Privacy Policy

2. Anonymous and Pseudonymous Use (§ 19 TDDDG)

To the extent technically possible and reasonable, you may use our website (www.aufmass-app.com) anonymously without providing personal data. Browsing our website without registration is possible anonymously.

Using the Aufmaß App (app.aufmass-app.com) requires registration with an email address; fully anonymous use of the app's functions is therefore technically not possible or reasonable.

3. Hosting and Server Log Files

This website is hosted by:

The server is located exclusively in Germany (EU). A Data Processing Agreement (DPA) pursuant to Art. 28 GDPR is in place with all-inkl.com. Upon every access to our website, the following data are automatically stored in server log files:

• Browser type and version
• Operating system used
• Referrer URL (previously visited page)
• Hostname of the accessing computer
• Date and time of the server request
• IP address

Purpose: Ensuring operation, detecting and defending against attacks.
Legal basis: Art. 6 (1)(f) GDPR (legitimate interests).
Retention period: Server log files are automatically deleted by all-inkl.com after 7 days. No merging of this data with other data sources takes place.

4. Cookies and Local Storage (§ 25 TDDDG)

Our website and app use cookies and comparable technologies (e.g., browser Local Storage). Pursuant to § 25 TDDDG, setting cookies that are not technically strictly necessary requires your prior consent.

Technically necessary cookies (§ 25 (2) TDDDG – no consent required):
These cookies are strictly technically necessary for the operation of the website and app, e.g., to maintain your login session, store your language settings, or enable the offline functionality of the Progressive Web App. They are set without a separate consent.

Legal basis for technically necessary cookies: § 25 (2) TDDDG, Art. 6 (1)(f) GDPR.
Retention period: Session cookies are deleted when the browser is closed; persistent cookies after a maximum of 12 months.

For further information, please see our Cookie Policy.

5. Registration and Use of the Aufmaß App

Upon registration, we collect the following data:

• Name and company name
• Email address
• Address (optional)
• Selected tariff and payment data

Purpose: Contract initiation and performance, account provision, billing.
Legal basis: Art. 6 (1)(b) GDPR (performance of contract).
Retention period: Account and master data are deleted after the end of the contractual relationship once they are no longer required for the performance of the contract. Records subject to statutory retention obligations are kept for the legal periods: invoices and other accounting vouchers for 8 years (§ 257 (4) HGB, § 147 (3) AO, § 14b UStG), and commercial books, inventories and annual financial statements for 10 years. The data are deleted upon expiry of the respective period.

6. Order Processing – Your Customers' Data (Art. 28 GDPR)

When using the Aufmaß App, you as an entrepreneur typically enter personal data of third parties (your customers, clients) into the system, e.g., address data, project details or photographs. You are the data controller in respect of this data.

We process this data exclusively on your behalf and in accordance with your instructions pursuant to Art. 28 GDPR. The data are stored on secure servers within the European Union. The legally required Data Processing Agreement (DPA) is available on our website and forms part of the usage contract.

Retention period: Customer data processed on your behalf are stored until your account is deleted. After account deletion, all data are deleted from active systems within 30 days and from backup systems within 90 days.

7. Contact and Online Appointment Booking

If you contact us by email, telephone or via a contact form, the data you provide (name, email address, telephone number, message content) will be stored to process your enquiry.

Legal basis: Art. 6 (1)(b) GDPR (pre-contractual measures) or Art. 6 (1)(f) GDPR (legitimate interests).
Retention period: Contact enquiries are deleted after final processing, at the latest after 3 years (§ 195 BGB), provided no contractual relationship has arisen.

Online appointment booking (consultation appointments): Via our booking page, you can arrange a free video consultation appointment. For this purpose, we process the data you provide (name, email address, selected appointment and an optional message) in order to handle your appointment request, send you a confirmation with a calendar file (ICS) and conduct the video meeting. The booking request is processed on our own server (web hosting all-inkl.com, server location Germany); no transmission to external booking services takes place.

The video consultation is conducted via Microsoft Teams (see Section 9). If you join the appointment via the Teams link, your data will additionally be processed in accordance with Microsoft's privacy provisions.

Legal basis for the appointment booking: Art. 6 (1)(b) GDPR (performance of pre-contractual measures at your request).
Retention period: Appointment data are deleted after the appointment has been held or cancelled, provided no contractual relationship arises and no statutory retention periods apply.

8. Use of Artificial Intelligence – Third-Party Providers (Art. 13 (1)(e) GDPR)

In our app, we offer optional AI services from third-party providers for certain functions (automated text recognition, intelligent image analysis, data structuring). These AI functions are voluntary: the app can be used in full without them, and data is transmitted to the third-party providers only if you actively trigger a corresponding function. When you use these functions, the inputs you provide for this purpose (e.g., text, images, measurement data) are transmitted to the servers of the selected provider.

Insofar as you use the AI functions in the exercise of your commercial activity and thereby process personal data of third parties (e.g., your own customers), you are yourself responsible for the lawfulness of this processing, for the existence of an appropriate legal basis, and for informing your data subjects (see Section 6 and the DPA). AI-generated results are automatically generated, non-binding suggestions and must be checked by you on your own responsibility.

We have concluded Data Processing Agreements (DPAs) with the respective providers. Data transfers to the USA are made on the basis of standard contractual clauses pursuant to Art. 46 (2)(c) GDPR and, where applicable, the EU-US Data Privacy Framework.

We have contractually ensured that the data you transmit will not be used to train public models of these providers.

9. Integration of External Services (CDN, Calendar, Support)

Our website integrates the following external services, the use of which may result in your IP address and technical data being transmitted to the respective providers. Website hosting is provided by all-inkl.com (see Section 3).

Legal basis for integrating these services: Art. 6 (1)(f) GDPR (legitimate interest in operating a functional website and providing services).

10. Retention Periods at a Glance

11. Your Rights as a Data Subject (Art. 15–21 GDPR)

You have the following rights with regard to your personal data:

• Art. 15 GDPR:Right of access to the personal data we process about you
• Art. 16 GDPR:Right to rectification of inaccurate or completion of incomplete data
• Art. 17 GDPR:Right to erasure ("right to be forgotten")
• Art. 18 GDPR:Right to restriction of processing
• Art. 20 GDPR:Right to data portability in a machine-readable format
• Art. 21 GDPR:Right to object to processing based on Art. 6 (1)(f) GDPR
• Art. 7 (3) GDPR:Right to withdraw consent with effect for the future

To exercise these rights, please contact us by email: info@aufmass-app.com

You also have the right to lodge a complaint with the competent data protection supervisory authority (Art. 77 GDPR):

12. Data Security

We employ technical and organisational security measures to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Data transmission between your browser and our servers is encrypted via TLS/SSL protocol. App data are stored on servers within the European Union.

13. Accessibility (BFSG)

This offer is exclusively directed at entrepreneurs (§ 14 BGB). To the extent the German Barrierefreiheitsstärkungsgesetz (BFSG, Accessibility Strengthening Act, in force since 28 June 2025) should apply to our offer, we note that as a micro-enterprise (fewer than 10 employees, annual turnover below EUR 2 million), we are exempt from the accessibility requirements pursuant to § 3 (4) BFSG.

14. Currency of this Privacy Policy

This Privacy Policy is dated June 2026. We reserve the right to update it when legal requirements or our services change. The current version is always available on this page.