Privacy Policy

1. Responsible party

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

H2 Technologies GmbH
Jägerndorfer Zeile 48, 12205 Berlin, Germany
Email: info@amara.app
Website: www.amara.app

(hereinafter "we," "us")

Data Protection Officer

If you have any questions regarding data protection or the exercise of your rights, please feel free to contact us at any time at:

HeyData
GmbH Schützenstraße 5, 10117 Berlin, Germany
datenschutz@heydata.eu
www.heydata.eu

2. Subject matter of the declaration / Scope of application

This Privacy Policy informs you about the processing of personal data when you: visit our website www.amara.app, use our AMARA mobile app (hereinafter “App”), contact us (e.g., via email, phone, or contact form), or use our services within the App (e.g., registration, login, in-app purchases/subscriptions).

Personal data is any information relating to an identified or identifiable natural person (e.g., name, contact details, device identifiers, usage data).

3. Categories of data, purposes, and legal bases

3.1 Visiting our website (server log files)

When you visit our website for informational purposes only, we automatically collect data that your browser transmits to our server. This includes, in particular:

IP address of the requesting device, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page/file), access status/HTTP status code, amount of data transferred, website from which the request originates (referrer URL), browser type, language and browser version, operating system and its interface.

Purposes: Operation and delivery of the website, technical stability and security (error analysis, attack detection, prevention of misuse), performance optimization.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in a secure, stable, and technically functional online offering). Insofar as access to your end device is necessary, additionally § 25 (2) No. 2 TTDSG (absolutely necessary technical measures).

Storage period: Log data is generally deleted or anonymized after 90 days, unless further storage is necessary to investigate security incidents.

3.2 Downloading the app from app stores

When downloading the app, certain necessary information is transmitted to the respective app store (e.g., Apple App Store, Google Play Store), in particular:

User name or App Store ID, email address, App Store customer number, time of download, payment information, device ID.

We have no influence on this data processing; the respective app store operators are solely responsible. Please refer to the privacy policy of the respective app store.

3.3 Use of the app (without registration)

When you use our app, we collect the following data in particular, depending on the range of functions:

Device information (e.g., device type, operating system, app version), anonymous or pseudonymous usage data (e.g., functions accessed, error reports), log data on stability and security, timestamps and technical identifiers, if applicable.

Purposes: Provision of app functions, stability, security, error analysis, app optimization, onboarding.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in providing and improving our app).

3.4 Registration / User Account

When you register in our app or create a user account, we process the following in particular:

Personal information (e.g., last name, first name, date of birth), contact information (e.g., email address, optional phone number), login credentials (e.g., email address), account settings and preferences, contract and usage data (e.g., booked features, subscriptions), as well as content and feature data (e.g., all message data, shared fitness data, training progress, and all other data entered or generated by you within the scope of the app’s basic features).

Purposes: Creation and management of your user account, authentication, provision of the contractually agreed services (in particular storage and display of your messages, fitness history, and app activities), communication relating to your user account (e.g., technical or security-related information).

Legal basis: Art. 6(1)(b) GDPR (contract initiation and performance).

Storage period: We store user account data and the associated content and function data for the duration of active use and the contractual relationship. This data will only be deleted if you delete your user account or explicitly request us to delete the data. After termination/deletion of the account, data will be deleted or blocked after the expiry of the statutory retention periods.

3.5 In-app purchases, subscriptions, and payment processing

If in-app purchases or subscriptions are offered in the app, payment processing is handled by the respective app store (e.g., Apple, Google) or the external subscription service RevenueCat. We receive from the app stores/payment service providers only the information necessary to confirm the payment transaction (e.g., transaction ID, selected product, payment status).

RevenueCat: Purpose: Management of in-app subscriptions and purchases, transaction validation, cross-platform synchronization of subscription status. Data processed: Transaction ID, App Store receipt, subscription status, anonymous user ID (RevenueCat App User ID), device type, and operating system. Provider: RevenueCat, Inc., 633 Tasman St., San Leandro, CA 94577, USA. Transfer to a third country: USA. Legal basis: EU Standard Contractual Clauses (SCC). RevenueCat does not receive complete payment data (e.g., credit card numbers); the actual payment processing is carried out exclusively by the respective app store (Apple / Google).

Purposes: Contract execution, payment processing, accounting, proof of transaction.

Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(c) GDPR (statutory retention obligations under commercial and tax law).

Note: The App Store or payment service provider are responsible for processing payment data in accordance with the GDPR. Please refer to their privacy policies.

