Privacy Policy
Last updated: June 2026 (version 1.2)
Note: This is an English translation of our privacy policy for your convenience. This privacy policy is also available in German. In the event of any discrepancies between the language versions, the German version prevails.
1. Controller
The controller responsible for the data processing is the provider named in our Legal Notice.
If you have any questions about data protection, you can reach us using the contact details provided there.
2. Overview
Abentoo is an app for planning camper trips. We only process data that you enter or upload yourself. There is no advertising, no profiling and no sale of your data to third parties.
The website does not use cookies, analytics or tracking services, or technologies for creating user profiles. Access logs (server logs) are not stored. The IP address is only processed during the technical provision of the connection and is not stored afterwards. Processing is based on Art. 6(1)(f) GDPR (legitimate interest in the secure and error-free provision of the website).
3. Your account
On first launch, Abentoo automatically creates an account for you. Sign-in is done via “Sign in with Apple”. No additional usernames or passwords are used for Abentoo. The credentials required to access your account are stored encrypted in the iOS Keychain.
4. Which data we process
We store exclusively content that you create in the app or provide voluntarily:
| Category | Examples | Required? |
|---|---|---|
| Profile | Display name, optional profile picture | Name at start |
| Trips | Stops, dates, bookings, payments, documents | No |
| Checklists | Lists and entries | No |
| Logbook | Trip entries and notes | No |
| Vehicle | Vehicle data, maintenance, reminders | No |
| Crew | Membership, invitation codes, shared crew data | No |
| Home address | Address and coordinates for route planning | No |
| Technical | Account ID, time/version of the displayed privacy notice | Automatic |
We do not collect contact data from your address book, no location data in the background and no usage profiles for advertising purposes.
5. Where your data is stored
Your trip and crew content is stored on our server in Germany. On your device, credentials are stored in the encrypted iOS Keychain, along with a local app cache (e.g. for calculated routes).
So that changes to your crew are synced in real time, the app maintains a permanent encrypted connection to our server (Server-Sent Events) while in use. In doing so, the server processes – as with any internet connection – your IP address for the duration of the connection. The IP address is stored beyond the duration of the connection exclusively in the log files of the app backend and the API (see section 8). The legal basis is Art. 6(1)(b) and (f) GDPR (provision of the synchronisation and secure operation).
6. Purposes and legal bases
| Purpose | Legal basis (GDPR) |
|---|---|
| Provision of the app features (trips, crew, sync) | Art. 6(1)(b) (contract/use) |
| Automatic account creation, storage of your content and synchronisation | Art. 6(1)(b) GDPR (performance of the usage relationship / provision of the app features) |
| Local reminders (on-device notifications) | Art. 6(1)(a) (consent in iOS) |
| Abuse protection (App Attest, captcha) | Art. 6(1)(f) (legitimate interest in secure operation) |
For the privacy policy itself we do not obtain consent. The processing required to provide the app is based on Art. 6(1)(b) GDPR. Optional consents, for example for local iOS notifications, can be revoked at any time in the iOS settings. You can delete your account and the associated data at any time in the settings.
7. Disclosure to third parties
We do not pass on your personal data to third parties for marketing purposes.
Data may be visible or accessible to:
- Crew members: content that you share within a shared crew.
7.1 Processors
We use the following processors within the meaning of Art. 28 GDPR:
- Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany – hosting of our server in Germany. Data processing agreement concluded.
7.2 Apple services
Abentoo uses certain services from Apple Inc. or Apple Distribution International Ltd., insofar as this is required for individual app features or you use the respective feature:
- Sign in with Apple – sign-in via your Apple ID, required for the use of Abentoo, so that you can use your account again when switching or restoring devices.
- App Attest – protection against abuse and assurance that requests originate from an unmodified app on a genuine Apple device.
- WeatherKit – retrieval of weather information for stops or places you have created.
- MapKit – display of maps as well as map and address search.
Depending on the feature, technical data, device/app information, search queries, location details or stops and addresses you have entered may be transmitted to Apple. Apple processes this data according to its own privacy terms. We do not have full control over the data processing by Apple. Apple is not generally engaged as a processor of Abentoo for these services.
7.3 Data transfer to third countries
Insofar as Apple services are used, personal data may be transferred to the USA. The transfer takes place, where necessary, on the basis of appropriate safeguards under the GDPR, in particular the EU-US Data Privacy Framework and/or the Standard Contractual Clauses of the EU Commission pursuant to Art. 46 GDPR.
No data transfer to third countries takes place through our hosting provider.
8. Storage period
We store your data for as long as your account exists and you use the app. Specifically:
- Account and content data: until your account is deleted.
- Server backups: a maximum of 30 days, then automatic rotation. After account deletion, remnants may remain in not-yet-rotated backups for up to 30 days.
- Log files of the app backend and API: a maximum of 14 days (legal basis: Art. 6(1)(f) GDPR, legitimate interest in stable operation).
- Inactive accounts: after 24 months without login they are automatically and irreversibly deleted.
You can irreversibly remove your account and all associated data at any time under Settings → Delete account and all data.
9. Your rights
Under the GDPR you have, in particular, the right to:
- Access to the data stored about you (Art. 15 GDPR)
- Rectification of inaccurate data (Art. 16 GDPR)
- Erasure of your data (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR) – you can use this directly in the app under Settings → Export my data
- Objection to processing based on legitimate interests (Art. 21 GDPR)
- Complaint to a data protection supervisory authority (Art. 77 GDPR)
For requests, please contact us using the contact details provided in the Legal Notice.
9.1 Identification and limits of data subject rights
Abentoo deliberately stores no identifying features such as an email address or phone number (data minimisation under Art. 5(1)(c) GDPR). Requests under Art. 15 to 20 GDPR can therefore only be processed as long as you have access to your account.
If you no longer have access to the Apple ID used for sign-in, we are unable to identify you as the account holder. Pursuant to Art. 11(2) GDPR, the rights under Art. 15 to 20 GDPR do not apply in this case. The data concerned is automatically deleted after 24 months of inactivity at the latest.
9.2 Competent supervisory authority
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestraße 2–4
40213 Düsseldorf, Germany
Phone: +49 211 38424-0
Email: poststelle@ldi.nrw.de
Web: ldi.nrw.de
10. Local notifications
Reminders in Abentoo are triggered directly on your device by the iOS system. No external push service (e.g. Apple Push Notification Service) is used; content and times do not leave your device.
11. Children
Abentoo is not specifically aimed at children. Use requires that you have reached the minimum age for consent to the processing of personal data applicable in your country of residence (usually between 13 and 16 years, depending on the country). Sign-in is done exclusively via “Sign in with Apple”. If you are below that age, use is not intended, and in that case we do not knowingly collect personal data.
12. Security
We use appropriate technical and organisational measures in accordance with Art. 32 GDPR, including TLS-encrypted transmission, access control, data minimisation as well as Apple App Attest to protect against abuse. Passwords are neither stored nor used by us.
13. Automated decision-making
Automated decision-making including profiling within the meaning of Art. 22 GDPR does not take place.
14. Changes
We may adapt this privacy policy if the app or the legal situation changes. In the event of material changes, we will inform you in the app or on the next launch.