data protection

Privacy Policy

1. Responsible party

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

H2 Technologies GmbH
Jägerndorfer Zeile 48
Germany

Email: info@amara.app
Website: www.amara.app

(hereinafter referred to as "we," "us")

2. Subject matter of the declaration / Scope of application

This privacy policy informs you about the processing of personal data when: visiting our website www.amara.app, using our mobile app AMARA (hereinafter referred to as "app"), contacting us (e.g. by email, phone, contact form), using our services within the app (e.g. registration, login, in-app purchases/subscriptions).

Personal data is any information relating to an identified or identifiable natural person (e.g., name, contact details, device identifiers, usage data).

3. Categories of data, purposes, and legal bases

3.1 Visiting our website (server log files)

When you visit our website for informational purposes only, we automatically collect data that your browser transmits to our server. This includes, in particular:

IP address of the requesting device, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page/file), access status/HTTP status code, amount of data transferred, website from which the request originates (referrer URL), browser type, language and browser version, operating system and its interface.

Purposes: Operation and delivery of the website, technical stability and security (error analysis, attack detection, prevention of misuse), performance optimization.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in a secure, stable, and technically functional online offering). Insofar as access to your end device is necessary, additionally § 25 (2) No. 2 TTDSG (absolutely necessary technical measures).

Storage period: Log data is generally deleted or anonymized after 90 days, unless further storage is necessary to investigate security incidents.

3.2 Downloading the app from app stores

When downloading the app, certain necessary information is transmitted to the respective app store (e.g., Apple App Store, Google Play Store), in particular:

User name or App Store ID, email address, App Store customer number, time of download, payment information, device ID.

We have no influence on this data processing; the respective app store operators are solely responsible. Please refer to the privacy policy of the respective app store.

3.3 Use of the app (without registration)

When you use our app, we collect the following data in particular, depending on the range of functions:

Device information (e.g., device type, operating system, app version), anonymous or pseudonymous usage data (e.g., functions accessed, error reports), log data on stability and security, timestamps and technical identifiers, if applicable.

Purposes: Provision of app functions, stability, security, error analysis, app optimization, onboarding.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in providing and improving our app).

3.4 Registration / User Account

When you register in our app or create a user account, we process the following in particular:

Master data (e.g., last name, first name, date of birth), contact details (e.g., email address, optional phone number), login details (e.g., email address), account settings and preferences, contract and usage data (e.g., booked features, subscriptions).

Purposes: Creation and administration of your user account, authentication, provision of the contractually agreed services, communication relating to your user account (e.g., technical or security-related information).

Legal basis: Art. 6(1)(b) GDPR (contract initiation and performance).

Storage period: We store user account data for the duration of active use and the contractual relationship. After termination/deletion of the account, data will be deleted or blocked after the expiry of the statutory retention periods.

3.5 In-app purchases, subscriptions, and payment processing

If in-app purchases or subscriptions are offered in the app, payment is usually processed via the respective app store (e.g., Apple, Google) or external payment service providers (RevenueCat). We only receive information from the app stores/payment service providers that is necessary to confirm the payment transaction (e.g., transaction ID, selected product, payment status).

Purposes: Contract execution, payment processing, accounting, proof of transaction.

Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(c) GDPR (statutory retention obligations under commercial and tax law).

Note: The App Store or payment service provider are responsible for processing payment data in accordance with the GDPR. Please refer to their privacy policies.

3.6 Contacting us (email, contact form, in-app support)

When you contact us (e.g., via email, contact form, in-app support), we process:

Your contact details (e.g., name, email address, phone number), content and time of the inquiry, and any other information you voluntarily provide us with.

Purposes: Processing your request, communicating with you, documenting support cases if necessary.

Legal basis: Art. 6(1)(b) GDPR, if your request is related to a contract or is pre-contractual, and/or Art. 6(1)(f) GDPR (legitimate interest in the efficient processing of user requests) in all other cases.

Storage period: Requests are deleted after final processing and expiry of any statutory retention periods; pure support correspondence is generally deleted after 24 months.

3.7 App permissions (e.g., camera, microphone, location, photos)

Depending on the app's functionality, we may need to access certain features or data on your device (e.g., camera, microphone, photos/media, location).

Purposes: Provision of specific app functions (e.g., uploading photos, voice messages, location-based services).

Legal basis: Art. 6 (1) (b) GDPR, insofar as the authorizations are necessary for the performance of the contract, Art. 6 (1) (a) GDPR, insofar as you give us your consent (e.g., location sharing).

You can revoke permissions at any time in your device settings. Certain features of the app may then no longer be available.

3.8 Processing of fitness and health data (optional)

If you have expressly consented to this via the corresponding function in the app (checkbox), we will also process your fitness and health data (e.g., number of steps, training activities, heart rate) in order to provide you with advanced analysis and tracking functions.

