Download app
Download app

Our strengths are your success!

Privacy Policy App

Last updated: October 2, 2025

This privacy policy informs you how Steinpilz Risotto UG (haftungsbeschränkt) (hereinafter “we” or “us”) processes your personal data when you use the mobile application “Bahnhof” (hereinafter “App”).

1. What data we process

When using the App, we process the following categories of personal data:

Device and advertising IDs

  • e.g., Apple IDFA (Identifier for Advertisers), device type, operating system version
  • Purpose: attribution of app installations, measurement of marketing campaigns

Usage data

  • App events, screen views, interactions with features, session duration, purchases (if applicable)
  • Purpose: analysis of user behavior, improvement of user experience

Crash and diagnostic data

  • Error messages, crash reports, performance metrics, stack traces
  • Purpose: technical troubleshooting, improving app stability

We do not collect sensitive personal data such as name, email address, location data, or contacts.

2. Purpose of data processing

The data collected is used for:

  • Measuring the success of advertising campaigns (e.g., via Meta)
  • Improving app usability and user experience
  • Technical optimization and stabilization of the app
  • Error diagnostics and prevention of technical issues
  • Managing and providing paid content (e.g., subscriptions)

3. Recipients of data / third-party providers

We share certain data with selected service providers, insofar as this is necessary for the functionality of the App:

Meta Platforms, Inc.

  • Purpose: attribution of installations, advertising analytics
  • Data: advertising ID (IDFA), app events
  • Privacy: facebook.com/privacy/policy

Mixpanel, Inc.

Sentry (Functional Software, Inc.)

  • Purpose: error analysis, technical diagnostics
  • Data: crash reports, stack traces, performance data
  • Privacy: sentry.io/privacy

AppsFlyer Ltd.

  • Purpose: attribution of app installations, measurement and analysis of marketing campaigns
  • Data: device information (e.g., device type, operating system version), advertising ID (IDFA), app events, interactions with features
  • Privacy: appsflyer.com/legal/services-privacy-policy

These providers may process data on servers located in the EU, the USA, or other countries with adequate data protection safeguards.

4. Hosting & platform services

The App is hosted by third-party providers that provide technical infrastructure.
The following data may be stored in server logs:

  • IP address
  • user agent
  • timestamp

The App is made available via the following platforms:

  • Apple App Store
  • Google Play Store

These platforms may provide us with aggregated diagnostics, sales data, and crash reports.
Users can determine in their device settings which data is shared with developers.

5. Device permissions

The App currently does not request access permissions for the camera, microphone, photos, contacts, or precise location data.

If this changes in future versions, we will:

  • request permission in advance (in-app prompt)
  • update this privacy policy accordingly

6. Legal bases of processing (GDPR)

We process your data on the following legal bases:

  • Art. 6(1)(f) GDPR (legitimate interests):
    for technical stability, error diagnostics, and app optimization
  • Art. 6(1)(a) GDPR (consent):
    for the use of the advertising identifier (IDFA) for analytics and marketing purposes
    → consent is obtained via the Apple App Tracking Transparency (ATT) prompt

7. International data transfers

Where data is transferred outside the European Economic Area (EEA) (e.g., to US service providers), this is done on the basis of appropriate safeguards, such as:

  • EU Commission Standard Contractual Clauses (SCC)
  • other recognized data protection instruments

Copies of these safeguards can be provided upon request.

8. Data retention

We store your data only as long as necessary for the respective purposes:

Data category Retention period
Advertising & analytics events up to 24 months
Crash & diagnostic data (Sentry) up to 90 days
Server logs (hosting) 14 to 30 days

After these periods, the data is automatically deleted or anonymized.

9. Data deletion upon request

You may request the deletion of your data at any time.
Please send an email to: app-bahnhof-kontakt@stein-pilz.com

We will respond to your request within 30 calendar days.
In complex cases, the response period may be extended by up to 60 days in accordance with Art. 12(3) GDPR – in such cases you will be informed.

10. Security measures

We implement appropriate technical and organizational measures to protect your data, including:

  • encryption of data during transmission (TLS)
  • access restrictions on a need-to-know basis
  • access controls and role management
  • data minimization

11. Website cookies & server logs

Our website (if applicable) uses only technically necessary cookies for display and security.
No tracking cookies or advertising are used.

The hosting provider may process the following log data:

  • IP address
  • browser type
  • referrer
  • time of access

These logs are stored to ensure availability and are automatically deleted after a short period (see section 8).

12. Your rights under the GDPR

In accordance with Articles 15–21 GDPR, you have the following rights:

  • right of access to your stored data
  • rectification of inaccurate data
  • erasure (“right to be forgotten”)
  • restriction of processing
  • objection to processing based on legitimate interest
  • withdrawal of consent (e.g., app tracking in iOS settings)
  • data portability (where technically feasible)

You also have the right to lodge a complaint with a supervisory authority:

State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (LfDI BW)
Königstraße 10a
70173 Stuttgart
Website: baden-wuerttemberg.datenschutz.de

13. Children’s privacy

The App is not directed at children under the age of 13.
We do not knowingly collect personal data from children.
If we become aware that data from children has been collected, it will be deleted immediately.

14. Changes to this privacy policy

We reserve the right to update this privacy policy as needed – for example, in case of legal changes, new features, or third-party providers.

Changes will be published in the App or on the website.

The date of the last update can be found at the beginning of this document.

15. Contact

Responsible for data processing:
Steinpilz Risotto UG (haftungsbeschränkt)
Rosa-Heinzelmann-Str. 20
73230 Kirchheim unter Teck
Germany
Phone: +49 (0) 7021 9929943
Email: app-bahnhof-kontakt@stein-pilz.com

Data Protection Officer:
Viorica-Simona Mic
Verdandi Datenschutz GmbH
Robert-Bosch-Str. 7
71229 Leonberg
Germany
Phone: +49 (0) 1522 6687466
Email: viorica-mic@verdandi-datenschutz.com