data to business and marketing partners who provide marketing services to you and show you advertisements. For example, we use Shopify to support personalized advertising with third-party services based on your online activity across different merchants and websites. Our business and marketing partners use your data in accordance with their own privacy policies. Depending on where you live, you may have the right to direct us not to share information about you for targeted advertising and marketing based on your online activities across different merchants and websites.
  • When you instruct us or otherwise consent to us disclosing certain information to third parties, for example to deliver products to you or when you use social media widgets or login integrations.
  • To our affiliates or otherwise within our corporate group.
  • In connection with a business transaction such as a merger or insolvency, to comply with applicable legal obligations (including responding to subpoenas, search warrants, and similar requests), to enforce applicable service terms or policies, and to protect or defend the Services, our rights, and the rights of our users or others.

Relationship with Shopify

The Services are hosted by Shopify. Shopify collects and processes personal data about your access to and use of the Services in order to provide and improve the Services for you. Data you submit to the Services will be transmitted to Shopify as well as to third parties that may be located in countries other than your country of residence in order to provide and improve the Services for you.

To protect, grow, and improve our business, we also use certain enhanced Shopify features that involve data and information from your interactions with our store, with other merchants, and with Shopify. In order to provide these enhanced features, Shopify may use personal data collected through your interactions with our store, other merchants, and Shopify. In these circumstances, Shopify is responsible for the processing of your personal data, including responding to your requests to exercise your rights regarding the use of your personal data for these purposes.

For more information about how Shopify uses your personal data and your rights, please see the Shopify Consumer Privacy Policy. Depending on where you live, you may also be able to exercise certain rights with respect to your personal data through the Shopify Privacy Portal.

Third-party websites and links

The Services may provide links to websites or other online platforms operated by third parties. If you follow links to websites that are not affiliated with us or not controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such websites, including the accuracy, completeness, or reliability of information found on those websites.

Information you provide in public or semi-public areas, including information you share on third-party social networking platforms, may also be viewed by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. The inclusion of such links does not imply our endorsement of the content of such platforms or of their owners or operators, unless expressly stated in the Services.

Children’s data

The Services are not intended for use by children, and we do not knowingly collect personal data from children who have not yet reached the age of majority in their country. If you are the parent or guardian of a child who has provided us with personal data, you may contact us using the contact details below to request deletion of such data.

As of the effective date of this Privacy Policy, we do not have actual knowledge that we “share” or “sell” personal data of individuals under 16 years of age within the meaning of applicable law.

Security and retention of your data

Please note that no security measures are perfect or impenetrable, and therefore we cannot guarantee “perfect security.” In addition, information you send to us may be at risk while in transit. We recommend that you do not use insecure channels to transmit sensitive or confidential information to us.

How long we retain your personal data depends on various factors, including whether we need the data to manage your account, provide Services to you, comply with legal obligations, resolve disputes, or enforce other applicable agreements and policies.

Your rights and choices

Depending on where you live, you may have some or all of the rights listed below with regard to your personal data. However, these rights are not absolute, may apply only in certain circumstances, and in some cases we may decline your request as permitted by law.

  • Right of access: You may have the right to request access to the personal data we hold about you.
  • Right to deletion: You may have the right to request that we delete personal data we hold about you.
  • Right to correction: You may have the right to request that we correct inaccurate personal data we hold about you.
  • Right to data portability: You may have the right to receive a copy of the personal data we hold about you and request that we transfer it to a third party in certain circumstances and subject to certain exceptions.
  • Managing communication preferences: We may send you promotional emails. You can opt out of receiving these emails at any time by using the unsubscribe option included in our emails. If you opt out, we may still send you non-promotional emails, such as emails about your account or orders you have placed.

If you live in the United Kingdom or the European Economic Area, and subject to local law exceptions and limitations, you may also have the following rights in addition to those listed above:

  • Right to object and right to restrict processing: You may have the right to ask us to stop or restrict the processing of personal data for certain purposes.
  • Withdrawal of consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent. If you withdraw your consent, this will not affect the lawfulness of processing based on your consent before its withdrawal.

You may exercise these rights where indicated in the Services or by contacting us using the contact details provided below. More information about how Shopify uses your personal data and your rights, including rights relating to data processed by Shopify, can be found at:
https://privacy.shopify.com/en

You will not be disadvantaged in any way for exercising these rights. Where permitted or required by applicable law, we may need to verify your identity before processing your request. In accordance with applicable law, you may designate an authorized representative to make requests on your behalf. Before accepting such a request from a representative, we will require proof that you have authorized them to act on your behalf, and we may need you to verify your identity directly with us. We will respond to your request as required by applicable law.

