Privacy Policy

Summary

  • Your Data Belongs to You
  • We do not analyze your user behavior.
  • All data is transmitted in encrypted form.
  • With a customer account, your data and shopping lists are stored on our servers so you can share them with others.
  • Your location remains on your device and is not transmitted.
  • We do not sell data or share it with third parties.
  • We do not send unsolicited advertisements.
  • When you delete your user account, all your data is immediately deleted.
  • Server location: Germany.

In the following Privacy Policy, we inform you about the extent to which data is collected when using the pon app and explain the rights you have in this context.

Legal Bases for Processing
The processing of personal data is based on the following legal grounds pursuant to Article 6 of the GDPR:

  • Article 6(1)(b) GDPR (Performance of a Contract): Processing of data for providing the app and synchronizing shopping lists.
  • Article 6(1)(a) GDPR (Consent): Use of location data, push notifications, and access to contacts/camera.
  • Article 6(1)(f) GDPR (Legitimate Interest): Use of anonymized data for error analysis. 

Legitimate interest lies in error correction, app improvement, and protection against misuse. Only pseudonymized or aggregated data is used, which does not allow any conclusions to be drawn about individual users.

Personal Data

Personal data refers to information that can be traced back to a specific person. This includes details such as your name or email address. Data that is collected purely quantitatively, such as the number of users per day, does not qualify as personal data.

Usage Analysis / Tracking

We do not use external tracking providers to collect data within the app and do not transmit any data to third parties. All pon features that analyze user behavior—such as frequently purchased products or shopping locations—are processed exclusively on your device. For data synchronization purposes, certain data may be transmitted to our servers.

What Data is Transmitted?

When you use pon, data is retrieved from our servers to keep your app up to date, such as an updated product catalog or new store locations. For communication, a random ID is generated during installation, which is included in every communication with our servers. This ID is used to sign your data during transmission, ensuring that only you can access and modify your data. To deliver the relevant data to the correct device, the following additional information is stored:

  • Random Device ID
  • App Name
  • App Version
  • Installed Operating System Version
  • Device Language Settings

Using the App Without a Customer Account

Many features of pon can be used without creating a customer account. In this case, only the data mentioned above is transmitted to keep your app up to date. At no time can we determine who you are or what data you have entered in pon based on this information.

Using the App With a Customer Account

With a customer account, you can access additional features, such as sharing shopping lists with others. For this purpose, the following information is required and stored on our servers:

  • Name (freely selectable, can also be a pseudonym)
  • Email address
  • Password (stored only as a hash)

Your customer account is automatically assigned a unique customer number, and the device you use to log in or register is linked to this account. We take data protection seriously and have made an effort to request only the minimum necessary data required to invite other people to a list. When you create a customer account, your shopping lists and products are stored on our servers so that others with whom you share your lists can access them. Synchronization with our servers is also required if you want to use multiple devices. Third parties can only access your shopping lists if you explicitly invite them.

There is no individual analysis or evaluation of your shopping lists or shopping habits by pon. However, we reserve the right to access this data in individual cases for error analysis and to use it for quantitative evaluations. These analyses are performed exclusively in an anonymized or pseudonymized manner and do not allow any conclusions to be drawn about individual persons. If you contact us via the feedback form in the app, your ID will be transmitted to us so that we can identify your data and any errors that may have occurred.

Registration with Facebook Login

If you use Facebook Login to register with pon, the following data will be retrieved from Facebook:

  • Name
  • Email address

The app uses Facebook solely for registration. No data is transmitted to Facebook, and no messages are sent via Facebook without your consent.

Registration with Apple ID

If you use Apple ID Login to register with pon, the following data will be retrieved from your Apple account:

  • Name
  • Email address (or optionally Apple's private relay email address)

If you disable Apple ID for pon, you will be automatically logged out. However, your user account will remain active, and the data associated with your account will not be deleted (see: Correction and Deletion of Your Data). If you want to delete your account completely, you can do so in the app settings under "Delete Account."

Location Data

In the pon app, you can set reminders for your shopping trips when you are near a frequently visited store. To enable this feature, your current location is required (network-based location (Geofence), GPS tracking). Your location is processed exclusively on your device and is not transmitted to us. If you set up location-based reminders, you can disable or delete them at any time in the app settings.

