Legal
Privacy policy - Hybbit
For the website arnoldschreiner.de, the site privacy policy applies. The following section applies to the Hybbit iOS app.
Last updated: July 2, 2026
Quick Overview
- No account, no cloud sync – Processing locally on your device.
- Features: Habits, reminders (local), local statistics, categories, export/import (JSON), Pro subscription via Apple (StoreKit).
- Notifications: only local notifications (iOS consent), no remote pushes.
- No tracking/no IDFA/no advertising.
- No third-party crash reporting – the app does not transmit any crash data.
(Apple requires App Privacy declarations; possibly Privacy Manifest/Required Reason APIs in the app. These developer obligations concern publication, not your rights.)
1. Data Controller
Arnold Schreiner
Wümmering 28
21629 Neu Wulmstorf
Germany
Email: hello@arnoldschreiner.de
No data protection officer is appointed as it is not legally required.
Right to complain: You can complain to a data protection supervisory authority (e.g., at your place of residence). Legal basis of information obligations: Art. 13 GDPR.
2. Scope
This declaration applies to the iOS app "HYBBIT" (App Store ID: 6749539405). The website has its own privacy policy at: https://arnoldschreiner.de/datenschutz.
3. Processing in Detail
3.1 App Operation (without account)
Purpose: Providing app functions locally.
Data types: Habits (title, description, category), goals/frequencies, reminder plans, history/completions, streaks, sorting/display settings, language/theme.
Storage location: iOS app container (UserDefaults/CoreData/files) on your device.
Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance).
3.2 Local Notifications
Purpose: Reminder of habits.
Data types: Schedules, title/body of local notifications; app badge.
Recipients: no external recipients (delivery is done locally by iOS).
Legal basis: Art. 6 para. 1 lit. a GDPR (consent via iOS prompt; revocable in iOS settings).
3.3 In-App Purchases (StoreKit)
Purpose: Management of Pro subscription.
Data types: Product IDs, transaction status, receipts/entitlements (system-side).
Recipients/Role: Apple as independent controller (payment processing).
Legal basis: Art. 6 para. 1 lit. b GDPR.
3.4 On-Device Usage Values (Review Timing)
Purpose: appropriate timing for review requests.
Data types: purely local counters (app starts, habit completions, streaks, successful days).
Recipients: none.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest; data does not leave the device).
3.6 Data Export/Import
Purpose: Portability/backup at your request.
Data types: JSON (habits, categories, reminders, history, settings).
Recipients: only controlled by you (iOS share sheet); no automatic upload.
Legal basis: Art. 6 para. 1 lit. b GDPR.
4. Device Access (TDDDG § 25)
We only use necessary local storage/identifiers for core functions; no tracking, no IDFA, no fingerprinting. For non-essential access, consent would be required – no such access currently takes place. (Since May 14, 2024, the TDDDG with § 25 applies in Germany; in 2025, the Consent Services Regulation also came into force.)
5. Recipients and Service Providers (SDKs)
No third-party SDKs that transmit data to external service providers are integrated.
Apple (StoreKit, UserNotifications) – Independent Controller
Payment processing/receipts and local notifications are done system-side. (Apple may provide crash reports in App Store Connect if you have consented to sharing with developers at the system level.)
6. Transfer to Third Countries
We do not transfer personal data to third countries.
7. Storage Duration and Deletion
- App content/settings: until active deletion in the app ("Delete all data") or uninstallation.
- Export files: created locally in temporary directory; further storage/sharing only by you.
8. Obligation to Provide
There is no legal obligation to provide. Without certain local data (e.g., habit definitions), individual functions are not usable. Consent (e.g., notifications) is voluntary.
9. Your Rights (GDPR)
You have rights to access, rectification, erasure, restriction, data portability, objection, and revocation of given consent with effect for the future (Art. 15–21, Art. 7 para. 3 GDPR).
Contact: hello@arnoldschreiner.de.
10. Security (Technical and Organizational Measures)
On-device storage in iOS app container, iOS device encryption, role-based access control (least privilege), regular updates/patches, incident management including 72-hour notification obligation.
11. Minors
The app is not specifically targeted at children; no special processing of children's data.
12. Automated Decisions/Profiling
No automated decisions with legal effect. Review timing is based on purely local counters without personal reference.
13. Changes to this Privacy Policy
We update this declaration when functions/laws change. The current version is linked in the app. Archive of previous versions: https://arnoldschreiner.de/hybbit/privacy.
14. Contact
Data Controller: Arnold Schreiner • Email: hello@arnoldschreiner.de • Address: Wümmering 28, 21629 Neu Wulmstorf
Privacy URL: https://arnoldschreiner.de/hybbit/privacy