Complaints

If you have complaints about how we process your personal data, please contact us using the contact details provided below. Depending on where you live, you may have the right to appeal our decision by contacting us using the details below, or to lodge your complaint with the relevant data protection authority. For the European Economic Area, a list of the competent supervisory authorities can be found online.

International transfers

Please note that we may transfer, store, and process your personal data outside the country in which you reside.

If we transfer your personal data outside the European Economic Area or the United Kingdom, we rely on recognized transfer mechanisms such as the European Commission’s Standard Contractual Clauses or equivalent contracts issued by the relevant UK authority, unless the data transfer is to a country that has been determined to provide an adequate level of protection.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on this website, update the “Last updated” date accordingly, and provide any notice required by applicable law.

Contact

If you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of your rights, please contact us by email at info@reclaimapp.de or by post at:

Großenbuschstraße 22a
53757 Sankt Augustin
Germany

For the purposes of applicable data protection laws, we are the data controller for your personal data.

Privacy Policy for the Reclaim iOS App

Last updated: 24 March 2026

1. Data Controller

The controller responsible for the processing of personal data in connection with the use of the Reclaim iOS app is:

Lennard Louis Schmidtke
Großenbuschstraße 22a
Germany
Email: info@reclaimapp.de

2. Scope

This Privacy Policy applies exclusively to the use of the Reclaim iOS app.

It does not apply to the website reclaimapp.de, any ordering processes carried out there, Shopify functions, or other web-based services. A separate privacy policy applies to those offers.

The app is intended for users aged 16 and over.

3. General information on data processing

We process personal data to the extent necessary to provide a functional app and its content, or where consent has been given.

When using Reclaim, data may also be processed that allows conclusions to be drawn about highly personal aspects of life, in particular the handling of pornography consumption, relapses, progress within the program, and—depending on usage—health-related information.

4. Data processing when the app is first started

When the app is started and used, technical data is processed to the extent necessary to provide the app and its core functions. Where a user account is created or used, this data may be associated with the relevant user account.

In particular, we process:

  • anonymous Firebase user ID
  • technical device and app information, e.g. device type, operating system, app version
  • connection and usage information to the extent technically necessary for operation

In addition, an empty user document is created in our database so that app-related settings and later progress data can be stored.

Purposes of processing:
Providing the app, ensuring technical functionality, creating an individual app session.

Legal basis:
Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

5. Explicit consent to the processing of sensitive data

In order for Reclaim to provide the personal plan, track progress, and deliver the central functions of the app, we also process data that may, depending on usage, qualify as special categories of personal data.

This may in particular include:

  • progress data
  • relapse data
  • information about well-being
  • data from program areas related to health
  • content entered by users within the app that may allow corresponding conclusions to be drawn

Before these functions are used, we obtain explicit consent during onboarding.

The consent is documented by:

  • the status of the consent
  • the date and time the consent was given
  • the consent text shown at the time the consent was given

Legal basis:
Art. 6(1)(a) GDPR in conjunction with Art. 9(2)(a) GDPR.

Consent may be withdrawn at any time with effect for the future.
Withdrawal is possible at any time in the app settings under Privacy or by email to info@reclaimapp.de.

6. Processing of progress and program data

When you actively use Reclaim, we process the data necessary to provide the program and display your personal progress.

This may include in particular:

  • streak and relapse data, e.g. streakStartDate, resetEvents, maxStreakDayReached
  • program data, e.g. hasEnteredErektionsProgramm, erektionenCompletedDays, erektionenLastCompletedDate
  • personal commitments, e.g. versprechenMessage, versprechenDate
  • progress and mood data, e.g. progressEntries, moodEntries
  • points and development values, e.g. disziplinPoints, sozialPoints, mentalePoints, physisPoints, points_log
  • technical status data, e.g. whether the website blocker or app blocker is enabled
  • referral information, e.g. referralSource

Purposes of processing:
Providing the program, displaying progress, personalization, motivation, and the technical provision of app functions.

Legal basis:
Art. 6(1)(b) GDPR; where special categories of personal data are concerned, additionally Art. 9(2)(a) GDPR.

7. Registration and user account

The app initially starts with an anonymous guest access. Users can later convert this into a permanent account.

Depending on the selected login method, we process in particular:

  • email address
  • password (technically managed via Firebase Authentication)
  • authentication data for Sign in with Apple
  • authentication data for Sign in with Google
  • where applicable, account information shared by the respective provider

Existing app data is linked to the account.

Purposes of processing:
Providing a permanent user account, login, account recovery, and use across devices.

Legal basis:
Art. 6(1)(b) GDPR.

8. Optional profile data

Users may voluntarily add profile data, in particular:

  • name
  • email address
  • profile picture

Providing this data is voluntary unless it is required for a specific function requested by the user.