3.6 Contacting us (email, contact form, in-app support)

When you contact us (e.g., via email, contact form, in-app support), we process:

Your contact details (e.g., name, email address, phone number), content and time of the inquiry, and any other information you voluntarily provide us with.

Purposes: Processing your request, communicating with you, documenting support cases if necessary.

Legal basis: Art. 6(1)(b) GDPR, if your request is related to a contract or is pre-contractual, and/or Art. 6(1)(f) GDPR (legitimate interest in the efficient processing of user requests) in all other cases.

Storage period: Requests are deleted after final processing and expiry of any statutory retention periods; pure support correspondence is generally deleted after 24 months.

3.7 App permissions (e.g., camera, microphone, location, photos)

Depending on the app's functionality, we may need to access certain features or data on your device (e.g., camera, microphone, photos/media, location).

Purposes: Provision of specific app functions (e.g., uploading photos, voice messages, location-based services).

Legal basis: Art. 6 (1) (b) GDPR, insofar as the authorizations are necessary for the performance of the contract, Art. 6 (1) (a) GDPR, insofar as you give us your consent (e.g., location sharing).

You can revoke permissions at any time in your device settings. Certain features of the app may then no longer be available.

3.8 Processing of fitness and health data (optional)

If you have expressly consented to this via the corresponding function in the app (checkbox), we will also process your fitness and health data (e.g., number of steps, training activities, heart rate) in order to provide you with advanced analysis and tracking functions.

Legal basis: Art. 9(2)(a) GDPR in conjunction with Art. 6(1)(a) GDPR (express consent).

Revocation: You can revoke your consent at any time with future effect in the app settings. Revocation does not affect the legality of the processing carried out up to the point of revocation.

Retention period: This data will be processed until you delete your account or withdraw your consent.

4. Use of artificial intelligence (AI) and external services

To provide you with smart features such as voice control, news summaries, and contextual analysis, we partner with specialized third-party providers. In doing so, user input (text, audio, metadata) is transmitted to the respective providers. We use the following services:

4.1 Voice and dialogue functions (voice & audio)

This involves converting speech input into text (speech-to-text), processing it, and outputting it as speech again (text-to-speech).

  • OpenAI

    • Purpose: Language comprehension, dialogue management, and response generation.

    • Provider: OpenAI Ireland Ltd. (Ireland) / OpenAI, L.L.C. (USA).

  • ElevenLabs

    • Purpose: Synthesizing speech output (converting the AI text response into a natural-sounding voice).

    • Provider: Eleven Labs Inc., USA.

4.2 News, Search & Real-Time Information

We use these services to search for and aggregate the latest information from the Internet and summarize it for you.

  • Perplexity AI (model: sonar-pro)

    • Purpose: Intelligent summarization of news and complex search queries.

    • Provider: Perplexity AI, Inc., USA.

  • Tavily

    • Purpose: Specialized search engine for AI agents to find precise facts and sources in real time.

    • Provider: Tavily Ltd., Israel.

    • Note: The European Commission has issued an adequacy decision for Israel, confirming that its data protection standards are equivalent to those of the EU.

  • NewsAPI & Media Stack

    • Purpose: Provision of raw data (headlines, news feeds) as a basis for AI processing.

    • Providers: NewsAPI (USA) / apilayer (USA/EU).

4.3 Analysis & Context

  • Google Gemini

    • Purpose: Analysis of message content to create summaries and maintain conversation context within your user account.

    • Provider: Google Ireland Limited (Ireland) / Google LLC (USA).

  • Google Vertex AI

    • Purpose: Hosting and inference of AI models (text processing, embedding generation, contextual analysis).

    • Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland / Google LLC, USA.

    • Note: Vertex AI and Google Gemini are operated on the same Google Cloud infrastructure. The same Terms of Service and the same data transfer mechanisms (EU-US Data Privacy Framework / SCC) apply.

4.4 Push Notifications and Email Communication

  • OneSignal

    • Purpose: To send push notifications (app notifications) and transactional emails (e.g., welcome messages, reminders, system notifications), as well as optional marketing communications.

    • Processed data: Push token (device-specific notification identifier), device and operating system data, timestamps for delivery and opening, interaction data (e.g., clicking on a notification).

    • Provider: OneSignal, Inc., 2850 S. Delaware St., Suite 201, San Mateo, CA 94403, USA.

