Privacy Policy

We take the protection of your personal data very seriously. This Privacy Policy explains how we process personal data when you use our website and the CartPro App. We treat your personal information confidentially and in accordance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR).

Last updated: September 2025

---

1. Data Protection at a Glance

General Information

This Privacy Policy provides an overview of what happens to your personal data when you use our website or the CartPro App. Personal data means any information that can identify you personally.

Data Collection

• Some data is collected when you provide it (e.g., through forms, settings, or app input).

• Other data is automatically collected by our systems (e.g., technical data such as device type, operating system, browser, or usage statistics).

Purposes

We use data to:

• Ensure the proper functioning of our website and app,

• Improve user experience,

• Analyze usage for optimization,

• Maintain security and prevent abuse.

Your Rights

You have the right to:

• Access your personal data,

• Rectify or erase your data,

• Restrict or object to processing,

• Data portability,

• Lodge a complaint with a supervisory authority.

---

2. Controller

Timo Pekx, Nighttime Verlag
Kolpingstr. 33
D-47647 Kerken, Germany
Email: info@nighttimemedia.de

The controller is the natural or legal person who determines the purposes and means of processing personal data.

---

3. Processing on Our Website

Hosting

Our website is hosted by IONOS SE, Germany. Hosting provider may process server log files (IP address, browser, operating system, referrer URL, time of access) to ensure reliable service and security. The basis is Art. 6(1)(f) GDPR.

WordPress & Plugins

We use WordPress as CMS. Security-related data (such as login attempts) are monitored via Wordfence Security to prevent attacks.

• Provider: Defiant Inc., USA

• Legal basis: Art. 6(1)(f) GDPR (legitimate interest in security)

• Privacy Policy: https://www.wordfence.com/privacy-policy/

Google Fonts

Our website uses Google Fonts. To display fonts, your browser connects to Google servers.

• Provider: Google Ireland Limited, Ireland

• Privacy Policy: https://policies.google.com/privacy

• Basis: Art. 6(1)(f) GDPR (legitimate interest in a uniform website design).

Cookies and Consent

We use Borlabs Cookie for cookie consent management. The tool stores your consent decision locally in your browser.

• Basis: Art. 6(1)(c) GDPR (legal obligation) and Art. 6(1)(a) GDPR (consent).

Analytics

We use Google Analytics to analyze website usage.

• Provider: Google Ireland Limited, Ireland

• Data: IP address (anonymized), device/browser data, usage statistics

• Basis: Art. 6(1)(a) GDPR (consent)

• Privacy Policy: https://policies.google.com/privacy

---

4. Processing in the CartPro App

Local Data Storage

The app stores your data locally on your device:

• Shopping lists, items, and budgets

• App settings and preferences

• Usage statistics and progress

• Username

These data are not transmitted to our servers.

Import/Export & Sharing

The app allows you to export, import, or share data. This uses your device’s local storage and permissions (e.g., read/write external storage). We do not access these files.

Technical Data

When using the app, we may process:

• Device type, operating system, app version

• Usage statistics, performance metrics, error reports

Basis: Art. 6(1)(f) GDPR (legitimate interest in stability and improvement).

Crash Reporting

We use Sentry for error and crash reporting.

• Provider: Sentry, Inc., San Francisco, USA

• Data: stack traces, device info, app version, time of crash

• Basis: Art. 6(1)(f) GDPR

• Privacy Policy: https://sentry.io/privacy/

Google Play Store

The app is distributed via the Google Play Store. Google processes installation, update, and purchase data.

• Provider: Google LLC, USA

• Basis: Art. 6(1)(b) GDPR (contract fulfillment)

• Privacy Policy: https://policies.google.com/privacy

We do not receive any payment or credit card information from Google.

---

5. Recipients of Personal Data

Your personal data is generally not shared with third parties. Exceptions:

• Hosting, analytics, and security providers (IONOS, Google, Wordfence, Sentry) act as processors under Art. 28 GDPR.

• Data may be transferred to authorities if legally required.

---

6. Storage Period and Deletion

• Local app data remain on your device until you delete them or uninstall the app.

• Crash reports and analytics data are stored for up to 12 months.

• Other data are erased when the purpose of processing no longer applies or when deletion is legally required.

---

7. Data Security

We use technical and organizational measures to protect your data against unauthorized access, loss, or manipulation. Sensitive data are stored securely and, where possible, encrypted.

---

8. Your Rights

Under GDPR, you have the following rights:

• Access (Art. 15 GDPR)

• Rectification (Art. 16 GDPR)

• Erasure (Art. 17 GDPR)

• Restriction of processing (Art. 18 GDPR)

• Data portability (Art. 20 GDPR)

• Objection (Art. 21 GDPR)

• Withdrawal of consent (Art. 7(3) GDPR)

• Complaint to a supervisory authority (Art. 77 GDPR)

---

9. Contact

For any questions about data protection or your rights, please contact:
Email: info@nighttimemedia.de

---

10. Changes to This Privacy Policy

We reserve the right to adapt this Privacy Policy in the future to comply with legal requirements or to reflect changes in our services. The current version is always available within the app and on our website.