Optional information such as age, gender, sexual orientation, and region is currently not stored on the server, but remains locally on the device for the time being, insofar as it is used in the app at all.

Purposes of processing:
Displaying the profile, using community features, and personalizing the user account.

Legal basis:
Art. 6(1)(a) GDPR or Art. 6(1)(b) GDPR, depending on the function.

9. Camera, photo library, and profile pictures

If you want to upload a profile picture for your profile or for a clan profile, the app only accesses the following functions after your active selection:

  • camera, to take a picture directly
  • photo library, to select an existing image

This use does not occur in the background.

Data processed:
uploaded image files, and where applicable technical metadata in connection with the upload.

Purposes of processing:
Providing profile and clan images.

Legal basis:
Art. 6(1)(b) GDPR; for device access additionally your consent via the iOS permission system.

10. Family Controls / website and app blocker

Reclaim uses the iOS Family Controls function so that users can block distracting apps and websites.

The specific information about which apps or websites are blocked remains stored exclusively locally on the device and is not transmitted to our servers.

On the server side, we only process technical status information, in particular:

  • websiteBlockerEnabled
  • appBlockerEnabled

This information does not allow conclusions to be drawn about specific blocked content.

Purposes of processing:
Providing the blocker function and displaying its activation status.

Legal basis:
Art. 6(1)(b) GDPR.

11. Community, clan messages, comments, profile pictures, and clans

Reclaim includes community features, including posts, comments, clans, and clan-internal messaging functions.

In particular, we process:

  • content of posts and comments
  • content of messages within clans
  • clan-related information
  • profile pictures
  • internal user ID (authorId)
  • displayed username

Community content is visible to other authorized users within the app. Messages within clans are visible to the members of the respective clan. A clan can consist of 2 to an unlimited number of members.

Responsibility for user-generated content
Users are generally responsible for content they publish or send within the community or within clans, in particular posts, comments, messages, images, profile pictures, or other user-generated content. Such content is not adopted by the operator as its own content.

Any liability of the operator for third-party user-generated content is excluded, subject to mandatory statutory provisions. As soon as we become aware of unlawful, offensive, inappropriate, or otherwise impermissible content, we will review it and remove or block it in the event of violations.

Purposes of processing:
Providing the community and clan functions, facilitating exchange between users, communication within clans, moderation, and preventing misuse.

Legal basis:
Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

Our legitimate interest lies in the secure and functional provision of the community and clan functions and the prevention of misuse.

12. Reporting system and moderation

Users can report community content through a reporting system. If content receives multiple reports, it may be temporarily hidden and then manually reviewed.

In particular, we process:

  • reported posts, comments, clan messages, images, or other content
  • internal user IDs
  • information about reports
  • moderation decisions

Purposes of processing:
Detecting, reviewing, and removing unlawful or impermissible content, and protecting the community and clan communication.

Legal basis:
Art. 6(1)(f) GDPR.

13. Push notifications

If you actively allow push notifications in iOS, we use them for app-related notices, in particular:

  • milestone notifications
  • reminders after a relapse
  • other function-related notices

For this purpose, we process your push token and technical delivery information.

Purposes of processing:
Communicating app-related information and support within the program.

Legal basis:
Art. 6(1)(a) GDPR.

Push permission can be withdrawn at any time in the iOS settings.
Alternatively, the permission can also be deactivated directly in the iOS system settings under Notifications → Reclaim.

14. Emails and voluntary communication consents

If you voluntarily provide an email address, it may be processed for:

  • password reset
  • account-related notices
  • support communication
  • emails containing information, tips, news, or offers relating to Reclaim, provided that you have given separate consent

Marketing or informational emails are only sent on the basis of separate consent. The time at which this consent was given may be documented.

Legal basis:

  • account-related emails: Art. 6(1)(b) GDPR
  • voluntary informational or marketing emails: Art. 6(1)(a) GDPR

You may withdraw such consent at any time with effect for the future.

15. Subscriptions and payments

Reclaim offers paid subscriptions.

For in-app purchases on iOS, payment processing is handled by Apple. We do not receive your full payment data, only subscription-related information, in particular purchase and subscription status.

We use RevenueCat to manage subscription status and technically validate purchases.

This may include in particular:

  • internal user ID
  • transaction IDs
  • purchase metadata
  • subscription status

Purposes of processing:
Unlocking and managing paid functions, validating purchases, and administering subscriptions.

Legal basis:
Art. 6(1)(b) GDPR.

The actual payment processing for in-app purchases is carried out by Apple under Apple’s own data protection responsibility.

16. Paywalls and conversion measurement

We use Superwall to display and optimize paywalls.

The following data may in particular be processed:

  • internal user ID
  • technical session information
  • information on paywall impressions
  • conversion data

Purposes of processing:
Displaying, controlling, and optimizing paywalls.

