Privacy Policy

1. Introduction

Stargate Innovationhub ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and mobile applications (MyQuitly and ForeverTold).

Please read this privacy policy carefully. By using our services, you agree to the collection and use of information in accordance with this policy.

2. Data Controller

The data controller responsible for your personal data is:

Stargate Innovationhub
Florian Aboutara
Albert-Schweitzer-Allee 9
65203 Wiesbaden, Germany
Email: info@stargate-innovationhub.com

3. Shared Data Processing (All Services)

The following data processing applies to our website and all our apps:

3.1 Account Information

When you create an account, we collect:

Email address
Password (encrypted)
Username or display name (if provided)

3.2 Technical Data

We automatically collect:

Device type and operating system
App version
Language settings
Crash reports and error logs

3.3 Legal Basis

We process your data based on:

Contract Performance (Art. 6(1)(b) GDPR): To provide our services
Legitimate Interests (Art. 6(1)(f) GDPR): To improve our apps and prevent fraud
Consent (Art. 6(1)(a) GDPR): For optional analytics and marketing

3.4 Hosting and Infrastructure

The website is hosted by IONOS SE, Germany. The backend runs on Supabase, a service with server locations within the European Union. Both providers process data only within the scope of data processing agreements pursuant to Art. 28 GDPR.

3.5 Third-Party Services (All Services)

We use the following third-party services for all our services:

IONOS (1&1 Ionos SE): Web hosting and domain services. Server location: Germany. Privacy Policy
Supabase Inc.: Backend infrastructure, authentication, database, and file storage. Server location: European Union (Frankfurt). Privacy Policy
Resend (Resend, Inc.): Delivery of transactional emails (e.g., one-time tokens). Processes email address and, where applicable, email content and technical metadata. Privacy Policy
Google Analytics 4 (Google Ireland Limited): Website and app usage analysis (only with your explicit consent). IP anonymization enabled. Data is pseudonymized. Retention period: 14 months. Google has joined the EU-US Data Privacy Framework. Privacy Policy
RevenueCat Inc.: Management of in-app purchases and subscriptions. Processes purchase data and subscription status. Privacy Policy

Your personal data will not be shared with third parties unless it is necessary for contract fulfillment, you have given explicit consent, or it is required by law.

MyQuitly - App-Specific Privacy

Data We Collect in MyQuitly

In addition to shared data, MyQuitly collects:

Smoking Habits: Number of cigarettes per day, smoking times, quit date
Progress Data: Daily cigarette logs, streak information, badges earned
Craving Data: Craving timestamps, intensity levels, triggers identified
Check-in Data: Mood check-ins, daily reflections

How We Use MyQuitly Data

To create and adjust your personalized reduction plan
To track your progress and calculate statistics
To provide gamification features (badges, streaks)
To analyze patterns and improve recommendations

Data Retention for MyQuitly

We retain your MyQuitly data for as long as your account is active. You can request deletion of your data at any time by contacting us or using the in-app delete feature.

Third-Party Services for MyQuitly

MyQuitly uses the shared infrastructure (Supabase) for:

Supabase Database: Storage of your progress data, settings, and usage information
Supabase Auth: Secure login and account management

Storage and Deletion: Account data and usage information will be completely deleted after 3 months of inactivity or upon account deletion. Backups and technical logs are also removed after a maximum of 3 months.

Health Data Notice

Smoking-related data is considered health data under GDPR. We process this data based on your explicit consent (Art. 9(2)(a) GDPR) when you create an account and start using the app. You can withdraw consent at any time.

ForeverTold - App-Specific Privacy

Data We Collect in ForeverTold

In addition to shared data, ForeverTold collects:

Audio Recordings: Voice recordings of your stories
Transcriptions: Text versions of your audio recordings
Story Metadata: Titles, chapter names, contributor information
Sharing Data: Invitation codes, collaborator access permissions
Export Data: Generated PDFs and audiobooks

How We Use ForeverTold Data

To store and organize your stories
To transcribe audio recordings into text
To generate PDF books and audiobooks
To enable sharing with invited collaborators

Third-Party Services for ForeverTold

In addition to the shared infrastructure, ForeverTold uses:

Supabase Database: Storage of your stories and metadata
Supabase Storage: Storage of audio recordings and generated files (servers in the EU)
OpenAI Whisper (OpenAI LLC): Automatic transcription of audio recordings into text. Audio data is temporarily processed and not permanently stored. Privacy Policy
OpenAI TTS (OpenAI LLC): Text-to-speech for audiobook voice generation. Privacy Policy
Fish Audio (FishAI): AI-based voice cloning for personalized audiobooks. Voice samples are only processed with your explicit consent. Privacy Policy

Audio data is transmitted encrypted. During transcription and voice generation, data is temporarily processed and not permanently stored by third parties after completion.

Data Retention for ForeverTold

Your stories and recordings are retained for as long as your account is active. We recommend exporting your stories regularly. Upon account deletion, all data including audio recordings and transcriptions will be permanently deleted.

4. Your Rights

Under GDPR, you have the following rights:

Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate data
Right to Erasure: Request deletion of your data
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in a portable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at info@stargate-innovationhub.com.

5. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

Encryption of data in transit (TLS/SSL)
Encryption of data at rest
Regular security audits
Access controls and authentication

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

7. Contact & Complaints

For privacy-related questions or to exercise your rights, contact us at:

Email: info@stargate-innovationhub.com

You also have the right to lodge a complaint with the competent supervisory authority. The supervisory authority responsible for us is:

The Hessian Commissioner for Data Protection and Freedom of Information
Postfach 3163
65021 Wiesbaden
Germany
Phone: +49 611 1408-0
Email: poststelle@datenschutz.hessen.de
Website: https://datenschutz.hessen.de

8. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.