Privacy Policy

1. Introduction

Stargate Innovationhub ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and applications (SmokeLess, ForeverTold, and Weddy).

Please read this privacy policy carefully. By using our services, you agree to the collection and use of information in accordance with this policy.

2. Data Controller

The data controller responsible for your personal data is:

Stargate Innovationhub
Florian Aboutara
Albert-Schweitzer-Allee 9
65203 Wiesbaden, Germany
Email: info@stargate-innovationhub.com

3. Shared Data Processing (All Services)

The following data processing applies to our website and all our apps:

3.1 Account Information

When you create an account, we collect:

Email address
Password (encrypted)
Username or display name (if provided)

3.2 Technical Data

We automatically collect:

Device type and operating system
App version
Language settings
Crash reports and error logs

3.3 Legal Basis

We process your data based on:

Contract Performance (Art. 6(1)(b) GDPR): To provide our services
Legitimate Interests (Art. 6(1)(f) GDPR): To improve our apps and prevent fraud
Consent (Art. 6(1)(a) GDPR): For optional analytics and marketing

3.4 Hosting and Infrastructure

The website is hosted by IONOS SE, Germany. The backend runs on Supabase, a service with server locations within the European Union. Both providers process data only within the scope of data processing agreements pursuant to Art. 28 GDPR.

3.5 Third-Party Services (All Services)

We use the following third-party services for all our services:

IONOS (1&1 Ionos SE): Web hosting and domain services. Server location: Germany. Privacy Policy
Supabase Inc.: Backend infrastructure, authentication, database, and file storage. Server location: European Union (Frankfurt). Privacy Policy
Resend (Resend, Inc.): Delivery of transactional emails (e.g., one-time tokens). Processes email address and, where applicable, email content and technical metadata. Privacy Policy
Google Analytics 4 (Google Ireland Limited): Website and app usage analysis (only with your explicit consent). IP anonymization enabled. Data is pseudonymized. Retention period: 14 months. Google has joined the EU-US Data Privacy Framework. Privacy Policy
RevenueCat Inc.: Management of in-app purchases and subscriptions. Processes purchase data and subscription status. Privacy Policy

Your personal data will not be shared with third parties unless it is necessary for contract fulfillment, you have given explicit consent, or it is required by law.

SmokeLess - App-Specific Privacy

Data We Collect in SmokeLess

In addition to shared data, SmokeLess collects:

Smoking Habits: Number of cigarettes per day, smoking times, quit date
Progress Data: Daily cigarette logs, streak information, badges earned
Craving Data: Craving timestamps, intensity levels, triggers identified
Check-in Data: Mood check-ins, daily reflections

How We Use SmokeLess Data

To create and adjust your personalized reduction plan
To track your progress and calculate statistics
To provide gamification features (badges, streaks)
To analyze patterns and improve recommendations

Data Retention for SmokeLess

We retain your SmokeLess data for as long as your account is active. You can request deletion of your data at any time by contacting us or using the in-app delete feature.

Third-Party Services for SmokeLess

SmokeLess uses the shared infrastructure (Supabase) for:

Supabase Database: Storage of your progress data, settings, and usage information
Supabase Auth: Secure login and account management

Storage and Deletion: Account data and usage information will be completely deleted after 3 months of inactivity or upon account deletion. Backups and technical logs are also removed after a maximum of 3 months.

Health Data Notice

Smoking-related data is considered health data under GDPR. We process this data based on your explicit consent (Art. 9(2)(a) GDPR) when you create an account and start using the app. You can withdraw consent at any time.

