Privacy Policy
As of: February 2026 | Pursuant to GDPR, TDDDG
The protection of your personal data is of great importance to us. This Privacy Policy informs you pursuant to Art. 13 and 14 of the General Data Protection Regulation (GDPR) and the German Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz (TDDDG) about how we process personal data when you use our website and the Aufmaß App.
1. Controller (Art. 13 (1)(a) GDPR)
Meister Weber
Andreas Weber
Hauptstraße 25
36157 Ebersburg
Germany
Phone: +49 6656 432 9807
Email: andreas@meister-weber.de
A data protection officer as required by law has not been appointed (micro-enterprise, § 38 BDSG).
2. Anonymous and Pseudonymous Use (§ 19 TDDDG)
To the extent technically possible and reasonable, you may use our website (www.aufmass-app.com) anonymously without providing personal data. Browsing our website without registration is possible anonymously.
Using the Aufmaß App (app.aufmass-app.com) requires registration with an email address; fully anonymous use of the app's functions is therefore technically not possible or reasonable.
3. Hosting and Server Log Files
This website is hosted by:
all-inkl.com – Neue Medien Münnich
Owner: René Münnich
Hauptstraße 68, 02742 Friedersdorf, Germany
Privacy Policy: all-inkl.com/datenschutzinformationen/
The server is located exclusively in Germany (EU). A Data Processing Agreement (DPA) pursuant to Art. 28 GDPR is in place with all-inkl.com. Upon every access to our website, the following data are automatically stored in server log files:
- Browser type and version
- Operating system used
- Referrer URL (previously visited page)
- Hostname of the accessing computer
- Date and time of the server request
- IP address
Purpose: Ensuring operation, detecting and defending against attacks.
Legal basis: Art. 6 (1)(f) GDPR (legitimate interests).
Retention period: Server log files are automatically deleted by all-inkl.com after 7 days. No merging of this data with other data sources takes place.
4. Cookies and Local Storage (§ 25 TDDDG)
Our website and app use cookies and comparable technologies (e.g., browser Local Storage). Pursuant to § 25 TDDDG, setting cookies that are not technically strictly necessary requires your prior consent.
Technically necessary cookies (§ 25 (2) TDDDG – no consent required):
These cookies are strictly technically necessary for the operation of the website and app, e.g., to maintain your login session, store your language settings, or enable the offline functionality of the Progressive Web App. They are set without a separate consent.
Legal basis for technically necessary cookies: § 25 (2) TDDDG, Art. 6 (1)(f) GDPR.
Retention period: Session cookies are deleted when the browser is closed; persistent cookies after a maximum of 12 months.
For further information, please see our Cookie Policy.
5. Registration and Use of the Aufmaß App
Upon registration, we collect the following data:
- Name and company name
- Email address
- Address (optional)
- Selected tariff and payment data
Purpose: Contract initiation and performance, account provision, billing.
Legal basis: Art. 6 (1)(b) GDPR (performance of contract).
Retention period: Contract data are stored for the duration of the contractual relationship and beyond for the legally required retention periods (commercial and tax law retention obligations: 10 years pursuant to § 257 HGB, § 147 AO).
6. Order Processing – Your Customers' Data (Art. 28 GDPR)
When using the Aufmaß App, you as an entrepreneur typically enter personal data of third parties (your customers, clients) into the system, e.g., address data, project details or photographs. You are the data controller in respect of this data.
We process this data exclusively on your behalf and in accordance with your instructions pursuant to Art. 28 GDPR. The data are stored on secure servers within the European Union. The legally required Data Processing Agreement (DPA) is available on our website and forms part of the usage contract.
Retention period: Customer data processed on your behalf are stored until your account is deleted. After account deletion, all data are deleted from active systems within 30 days and from backup systems within 90 days.
7. Contact
If you contact us by email, telephone or via a contact form, the data you provide (name, email address, telephone number, message content) will be stored to process your enquiry.
Legal basis: Art. 6 (1)(b) GDPR (pre-contractual measures) or Art. 6 (1)(f) GDPR (legitimate interests).
Retention period: Contact enquiries are deleted after final processing, at the latest after 3 years (§ 195 BGB), provided no contractual relationship has arisen.
8. Use of Artificial Intelligence – Third-Party Providers (Art. 13 (1)(e) GDPR)
Our app uses AI services from third-party providers for certain functions (automated text recognition, intelligent image analysis, data structuring). When you use these functions, your inputs (e.g., text, images, measurement data) may be transmitted to the servers of these providers.