    • Legal basis: Article 6(1)(b) of the GDPR for transactional messages within the scope of the contractual relationship; Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TTDSG for marketing communications (consent). You can disable push notifications at any time in your operating system settings.

    • Transfer to a third country: United States. Basis: EU Standard Contractual Clauses (SCC).

4.5 Map and Location Services

  • Google Maps

    • Purpose: To display maps and location-based features within the app (e.g., showing nearby locations, navigation).

    • Data processed: Request parameters (e.g., the address or coordinates you are searching for), the IP address of the requesting device, and, if applicable, location data (provided you have granted location permission).

    • Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland / Google LLC, USA.

    • Legal basis: Article 6(1)(b) of the GDPR (performance of a contract) for card-based app features; Article 6(1)(a) of the GDPR (consent) for the use of precise location data.

    • Transfer to a third country: United States. Basis: EU-US Data Privacy Framework and/or Standard Contractual Clauses (SCCs).

    • Note: If you do not grant location access, location-based features may not be fully available. You can revoke this permission at any time in your device's settings.

Note on transfers to third countries (U.S.): Some of the service providers listed (in particular OpenAI, Google, Perplexity, ElevenLabs, NewsAPI, OneSignal, Mixpanel, Adjust, and Sentry) are based in the U.S. or process data there. We base data transfers to the U.S. on the EU-U.S. Data Privacy Framework (provided the providers are certified) or on the Standard Contractual Clauses (SCCs) of the European Commission to ensure an adequate level of data protection.

5. Cookies, tracking, and similar technologies (website/app)

We use cookies and similar technologies (e.g., SDKs, device IDs) on our website and, where technically possible, in our app.

5.1 Technically necessary cookies/technologies

These are necessary to provide our website or app (e.g., session cookies, security and authentication cookies).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a functional online offering) and Section 25(2)(2) TTDSG.

5.2 Optional analysis, statistics, and marketing tools

Insofar as we use analysis or marketing services (e.g., crash analytics, usage analysis, remarketing), this is done exclusively on the basis of your consent.

You can revoke your consent at any time with future effect via our cookie/consent tool in the website footer/in-app settings.

Legal basis: Art. 6(1)(a) GDPR in conjunction with Section 25(1) TTDSG.

Note: Specific information about the services used (providers, data categories, purposes, retention periods, transfers to third countries) is available in our consent management tool, in the relevant sections of this Privacy Policy, and in the app settings.

5.3 Use of Google Analytics (website only)

We use Google Analytics exclusively on our website (not in the app) to analyze website usage. The data collected is used to optimize our website and our advertising efforts.

Google Analytics is provided to us by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google processes the data on website usage on our behalf and is contractually obligated to take measures to ensure the security and confidentiality of the processed data.

During your visit to our website, the following data, among other things, is transmitted to Google: pages viewed, the achievement of “website goals” (e.g., contact requests and newsletter subscriptions), your behavior on the pages (such as time spent on the site, clicks, scroll depth), your approximate location (country and city), your IP address, technical information such as browser, internet service provider, device, and screen resolution, the source of your visit, and a randomly generated user ID. No personal data such as your name, address, or contact information is transmitted to Google Analytics.

This data is transferred to Google's servers in the United States. We base this transfer on the EU-U.S. Data Privacy Framework or the EU Standard Contractual Clauses.

Google Analytics stores cookies in your web browser for a period of two years following your last visit. This user-specific data is automatically deleted after 14 months. Other data is stored indefinitely in aggregated form.

If you do not consent to this data collection, you can prevent it by installing the one-time browser add-on to disable Google Analytics or by rejecting cookies via our cookie settings dialog.

5.4 Use of the Meta Pixel (Facebook Pixel)

We run ads on Facebook and Instagram. To that end, we have integrated the "Meta Pixel" into our website.

The Meta Pixel allows us to: measure the success of Facebook advertising campaigns, retarget visitors to our website with ads on Facebook and Instagram, and personalize ads based on the pages or products they previously viewed. The Meta Pixel is provided to us by Meta Platforms Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).

During your visit to the website, the following data, among other things, is transmitted to Meta: pages or URLs visited, the achievement of “website goals,” your internet connection data (IP address), technical information such as browser, device, and screen resolution, a randomly generated user ID, and a randomly generated ad click ID if you arrived at our website via an advertisement. No personal data such as your name, address, or contact information is transmitted to Facebook.

This data may also be transferred to Meta's servers in the United States. Meta stores cookies in your web browser for a period of one year following your last visit.