ForeverTold - App-Specific Privacy

Data We Collect in ForeverTold

In addition to the shared data, ForeverTold collects:

Audio Recordings: Voice recordings of your stories
Transcriptions: Text versions of your audio recordings
Story Metadata: Titles, chapter names, contributor information
Sharing Data: Invitation codes, access permissions for collaborators
Export Data: Generated PDFs and audiobooks

How We Use ForeverTold Data

To store and organize your stories
To transcribe audio recordings into text
To generate PDF books and audiobooks
To enable sharing with invited collaborators

Third-Party Services for ForeverTold

In addition to the shared infrastructure, ForeverTold uses:

Supabase Database: Storage of your stories and metadata
Supabase Storage: Storage of audio recordings and generated files in private buckets (recordings-private, exports-private). Server location: Frankfurt, Germany (EU). Access only via signed URLs with expiration dates.
OpenAI Whisper (OpenAI LLC): Automatic transcription of audio recordings to text. Audio data is processed temporarily and automatically deleted by OpenAI after a maximum of 30 days. OpenAI does not use your data to train AI models (Zero Data Retention Policy). Privacy Policy
OpenAI TTS (OpenAI LLC): Text-to-speech for generating audiobook voices. Privacy Policy
Fish Audio (FishAI): AI-based voice cloning for personalized audiobooks. Voice samples are only processed with your explicit consent. Privacy Policy

Storage Location and Security

Storage Location: All ForeverTold data is stored on Supabase servers in Frankfurt (Germany, EU).
Encryption: Audio recordings and data are encrypted during transmission (TLS 1.3) and at rest.
Access Control: Only you and project members you invite have access to your stories (Row Level Security).

Audio data is transmitted encrypted. During transcription and voice generation, data is processed temporarily and not permanently stored by third-party providers.

Data Retention for ForeverTold

Your stories and recordings are stored as long as your account is active. We recommend regularly exporting your stories. Upon account deletion, all data including audio recordings and transcriptions will be permanently deleted.

Soft-Delete Period: Deleted data is retained for 30 days and can be restored during this period. After 30 days, permanent deletion occurs.

GDPR Rights for ForeverTold Users

In addition to the general rights (see Section 4), ForeverTold offers the following GDPR-compliant features:

Data Access: In the app under Settings → "Download My Data", you can export a complete copy of all your data as a JSON file (projects, recordings, transcripts).
Deletion: Via Settings → "Delete Account & Data", you can delete your account and all data yourself. Deleted data will be permanently removed after 30 days (soft-delete period).
Recording Consent: During your first recording, you will be informed about the processing of your audio recordings and can consent to the privacy policy.

Consent and Withdrawal

The processing of your audio and transcription data is based on your explicit consent (Art. 6(1)(a) GDPR). You will be informed about data processing during your first recording.

You can withdraw your consent at any time by:

Deleting individual recordings or projects in the app
Deleting your entire account (Settings → "Delete Account & Data")
Contacting us via email: info@stargate-innovationhub.com

Important: Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Weddy - Wedding Planning Webapp

Notice: Separate privacy terms apply for the use of the Weddy webapp.

The full privacy policy for Weddy can be found at:

→ weddysuite.com/privacy

Weddy is a wedding planning webapp by Stargate Innovationhub operated at the domain weddysuite.com.

Overview of Data Processing in Weddy

Weddy collects the following types of data:

Account data (email, password)
Wedding information (date, location, etc.)
Guest lists and RSVP data
Budget and seating plan information
Wedding website content

Hosting and Data Storage

The Weddy webapp is hosted on European servers. All data is processed in compliance with GDPR.

More Information

For detailed information about data processing in Weddy, please visit:

4. Your Rights

Under GDPR, you have the following rights:

Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate data
Right to Erasure: Request deletion of your data
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in a portable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at info@stargate-innovationhub.com.

5. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

Encryption of data in transit (TLS/SSL)
Encryption of data at rest
Regular security audits
Access controls and authentication

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

7. Contact & Complaints

For privacy-related questions or to exercise your rights, contact us at:

Email: info@stargate-innovationhub.com

You also have the right to lodge a complaint with the competent supervisory authority. The supervisory authority responsible for us is:

The Hessian Commissioner for Data Protection and Freedom of Information
Postfach 3163
65021 Wiesbaden
Germany
Phone: +49 611 1408-0
Email: poststelle@datenschutz.hessen.de
Website: https://datenschutz.hessen.de

8. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.