Legal basis: Art. 9(2)(a) GDPR in conjunction with Art. 6(1)(a) GDPR (express consent).

Revocation: You can revoke your consent at any time with future effect in the app settings. Revocation does not affect the legality of the processing carried out up to the point of revocation.

Storage period: This data will be processed until you

4. Cookies, tracking, and similar technologies (website/app)

We use cookies and similar technologies (e.g., SDKs, device IDs) on our website and, where technically possible, in our app.

4.1 Technically necessary cookies/technologies

These are necessary to provide our website or app (e.g., session cookies, security and authentication cookies).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a functional online offering) and Section 25(2)(2) TTDSG.

4.2 Optional analysis, statistics, and marketing tools

Insofar as we use analysis or marketing services (e.g., crash analytics, usage analysis, remarketing), this is done exclusively on the basis of your consent.

You can revoke your consent at any time with future effect via our cookie/consent tool in the website footer/in-app settings.

Legal basis: Art. 6(1)(a) GDPR in conjunction with Section 25(1) TTDSG.

Note: Specific information about the services used in each case (providers, data categories, purposes, storage duration, third-country transfers) is provided in our consent management tool, in the relevant subsections of this privacy policy, and in the app settings. Please check and add the services you actually use here.

4.3 Use of Google Analytics

We use Google Analytics to analyze website usage. The data obtained from this is used to optimize our website and advertising measures.

Google Analytics is provided to us by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google processes the data on website usage on our behalf and is contractually obligated to take measures to ensure the security and confidentiality of the processed data.

During your visit to our website, the following data, among other things, is transmitted to Google:

  • Pages accessed

  • Orders including sales and ordered products

  • Achieving "website goals" (e.g., contact requests and newsletter sign-ups)

  • Your behavior on the pages (e.g., length of stay, clicks, scroll depth)

  • Your approximate location (country and city)

  • Your Internet address (IP address)

  • Technical information such as browser, Internet service provider, device, and screen resolution

  • Source of your visit (i.e., which website or advertising medium brought you to us)

  • A randomly generated user ID

No personal data such as name, address, or contact details are transferred to Google Analytics.

This data is transferred to Google servers in the USA. We would like to point out that the same level of data protection cannot be guaranteed in the USA as within the EU.

Google Analytics stores cookies in your web browser for a period of two years from your last visit. These cookies contain a randomly generated user ID that can be used to recognize you on future visits to the website.

The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form for an indefinite period.

If you do not agree to this data collection, you can prevent it by installing the browser add-on to deactivate Google Analytics or by rejecting cookies via our cookie settings dialog.

4.4 Use of the meta pixel (Facebook pixel)

We place advertisements on Facebook and Instagram. In this context, we have integrated the "Meta Pixel" on our website.

The Meta Pixel enables us to: Measure the success of Facebook advertising campaigns. Target visitors to our website again with advertisements on Facebook and Instagram. Personalize advertisements based on previously viewed pages or products. The Meta Pixel is provided to us by Meta Platforms Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).

During your visit to the website, the following data, among other things, is transmitted to Meta: Pages or URLs accessed, orders including sales and products ordered, the achievement of "website goals" (e.g., contact requests and newsletter registrations), your Internet connection data (IP address), technical information such as browser, device, and screen resolution.

A randomly generated user ID, a randomly generated ad click ID if you arrived at our website via an advertisement.

No personal data such as name, address, or contact details will be transferred to Facebook.

This data may also be transferred to Meta servers in the USA.

Meta stores cookies in your web browser for a period of one year from your last visit. These cookies contain a randomly generated user ID that can be used to recognize you on future visits to the website. If you are logged in to Meta platforms such as Facebook/Instagram, Meta can also associate the visit with your Facebook/Instagram account.

If you do not agree to this data collection, you can prevent it by installing a tracking blocker add-on in your browser or by rejecting cookies via our cookie settings dialog.

5. Recipients of the data / Order processing / Third countries

5.1 Processors

We use external service providers to deliver our services (e.g., hosting, IT operations, email service, support tools, analysis services). These service providers process personal data exclusively on our behalf and on the basis of a data processing agreement in accordance with Art. 28 GDPR.

Typical recipient categories: IT and hosting service providers, development and maintenance service providers, payment service providers, support and ticket systems, analysis and monitoring service providers.

5.2 Data transfers to third countries

If service providers outside the European Union (EU) or the European Economic Area (EEA) are used, we ensure that either a decision by the EU Commission on an adequate level of data protection is in place (e.g., EU-U.S. Data Privacy Framework), or that suitable safeguards exist in accordance with Art. 44 ff. GDPR (e.g., EU standard contractual clauses, supplementary technical/organizational measures).

Details can be found in the information on the respective services in the consent tool or in the specific subsections.

6. Storage period and deletion

Unless a specific storage period is specified in this privacy policy in individual cases, the following applies:

We only process personal data for as long as is necessary for the respective purpose.