If you do not agree to this data collection, you can prevent it by installing a tracking blocker add-on in your browser or by rejecting cookies via our cookie settings dialog.

5.5 Mixpanel (Product Analytics, App)

We use Mixpanel to analyze app usage and improve the user experience.

  • Mixpanel

    • Purpose: Analysis of user behavior (e.g., features accessed, completion rates, frequency of use), creation of user cohorts, optimization of app features.

    • Data processed: Pseudonymous user ID (Mixpanel Distinct ID), event data (e.g., screens viewed, actions performed), device information (type, operating system, app version), IP address (deleted after geolocation).

    • Provider: Mixpanel, Inc., One Front Street, 28th Floor, San Francisco, CA 94111, USA. Mixpanel is certified under the EU-US Data Privacy Framework.

    • Legal basis: Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TTDSG (consent).

    • Transfer to a third country: United States. Legal basis: EU-U.S. Data Privacy Framework.

    • Withdrawal: You can withdraw your consent at any time in the app settings.

5.6 Adjust (App Attribution and Marketing Analytics)

We use Adjust to measure the effectiveness of our marketing campaigns and to attribute app installations to advertising channels.

  • Adjust

    • Purpose: Tracking app installations and in-app events (e.g., registration, subscription), attribution to marketing channels, fraud prevention.

    • Data processed: Device identifiers (e.g., IDFA/GAID, provided consent for tracking has been given), IP address, timestamp, app version, campaign parameters (e.g., click ID, campaign name).

    • Provider: Adjust GmbH, Saarbrücker Str. 37a, 10405 Berlin, Germany (a subsidiary of AppLovin Corporation, USA).

    • Legal basis: Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TTDSG (consent). On Apple devices, device identifiers are used only with your express consent in accordance with App Tracking Transparency (ATT).

    • Transfer to third countries: Processing primarily in Germany; data may be transferred to the U.S. (AppLovin). Legal basis: Standard Contractual Clauses (SCCs).

    • Withdrawal: You can withdraw your consent on iOS via Settings → Privacy & Security → Tracking, and on Android via your device settings.

6. Recipients of the data / Order processing / Third countries

6.1 Processors

We use external service providers to deliver our services (e.g., hosting, IT operations, email service, support tools, analysis services). These service providers process personal data exclusively on our behalf and on the basis of a data processing agreement in accordance with Art. 28 GDPR.

Typical recipient categories: IT and hosting service providers, development and maintenance service providers, payment service providers, support and ticket systems, analysis and monitoring service providers.

6.2 Data transfers to third countries

If service providers outside the European Union (EU) or the European Economic Area (EEA) are used, we ensure that either a decision by the EU Commission on an adequate level of data protection is in place (e.g., EU-U.S. Data Privacy Framework), or that suitable safeguards exist in accordance with Art. 44 ff. GDPR (e.g., EU standard contractual clauses, supplementary technical/organizational measures).

Details can be found in the information on the respective services in the consent tool or in the specific subsections.

6.3 Infrastructure, Data Storage, and Monitoring

We use the following service providers as data processors for the technical operation of our app:

  • Supabase (database hosting and authentication)

    • Purpose: Database hosting, user authentication, server-side data storage (e.g., account information, chat history, settings), file storage.

    • Processed data: All personal data stored in the user account in accordance with Sections 3.3 and 3.4 of this statement.

    • Provider: Supabase, Inc., USA / AWS infrastructure (Region: eu-central-1, Frankfurt, Germany).

    • Legal basis: Article 6(1)(b) of the GDPR (performance of a contract), Article 6(1)(f) of the GDPR (legitimate interest in the secure operation of our systems).

    • Transfer to third countries: Data processing takes place primarily on AWS servers in the EU (Frankfurt). If a transfer to the United States is necessary, we rely on the Standard Contractual Clauses (SCCs).

  • Sentry (Error Tracking and Performance Monitoring)

    • Purpose: Real-time error detection (crash reporting), performance monitoring, and diagnosis of technical issues.

    • Data processed: Error messages and stack traces, device and operating system information, app version, anonymized user ID, IP address (truncated on the server side).

    • Provider: Functional Software, Inc. dba Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA.

    • Legal basis: Article 6(1)(f) of the GDPR (legitimate interest in the technical stability and security of the app).

    • Transfer to a third country: United States. Basis: EU Standard Contractual Clauses (SCC).

    • Note: Sentry is configured so that no unencrypted user content (e.g., chat messages) is included in error reports. IP addresses are anonymized before being stored.