Legal basis:
Art. 6(1)(b) GDPR; where additional evaluations take place, Art. 6(1)(f) GDPR or, if required, Art. 6(1)(a) GDPR.

17. Usage analysis with Firebase Analytics

We use Firebase Analytics to better understand how the app is used and to further develop the app technically and in terms of content.

This may in particular include:

  • daily and monthly active users
  • session duration
  • retention values
  • device types
  • iOS versions
  • general usage and interaction data

Firebase Analytics is only activated after you have given separate voluntary consent.

Purposes of processing:
Analyzing app usage, technical optimization, further development, and improving user-friendliness.

Legal basis:
Art. 6(1)(a) GDPR.

Consent may be withdrawn at any time with effect for the future.
Withdrawal of consent for Firebase Analytics is possible at any time in the app settings under Privacy.

18. Support by email

If you contact us by email at info@reclaimapp.de, we process the data you provide to us, in particular:

  • email address
  • message content
  • where applicable, your name and other information you provide

Processing is carried out via the email services we use, currently in particular IONOS and Outlook.

Purposes of processing:
Handling support requests and communicating with users.

Legal basis:
Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR.

19. Recipients and service providers used

We use external service providers to provide the app:

a) Google Firebase / Google Cloud

  • Firebase Authentication
  • Cloud Firestore
  • Firebase Storage
  • Firebase Cloud Messaging
  • Firebase Analytics

Purposes: authentication, database, file storage, push notifications, usage analysis.
According to your configuration, the primary database and storage resources are located in Frankfurt am Main.

b) RevenueCat

Purpose: management of subscriptions and validation of purchases.

c) Superwall

Purpose: display and optimization of paywalls.

d) Apple

Purpose: app distribution via the App Store, in-app purchases, and where applicable Sign in with Apple.

e) Google Sign-In

Purpose: login via a Google account.

f) IONOS / Outlook

Purpose: email communication and support.

Where these providers act as processors on our behalf, we only use them on the basis of an appropriate data processing agreement.

20. Transfers to third countries

When using individual service providers, processing of personal data outside the European Union or the European Economic Area, in particular in the United States, cannot be ruled out.

This applies in particular to services from:

  • Google / Firebase
  • RevenueCat
  • Superwall
  • Apple
  • Google Sign-In
  • where applicable further technical service providers in connection with email or infrastructure services

Where personal data is transferred to third countries, we ensure that appropriate safeguards are in place to provide an adequate level of data protection, such as standard contractual clauses or other lawful transfer mechanisms used by the respective provider.

21. Storage duration

We store personal data only for as long as necessary for the respective purposes or as required by statutory retention obligations.

According to our current planning, this applies in particular as follows:

  • account and app data: until the account is deleted
  • support emails: generally up to 3 years, unless longer retention is required
  • server and system logs: according to the specifications of the providers used, typically approx. 30 to 90 days
  • analytics data: typically 2 to 14 months, depending on the service settings
  • image files: until the account is deleted or until removed by the user or the operator
  • backups: according to the technical specifications of the respective service provider

Any further storage due to statutory retention obligations remains unaffected.

22. Account deletion and effects on community content

Users can initiate deletion of their account directly in the app.

If an account is deleted, the user account, the personal profile data, and other app data relating to the user are generally deleted unless statutory retention obligations prevent this.

Previously published community posts, comments, clan messages, images, and other user-generated content are also removed in the course of account deletion. In place of the original content, a neutral notice such as “Deleted Content”may be displayed within the app in order to preserve the technical and structural coherence of discussions and clan conversations without retaining the original content or any personal association.

23. Data security

We take technical and organizational measures to protect personal data against loss, misuse, and unauthorized access.

These measures include in particular:

  • encrypted transmission via TLS/HTTPS
  • encryption of stored data as provided by the service providers
  • access restrictions
  • Firestore Security Rules to limit user access
  • internal access restrictions for the operator

24. No automated decisions within the meaning of Art. 22 GDPR

No automated decision-making within the meaning of Art. 22 GDPR takes place that produces legal effects concerning you or similarly significantly affects you.

25. Your rights

Under the GDPR, you have in particular the following rights:

  • right of access
  • right to rectification
  • right to erasure
  • right to restriction of processing
  • right to data portability
  • right to object
  • right to withdraw consent given, with effect for the future

To exercise your right to data portability, you may request a copy of your personal data by email at info@reclaimapp.de. We will generally process your request within one month.

To exercise your rights, it is sufficient to send an email to: info@reclaimapp.de

You also have the right to lodge a complaint with a data protection supervisory authority. The competent authority is in particular the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia.

26. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy if this becomes necessary due to technical, legal, or organizational changes. The current version published in the app shall apply.