Privacy Policy

This Privacy Policy explains how OfficeOS processes personal data when you visit the website, create an account, request app work, upload materials, communicate with us, or grant access to third-party tools.

OfficeOS is operated by Harro Krog as an Einzelunternehmen in Germany. The complete provider details are listed in the legal notice / Impressum and can be used for privacy requests.

For website visitors, prospects, account users, billing contacts, and OfficeOS customers, OfficeOS usually acts as controller. When OfficeOS processes personal data from your app users only to provide agreed services for your app, OfficeOS may act as processor and you may act as controller.

We may collect account details, name, email address, company or project name, billing status, request descriptions, uploaded files, app screenshots, comments, support messages, access confirmations, technical logs, device and browser metadata, cookie preferences, payment event references, and website analytics.

During discovery and planning, we may review information you provide about your channel, audience, content, community, products, offers, app goals, monetization ideas, analytics, screenshots, and existing tools.

When you invite OfficeOS to systems such as App Store Connect, Google Play Console, RevenueCat, Supabase, GitHub, Stripe, analytics tools, email tools, or similar services, we may process data visible through that access for approved service work, verification, QA, support, release preparation, billing, and security.

If OfficeOS builds or reviews product analytics for your app, we may process app events, funnel steps, paywall views, subscription status, campaign source, cohort membership, churn signals, device metadata, and similar product usage data. You should avoid sending unnecessary sensitive data into app analytics.

We process personal data to provide OfficeOS, create and manage accounts, scope requests, implement approved work, run QA, prepare releases, document what changed, communicate with you, process billing, prevent abuse, secure the service, meet legal obligations, and improve the product.

We do not use customer app data, credentials, uploaded materials, or private business information to create public case studies, testimonials, or marketing claims unless you have given clear written permission for that specific use.

Where GDPR applies, we process data when it is necessary to perform a contract or take steps before entering into a contract, when we must comply with legal obligations, when processing is necessary for legitimate interests such as security, fraud prevention, support, service improvement, payment handling, service documentation, and legal defense, or when you have given consent.

You can withdraw consent where processing is based on consent. Withdrawal does not affect processing that already happened lawfully before withdrawal.

The website and dashboard may use necessary cookies or local storage to keep the service working, remember session state, remember cookie preferences, and protect accounts.

Optional analytics cookies or similar technologies may be used only where allowed by law or consent settings. These help OfficeOS understand which pages visitors read and how the website performs.

Product analytics inside a customer app are separate from website analytics. If your app uses analytics built or configured by OfficeOS, your own app privacy notice should explain that analytics to your app users.

We do not sell personal data. We may share data with service providers that host, secure, analyze, bill, email, monitor, or support OfficeOS. These providers may include infrastructure, database, payment, email, error monitoring, analytics, communication, and authentication providers.

Current provider categories may include Vercel or similar hosting providers, Supabase for database and authentication, Stripe for payments, Resend or similar email providers, Sentry for error monitoring, Slack for support and operations, OpenAI or similar AI providers where used for approved service work, and analytics providers where enabled.

We may also disclose data when required by law, to enforce agreements, to protect rights and security, to respond to lawful requests, or as part of a business transfer. We only share the data needed for the relevant purpose.

If OfficeOS processes personal data from your app users on your behalf, the parties should use a data processing agreement / Auftragsverarbeitungsvertrag where required by GDPR Article 28.

If OfficeOS operates the backend, database, authentication, storage, analytics, API, push, or automation layer for your app through an OfficeOS-controlled provider account, OfficeOS may process app-user data as a processor for you and may use providers such as Supabase or similar infrastructure as subprocessors.

Customer app data may include app-user identifiers, account details, subscription status, purchase events, entitlement state, content access, product analytics, support diagnostics, push tokens, device metadata, and technical logs, depending on the app configuration.

You are responsible for telling your app users how your app processes their data, which providers you use, what analytics you run, and how users can exercise their rights. OfficeOS can help prepare technical information for that notice, but you remain responsible for your own app privacy compliance.

If your app is suspended, canceled, migrated, or handed off, related app data may be exported, retained, archived, deleted, or made unavailable according to the plan, order form, data processing agreement, legal retention duties, and provider limits.

Some providers may process data outside Germany or the European Economic Area. Where required, OfficeOS relies on appropriate safeguards such as adequacy decisions, standard contractual clauses, data processing agreements, or other lawful transfer mechanisms.

We keep personal data only as long as needed for the purpose collected, including service delivery, account management, accounting, tax records, dispute handling, fraud prevention, legal defense, and platform security.

Account, billing, and tax records may be kept for statutory retention periods. Request materials, access notes, support records, analytics notes, and billing references may be retained while an account is active and afterward where retention is necessary for legal, contractual, audit, or security reasons.

Unneeded production credentials should not be sent to OfficeOS. If temporary access is no longer needed, you should revoke it in the relevant third-party provider.

We use reasonable technical and organizational measures to protect personal data, including access controls and limiting use of customer tool access to approved work. No internet service is perfectly secure, and customers should avoid sharing unnecessary secrets, passwords, private keys, or unrestricted production access.

You remain responsible for managing your own accounts with Apple, Google, Stripe, RevenueCat, Supabase, GitHub, and other third-party providers, including revoking access when work is complete or when you no longer want OfficeOS to have access.

Where applicable, you can request access, correction, deletion, restriction, portability, or objection to processing of your personal data. You may also have the right to complain to a data protection authority.

Some requests may be limited where we must keep data for legal obligations, accounting, security, dispute handling, legal defense, or to complete a contract.

For privacy questions or requests, contact OfficeOS at krogharro@gmail.com or by using the contact details listed in the Impressum.