Privacy Policy

Last updated: June 2026

This privacy policy will be finalised before the official launch. Some details (e.g. retention periods) may still change.

Protecting your personal data is a central concern for us. We process your data exclusively on the basis of the applicable law (GDPR, German Federal Data Protection Act). Below we explain which data we process when you use Habebe and what rights you have.

1. Controller

The controller responsible for processing your personal data is:

Scaled Academy GmbHTaunusanlage 860329 Frankfurt am MainGermany

Email: info@scaledacademy.net

Represented by the Managing Director Jiaming Song.

2. Our privacy promise

Habebe is built to be data-minimal from the ground up:

  • No tracking, no advertising targeting, no sale of your data to third parties.
  • No third-party analytics services and no third-party software development kits (SDKs).
  • No third-party SaaS: we run our own infrastructure and all servers are located in the European Union (Germany).
  • No location data unless you explicitly choose to share your location.
  • You can delete your account and all associated data at any time directly in the app.

3. What data we process

a) Account and profile data

When you register, we process your name or display name and your email address (for login, security notices and notifications). Your password is stored only in encrypted (hashed) form. Legal basis: Art. 6 (1) (b) GDPR (performance of a contract).

b) Check-in data

For Habebe's core function we process your daily check-ins (time and the “I'm okay” status) and the reminders and schedules you set. Legal basis: Art. 6 (1) (b) GDPR.

c) Trusted contacts

So that your trusted people can be informed, you store their name and a contact channel (e.g. email address or phone number) in Habebe. You are responsible for ensuring that the people concerned agree to the use of their contact details. Legal basis: Art. 6 (1) (b) and (f) GDPR.

d) Notifications and alerts

If a check-in does not happen, we notify the contacts you have designated. For this we process your device's push token and the data required for delivery. Legal basis: Art. 6 (1) (b) GDPR.

e) Emergency and health information (optional)

If you use optional features such as sharing emergency or health information, this may constitute special categories of personal data within the meaning of Art. 9 GDPR. We process such data exclusively on the basis of your explicit consent (Art. 9 (2) (a) GDPR), only for the purpose you define. You can delete it or withdraw your consent at any time.

f) Location data (optional)

We process location data only if you actively choose to share your location with your contacts. Without your authorisation we do not collect any location data. Legal basis: Art. 6 (1) (a) GDPR (consent).

g) Technical data and server logs

Operating the app and website generates technical data (e.g. IP address, time of the request, device type) that is necessary to ensure technical operation and to prevent attacks. These server log files are deleted or anonymised after no more than 7 days. Legal basis: Art. 6 (1) (f) GDPR.

4. Push notifications

To deliver push notifications we use the push services of the respective operating systems: the Apple Push Notification service (APNs) on iOS and Firebase Cloud Messaging (FCM) by Google on Android. Only the data technically required for delivery is transmitted. These services are an integral part of the mobile platforms and cannot be bypassed for native push messages.

5. Purchases and subscriptions

Habebe is offered as a subscription via the Apple App Store and Google Play. The purchase and payment processing are handled exclusively by Apple or Google. We do not receive any full payment data (e.g. credit card numbers), only information about the status of your subscription. The privacy terms of Apple or Google apply in addition.

6. Hosting and data processing

Our application, database and infrastructure run on servers of IONOS SE (Elgendorfer Straße 57, 56410 Montabaur, Germany) within the European Union. A data processing agreement pursuant to Art. 28 GDPR has been concluded with IONOS.

Beyond that, we use no third-party SaaS, no external analytics or tracking services and no ad networks. Your data stays within our own infrastructure inside the EU.

7. Retention period

We store your personal data only for as long as is necessary for the purposes stated or as required by statutory retention obligations. When you delete your account in the app, the associated personal data is deleted, unless statutory obligations require otherwise.

8. Your rights

You have the following rights at any time:

  • Access to the data we store about you (Art. 15 GDPR)
  • Rectification of incorrect data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing (Art. 21 GDPR)
  • Withdrawal of a given consent with effect for the future (Art. 7 (3) GDPR)

To exercise your rights, a message to info@scaledacademy.net is sufficient.

You also have the right to lodge a complaint with a data protection supervisory authority, e.g. the Hessian Commissioner for Data Protection and Freedom of Information.

9. Data security

We take technical and organisational measures to protect your data. Transmission is encrypted (TLS); particularly sensitive data is additionally stored in encrypted form.

10. Changes to this privacy policy

We will adapt this privacy policy if the legal situation or our processing changes. The current version published here applies.