App Permissions

To provide all features of the pon app, the app requires access to certain functions and data on your device. For technical reasons, you must grant the app specific permissions. If you choose not to allow certain permissions, some app features may not be available. Below, we inform you about the permissions required by the pon app and their purposes:

  • Location  (network-based location (Geofence), GPS tracking): This permission is needed to remind you of your shopping list when you approach a store. Additionally, shopping lists are automatically reordered based on location. Locations are also used to detect if you are currently shopping to notify your list participants, for example: “Martin is currently shopping at Aldi. Is there anything missing from the shopping list?”
  • CameraThis permission is required to scan barcodes or add images to products on your shopping list.
  • ContactsIf you want to share shopping lists with others, you can grant pon access to your contact book to display email addresses directly. Your contacts are used exclusively on your device and are not transmitted to us.
  • NotificationsThis permission is used for various functions. The app can notify you via push notifications about the following events:
    • You are approaching a store, and there are still items on your shopping list.
    • A shopping list has been modified/updated by a participant.
    • A participant has started shopping.
    • You have activated a deal reminder and want to be notified when it is due.

    Note: Notifications are also used to keep your shopping lists up to date. If a participant updates the list, a silent push notification may be sent to your device, allowing the app to update the data in the background. This ensures that pon can remind you of your shopping list when passing by a store, even if you haven't opened the app since the last update.

  • PhotosYou can grant pon access to your photos to attach images to products.
  • Background App RefreshIf you share shopping lists with others, it is useful for pon to update your lists in the background. Example: A list participant adds milk to the list, but you haven’t opened the app for a while. With background updates enabled, pon can remind you to buy milk when you pass by a supermarket on your way home, even if you haven’t actively used the app during the day.

If you wish to withdraw your consent for certain functions (e.g., push notifications or location access), you can do so at any time in the app settings.

Data Security

The information you provide is transmitted in encrypted form (TLS 1.2 and AES-128-GCM encryption) to prevent unauthorized access by third parties. All collected data is stored on servers in Germany and is subject to German data protection regulations.

Storage Duration and Retention Periods

We store your data for as long as it is necessary to provide our services and the associated functionalities or as long as we have a legitimate interest in continued storage. In all other cases, we delete your personal data, except for data that we are required to retain to comply with legal obligations (e.g., tax or commercial retention periods, such as invoices).

  • User data (e.g., name, email, password): Stored until the account is deleted.
  • Server logs (device ID, app version, language settings): Automatically deleted after 30 days.
  • Error reports and support requests: Deleted after a maximum of 6 months.
  • Backups: Retained for a maximum of 30 days, after which they are automatically deleted.

Your Rights as a Data Subject Under the GDPR
You have the following rights regarding your personal data:

  • Right of Access (Art. 15 GDPR): You can request a copy of the data stored about you.
  • Right to Rectification (Art. 16 GDPR): If your data is incorrect, you can request its correction.
  • Right to Erasure (Art. 17 GDPR): You can request the deletion of your data, provided there is no legal obligation to retain it.
  • Right to Restriction of Processing (Art. 18 GDPR): If you contest the accuracy of your data or the processing is unlawful, you can request a restriction of processing.
  • Right to Data Portability (Art. 20 GDPR): If you want us to transfer your data to another provider, we will provide it in a common format.
  • Right to Object (Art. 21 GDPR): If we process your data based on a legitimate interest, you can object to this processing. If you believe that our processing based on legitimate interest (Art. 6(1)(f) GDPR) is not in your interest, you can object at any time. You can do this informally via email at datenschutz@ponlist.de tun.

Correction and Deletion of Your Data

If you have registered a user account with pon, you can edit your data (name, email address, and password) directly within your profile in the app. If you wish to delete your account, please use the "Delete Account" function in your profile. All your data will be removed from our servers within a few minutes. Möchtest du dein Kundenkonto löschen nutze bitte die „Account löschen“ Funktion innerhalb deines Profils. Alle deine Daten werden innerhalb weniger Minuten von unseren Servern entfernt.

Right to Lodge a Complaint with the Data Protection Authority
If you believe that we are processing your data unlawfully, you can contact the competent data protection authority at any time:
The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Königstraße 10a,
70173 Stuttgart
Website: https://www.baden-wuerttemberg.datenschutz.de/

You have the right to access your data. If you have any questions or suggestions regarding data protection, you can contact us at feedback@ponlist.de .

Last updated: February 9, 2025

If you need assistance or would like to contact us, please send an email to feedback@ponlist.de.