After that, the data will be deleted or—if there are legal retention requirements (e.g., under commercial and tax law)—blocked for further processing.

Legal retention periods are typically 6 or 10 years (e.g., for accounting and contract documents).

7. Your rights as a data subject

You have the following rights with regard to your personal data:

Right to information (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR), right to data portability (Art. 20 GDPR), Right to object to certain processing (Art. 21 GDPR), Right to withdraw consent (Art. 7(3) GDPR).

To exercise your rights, simply send an informal message to the contact details listed in section 1.

8. Right to object pursuant to Art. 21 GDPR

Objection to processing based on Article 6(1)(e) or (f) GDPR:

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data that we carry out on the basis of Article 6(1)(e) or (f) GDPR. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

Objection to direct marketing:

If personal data is processed for direct marketing purposes, you have the right to object to the processing for such marketing purposes at any time. In this case, the personal data will no longer be processed for these purposes.

9. Right to lodge a complaint with a supervisory authority

You have the right to complain to a data protection supervisory authority about our processing of your personal data (Art. 77 GDPR).

The following person is specifically responsible for our company headquarters:

Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59–61
10555 Berlin
Germany

Website: https://www.datenschutz-berlin.de

10. Obligation to provide data / Automated decision-making

The provision of certain personal data is necessary for the conclusion or execution of a contract with us (e.g., registration and payment data). Without this data, the app may not be usable or may only be usable to a limited extent.

We do not use automated decision-making, including profiling within the meaning of Article 22 of the GDPR, unless expressly stated otherwise in individual cases.

11. Our presence on social networks

We maintain public profiles on social networks. We use these profiles to communicate with users, interested parties, and customers and to provide information about our company and our services.

We currently operate company profiles with the following providers:

You can find links to our social media accounts on our website via the respective icons. When you click on an icon, you will be redirected to the respective platform and personal data will be processed by the respective provider. The data protection regulations of the respective platform operator apply primarily to this data processing.

Joint responsibility / use of platforms:

We use the technical platform and services of the aforementioned providers for these information services. You use our social media sites and their functions at your own risk. This applies in particular to the use of interactive functions (e.g., commenting, sharing, rating, messaging).

When you visit our websites, the platform operators collect, among other things:

Your IP address, other information stored on your device in the form of cookies or similar technologies, your interactions with our content (e.g., likes, comments, shares), technical information about your device and browser.

This information is processed by the platform operators and, if necessary, transferred to countries outside the European Union (in particular the USA, and in the case of TikTok, also China). The providers state that they ensure an adequate level of data protection (e.g. through EU standard contractual clauses or adequacy decisions). We have no conclusive influence on the scope, purpose, and duration of processing by the platform operators.

Platform operators generally provide us with aggregated usage statistics (insights). These statistics contain information such as reach, interaction, or demographic analyses, but no directly identifiable individual profiles. We use these analyses to optimize our content and focus on the platforms.

The legal basis for our use of social media platforms and the associated data processing by us is Art. 6 (1) (f) GDPR (legitimate interest in external corporate communications, PR, marketing, and interaction with users).

Our own data processing:

We process personal data that you provide to us via social media platforms (e.g., through comments, messages, inquiries) exclusively for the following purposes:

Communication with you, responding to inquiries, initiating or executing contractual relationships, if applicable.

In this context, the general principles of this privacy policy (legal basis, storage period, rights of data subjects) apply.

Your rights / Assertion of data subject rights:

You can assert your rights (see section "Your rights as a data subject") both against us and against the respective platform operator.

Notes:

If you have any questions about profiling, cookies/tracking, or the platform's independent data processing (e.g., advertising profiles), please contact the respective provider directly.

If you have any questions about the processing of your interactions with us (e.g., messages, comments in the context of our company), you can contact us at any time using the contact details provided in this privacy policy.

The applicable data protection notices of the platform operators (see links above) contain further information on the processing of personal data, setting options, and exercising your rights directly with the respective provider.

12. Data security

We take appropriate technical and organizational measures to protect your data from loss, destruction, unauthorized access, alteration, or dissemination. These include, among other things:

Encryption of connections (e.g., TLS/HTTPS), access restrictions and authorization concepts, securing systems with firewalls and virus protection, regular testing and improvement of our security measures

13. Current status and changes to this privacy policy

This privacy policy is currently valid and was last updated in December 2025.

We reserve the right to amend this privacy policy in order to adapt it to changes in the legal situation, technical developments, or changes in internal processes. The current version is available in the app and on our website.

Download the Amara app now

Install Amara™ and immediately have a reliable, friendly companion at your side, uncomplicated, helpful, and available at any time.

A hand holds a smartphone with the Amara™ app open. The screen displays color-coded categories related to health and well-being against a plain background.

7 days free of charge

Apple logo with text "Download on the App Store" on a black background.
Button with Google Play logo and text "Get it on Google Play" on a black background.