Privacy Policy

Last updated: December 2025

1. Introduction

wrkstatt UG (haftungsbeschränkt) ("we", "our", or "us") operates the Log or Lock mobile application and website. We are committed to protecting your privacy and ensuring transparency about how we handle your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website.

This Privacy Policy applies to all services provided by wrkstatt UG, including the Log or Lock mobile application available on iOS and Android platforms, as well as our website.

2. Controller and Data Protection Officer

The controller responsible for data processing is:

wrkstatt UG (haftungsbeschränkt)
Heidbrede 12
33829 Borgholzhausen
Germany

Our Data Protection Officer can be contacted at:

Email: marvin@wrkstatt.de

3. Data Collection in the Mobile Application

Log or Lock is designed with privacy in mind. The core functionality of the app operates entirely on your device:

  • All journal entries, habit tracking data, and app blocking preferences are stored locally on your device
  • We do not collect, transmit, or store your personal journal data on external servers
  • Your journal entries and habit tracking information never leave your device

4. App Blocking Feature

The app blocking feature uses the Managed Settings framework provided by your device's operating system. This functionality is managed entirely on your device, and we do not have access to:

  • Which apps you choose to block
  • When blocking occurs
  • Any information about your app usage patterns

5. Payment Processing via RevenueCat

When you make in-app purchases or subscribe to premium features, we use RevenueCat as our payment processing service provider. RevenueCat helps us process transactions securely and manage subscriptions.

Data collected by RevenueCat:

  • Transaction data (purchase history, subscription status)
  • Device information (for fraud prevention and transaction verification)
  • App Store or Google Play account identifiers (to link purchases to your account)
  • Purchase receipts and validation data

Purpose: Processing in-app purchases and subscriptions, fraud prevention, and subscription management.

Legal basis: Contract performance (Art. 6(1)(b) GDPR) - necessary to fulfill the purchase contract.

Data transfer: RevenueCat is a US-based company. When data is transferred to RevenueCat, it may be processed outside the European Economic Area (EEA). RevenueCat has implemented appropriate safeguards, including Standard Contractual Clauses, to ensure an adequate level of data protection.

For more information about how RevenueCat processes your data, please review their Privacy Policy: https://www.revenuecat.com/privacy

6. App Store Data

When you download our app from the Apple App Store or Google Play Store, we may receive certain aggregated and anonymized data from these platforms:

  • Download statistics and app usage metrics
  • Crash reports and performance data (if you have enabled crash reporting in your device settings)
  • App Store analytics data (anonymized)

Purpose: Improving app performance, fixing bugs, and understanding app usage patterns.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) - improving our services and ensuring app stability.

This data is provided by Apple and Google through their developer platforms and is subject to their respective privacy policies.

7. Advertising and Conversion Tracking (Opt-In Only)

We use the Meta (Facebook) SDK to measure whether advertisements displayed on Facebook and Instagram lead to actions within the Log or Lock mobile application (e.g. purchases, subscription activations, or other in-app conversion events).

The Meta SDK is disabled by default and is only activated if you explicitly consent to tracking.

If you opt in, the following data may be processed:

  • Advertising identifiers (IDFA on iOS, Advertising ID on Android)
  • IP address
  • Device information (such as device model, operating system, and language)
  • App interaction data related to conversion events (e.g. purchase, subscription activation, or paywall interaction)

Purpose: Attribution of advertising campaigns, measurement of ad performance, and optimization of marketing activities.

Legal basis: Consent (Art. 6(1)(a) GDPR).

Consent management: You can grant or withdraw your consent at any time via the in-app settings. Tracking remains disabled if you do not provide consent. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

iOS App Tracking Transparency (ATT): On iOS devices, tracking is additionally subject to Apple's App Tracking Transparency framework. We will only access the advertising identifier (IDFA) if you explicitly allow tracking via the system prompt.

Third-party service provider:
Meta Platforms Ireland Limited
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

Data transfer: Data may be transferred to Meta Platforms, Inc. in the United States. Meta relies on Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection.

Meta Privacy Policy: https://www.facebook.com/privacy/policy

8. Use of Facebook SDK and Data Collection

App only, only if consent given in onboarding. Our app uses the Facebook SDK to measure the performance of ads and app events, such as app installs, launches, and purchase conversions. The SDK automatically collects the following types of data:

Identifiers – Device ID is collected and linked to the user for advertising attribution and analytics.

Advertising Data – Information about ads the user interacts with, including ad clicks, impressions, and conversions. This data is linked to the user and used to track ad performance across apps and websites.

Usage Data – Product Interaction – Basic app interactions, such as launches and installs, are collected for analytics purposes only. This data is not linked to the user and not used for tracking.

Purchase Data – If a user completes a purchase after clicking an ad, the SDK may log this conversion to measure ad performance. This data is linked to the user and used for advertising analytics.

Purpose of Data Collection

  • Advertising: To attribute ad clicks and conversions, and to measure the effectiveness of advertising campaigns.
  • Analytics: To understand app usage, improve features, and measure audience characteristics.

User Control

  • Users can control tracking via Apple's App Tracking Transparency (ATT) prompt.
  • You may opt out of tracking at any time via your device settings.

9. Website Data Collection

When you visit our website, our hosting provider may automatically collect certain technical information through server logs:

  • IP address
  • Date and time of access
  • Pages visited
  • Browser type and version
  • Referrer URL (the website from which you accessed our site)

Purpose: Ensuring website security, preventing abuse, and maintaining website functionality.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) - ensuring website security and functionality.

Retention: Server logs are typically retained for a maximum of 7 days, unless required for security investigations.

We do not use cookies, tracking pixels, or other tracking technologies on our website for analytics or advertising purposes.

10. Legal Basis for Data Processing

We process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):

  • Contract performance (Art. 6(1)(b) GDPR): Processing necessary for the performance of a contract, such as processing payments and providing app functionality.
  • Legitimate interest (Art. 6(1)(f) GDPR): Processing necessary for our legitimate interests, such as website security, app improvement, and fraud prevention.
  • Consent (Art. 6(1)(a) GDPR): Where applicable, we may process data based on your explicit consent, which you can withdraw at any time.

11. Children's Privacy

Log or Lock is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately, and we will delete such information from our systems.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

General inquiries:
wrkstatt UG (haftungsbeschränkt)
Heidbrede 12
33829 Borgholzhausen
Germany
Email: info@wrkstatt.de
Phone: 01742103083

Data Protection Officer:
Email: marvin@wrkstatt.de