7. Storage period and deletion

Unless a specific storage period is specified in this privacy policy in individual cases, the following applies:

We only process personal data for as long as is necessary for the respective purpose.

After that, the data will be deleted or—if there are legal retention requirements (e.g., under commercial and tax law)—blocked for further processing.

Legal retention periods are typically 6 or 10 years (e.g., for accounting and contract documents).

8. Your rights as a data subject

You have the following rights with regard to your personal data:

Right to information (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR), right to data portability (Art. 20 GDPR), Right to object to certain processing (Art. 21 GDPR), Right to withdraw consent (Art. 7(3) GDPR).

To exercise your rights, simply send an informal message to the contact details listed in section 1.

9. Right to object pursuant to Art. 21 GDPR

Objection to processing based on Article 6(1)(e) or (f) GDPR:

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data that we carry out on the basis of Article 6(1)(e) or (f) GDPR. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

Objection to direct marketing:

If personal data is processed for direct marketing purposes, you have the right to object to the processing for such marketing purposes at any time. In this case, the personal data will no longer be processed for these purposes.

10. Right to lodge a complaint with a supervisory authority

You have the right to complain to a data protection supervisory authority about our processing of your personal data (Art. 77 GDPR).

The following person is specifically responsible for our company headquarters:

Berlin Commissioner for Data Protection and Freedom of Information Alt-Moabit 59–61 10555 Berlin Germany Website: https://www.datenschutz-berlin.de

11. Obligation to provide data / Automated decision-making

The provision of certain personal data is necessary for the conclusion or execution of a contract with us (e.g., registration and payment data). Without this data, the app may not be usable or may only be usable to a limited extent.

We do not use automated decision-making, including profiling within the meaning of Article 22 of the GDPR, unless expressly stated otherwise in individual cases.

12. Our presence on social networks

We maintain public profiles on social networks. We use these profiles to communicate with users, interested parties, and customers and to provide information about our company and our services.

We currently operate company profiles with the following providers:

Facebook – Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland Privacy Policy: https://www.facebook.com/privacy/policy

Instagram – Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland Privacy Policy: https://privacycenter.instagram.com/policy/

YouTube – Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Privacy Policy: https://policies.google.com/privacy?hl=de

LinkedIn – LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland Privacy Policy: https://de.linkedin.com/legal/privacy-policy

TikTok – TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland Privacy Policy: https://www.tiktok.com/legal/privacy-policy?lang=de

You can find links to our social media accounts on our website via the respective icons. When you click on an icon, you will be redirected to the respective platform, and your personal data will be processed by the respective provider.

Joint responsibility / use of platforms:

We use the technical platform and services of the aforementioned providers for these information services. You use our social media sites and their functions at your own risk. This applies in particular to the use of interactive functions (e.g., commenting, sharing, rating, messaging).

When you visit our pages, the platform operators collect, among other things: your IP address, additional information stored on your device in the form of cookies or similar technologies, your interactions with our content (e.g., likes, comments, shares), and technical information about your device and browser.

This information is processed by the platform operators and may be transferred to countries outside the European Union (in particular the United States; in the case of TikTok, also China).

The legal basis for our use of social media platforms and the associated data processing by us is Art. 6 (1) (f) GDPR (legitimate interest in external corporate communications, PR, marketing, and interaction with users).

Our own data processing:

We process the personal data you provide to us via social media platforms (e.g., through comments, messages, or inquiries) solely for the following purposes: communicating with you, responding to inquiries, and, where applicable, initiating or fulfilling contractual relationships.

13. Data security

We take appropriate technical and organizational measures to protect your data from loss, destruction, unauthorized access, alteration, or dissemination. These include, among other things:

Encryption of connections (e.g., TLS/HTTPS), access restrictions and authorization concepts, securing systems with firewalls and virus protection, regular testing and improvement of our security measures.

14. Timeliness and changes to this privacy policy

This Privacy Policy is currently in effect and is dated March 2026.

We reserve the right to amend this privacy policy in order to adapt it to changes in the legal situation, technical developments, or changes in internal processes. The current version is available in the app and on our website.

Download the Amara app now

Install Amara™ and immediately have a friendly companion at your side—uncomplicated, helpful, and always available.

Two smartphones, one showing a health and wellness app with various categories such as family & friends, news & knowledge, organization, everyday life & routines, health & wellness, and entertainment. The other smartphone shows a user interface with switches, a large round control element, and a pause button.
Download from the App Store Now on Google Play