Privacy Policy

What data we collect

When you sign up for the orgo.me waitlist, we collect your email address, first name, and last name. Only your email address is required; providing your name is optional.

Purpose and legal basis

Your data is processed solely for the purpose of informing you about the orgo.me launch and related product updates. Your name, if provided, is used to personalize our communications. The legal basis for this processing is your consent (Art. 6(1)(a) GDPR), which you give by submitting the signup form.

Email service provider

We use Brevo (Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany) to manage waitlist contacts and send emails. Brevo is an EU-based provider. Your data is stored on Brevo's servers in the EU. For more information, see Brevo's Privacy Policy.

Retention

Your data is stored for as long as you remain subscribed to our waitlist. You can unsubscribe at any time via the link in any email you receive, or by emailing unsubscribe@orgo.me. Upon unsubscribing, your data will be deleted promptly.

Cookieless tracking

Matomo is configured to operate entirely without cookies. No tracking cookies, session cookies, or similar identifiers are stored on your device. Because no cookies are set, no cookie consent banner is required for this analytics tool.

Data collected

Matomo collects anonymized usage data including: pages visited, referring website, approximate geolocation (country/region level, based on anonymized IP), browser type and version, operating system, screen resolution, and time of visit. Your IP address is anonymized by masking the last two bytes before any processing occurs. No personally identifiable information is stored.

Do Not Track

Matomo respects the "Do Not Track" (DNT) setting in your browser. If you have enabled DNT, your visit will not be tracked.

Legal basis

The processing is based on Art. 6(1)(f) GDPR (legitimate interest in understanding how our website is used in order to improve it). Given the privacy-preserving configuration (cookieless, IP anonymization, self-hosted in Germany, no third-party data sharing), the impact on your privacy is minimal.

Consent required

Unlike the website, the mobile app stores a pseudonymous device identifier in app storage on your phone in order to group your actions into sessions. This counts as storage on terminal equipment under § 25 TTDSG. We therefore request your prior consent before any tracking occurs. On first launch, the app shows a consent prompt with equally prominent "Accept" and "Decline" options. No tracking takes place until you accept, and no device identifier is created on your phone until you accept.

What we collect when you consent

• Screen views (the names of screens you visit, e.g. "Feed", "Search", "Profile")
• Event categories and actions (e.g. category "Save" with action "share_intent_received", category "Auth" with action "login_complete")
• A randomly generated 16-character pseudonymous device identifier, stored locally on your phone (never shared with any third party)
• Approximate locale and operating system version
• Anonymized IP address (last two bytes masked) for visit enrichment

What we never collect

• Saved URLs, page titles, or the content of any saved items
• Search queries
• Your email address or any account-identifying information from your Supabase account
• Real names or contact details
• Any data that could directly identify you as a person

User ID (logged-in users)

If you are logged in, we send a one-way SHA-256 hash of your Supabase user ID to Matomo so that we can recognize the same user across reinstalls and devices. The raw Supabase ID and your email address are never sent. The hash cannot be reversed to recover your identity.

Legal basis

Processing is based on your consent (Art. 6(1)(a) GDPR and § 25(1) TTDSG). You can withdraw consent at any time with effect for the future via the in-app toggle under Profile → Anonymous usage data. When you withdraw consent, the locally stored device identifier is immediately deleted and no further tracking requests are sent.

Consent record

Your consent decision (granted or declined, timestamp, consent version, and source) is stored locally on your device and, if you are logged in, also synced to our Supabase database (EU region). We maintain an append-only history of consent changes in order to demonstrate compliance to supervisory authorities upon request. Storing the consent record itself is permitted without prior consent under § 25(2) TTDSG, as it is strictly necessary to remember your expressed preference.

Retention

Matomo visit and event data from the mobile app is retained for 14 months and then automatically deleted. Consent records are retained for the duration of your account plus 36 months after account deletion, in line with the statutory limitation period for GDPR-related claims. Aggregated, non-identifying statistics may be retained for longer.

Re-prompt on policy changes

If we materially change what is tracked, who receives the data, or the retention period, we bump the consent version. The app will then show you the consent prompt again on next launch, regardless of any previous decision, so you can review and decide again.