We have concluded Data Processing Agreements (DPAs) with the respective providers. Data transfers to the USA are made on the basis of standard contractual clauses pursuant to Art. 46 (2)(c) GDPR and, where applicable, the EU-US Data Privacy Framework.
OpenAI, LLC
3180 18th Street, San Francisco, CA 94110, USA
Privacy Policy: openai.com/policies/privacy-policy
Transfer mechanism: Standard Contractual Clauses (Art. 46 GDPR) | EU-US Data Privacy Framework
Purpose: AI-assisted image recognition, text analysis (e.g., bill of quantities analysis)
Legal basis: Art. 6 (1)(b) GDPR (performance of the function you requested)
Google LLC
1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy Policy: policies.google.com/privacy
Transfer mechanism: Standard Contractual Clauses (Art. 46 GDPR) | EU-US Data Privacy Framework
Purpose: AI-assisted data analysis (Gemini API)
Legal basis: Art. 6 (1)(b) GDPR (performance of the function you requested)
We have contractually ensured that the data you transmit will not be used to train public models of these providers.
9. Integration of External Services (CDN, Calendar, Support)
Our website integrates the following external services, the use of which may result in your IP address and technical data being transmitted to the respective providers. Website hosting is provided by all-inkl.com (see Section 3).
Tailwind CSS CDN (cdn.tailwindcss.com)
Provider: Tailwind Labs Inc., USA | Purpose: Website styling | Legal basis: Art. 6 (1)(f) GDPR
Calendly (calendly.com)
Provider: Calendly LLC, 271 17th St NW, Atlanta, GA 30363, USA | Purpose: Online appointment booking | Transfer: Standard Contractual Clauses | Privacy: calendly.com/privacy
TeamViewer (get.teamviewer.com)
Provider: TeamViewer SE, Bahnhofsplatz 2, 73033 Göppingen, Germany | Purpose: Remote support | Privacy: teamviewer.com/en/privacy-policy/
Microsoft Teams (Live Webcast)
Provider: Microsoft Ireland Operations Ltd., One Microsoft Place, Dublin, Ireland | Purpose: Monthly webcast | Privacy: privacy.microsoft.com
Legal basis for integrating these services: Art. 6 (1)(f) GDPR (legitimate interest in operating a functional website and providing services).
10. Retention Periods at a Glance
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Server log files / IP addresses | 7 days | Art. 6 (1)(f) GDPR |
| Registration and contract data | 10 years after contract end | § 257 HGB, § 147 AO |
| Contact enquiries (no contract) | 3 years | § 195 BGB |
| App measurement / order data | Until account deletion + 30 days (backups: 90 days) | Art. 6 (1)(b) GDPR |
| Session cookies | Until browser session ends | § 25 (2) TDDDG |
| Persistent cookies / Local Storage | Maximum 12 months | § 25 (2) TDDDG |
11. Your Rights as a Data Subject (Art. 15–21 GDPR)
You have the following rights with regard to your personal data:
- Art. 15 GDPR:Right of access to the personal data we process about you
- Art. 16 GDPR:Right to rectification of inaccurate or completion of incomplete data
- Art. 17 GDPR:Right to erasure ("right to be forgotten")
- Art. 18 GDPR:Right to restriction of processing
- Art. 20 GDPR:Right to data portability in a machine-readable format
- Art. 21 GDPR:Right to object to processing based on Art. 6 (1)(f) GDPR
- Art. 7 (3) GDPR:Right to withdraw consent with effect for the future
To exercise these rights, please contact us by email: andreas@meister-weber.de
You also have the right to lodge a complaint with the competent data protection supervisory authority (Art. 77 GDPR):
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
(Hessian Commissioner for Data Protection and Freedom of Information)
P.O. Box 3163, 65021 Wiesbaden, Germany
Phone: +49 611 1408-0
12. Data Security
We employ technical and organisational security measures to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Data transmission between your browser and our servers is encrypted via TLS/SSL protocol (end-to-end encryption). App data are stored on servers within the European Union.
13. Accessibility (BFSG)
This offer is exclusively directed at entrepreneurs (§ 14 BGB). To the extent the German Barrierefreiheitsstärkungsgesetz (BFSG, Accessibility Strengthening Act, in force since 28 June 2025) should apply to our offer, we note that as a micro-enterprise (fewer than 10 employees, annual turnover below EUR 2 million), we are exempt from the accessibility requirements pursuant to § 3 (4) BFSG.
14. Currency of this Privacy Policy
This Privacy Policy is dated February 2026. We reserve the right to update it when legal requirements or our services change. The current version is always available on this page.