Privacy Policy of Pawmoji

Effective Date: 01. Nov 2025

Last Updated: 01. Nov 2025

Introduction

Welcome to Pawmoji. This privacy policy explains how Andrew Grützner ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our mobile application and services.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR). This policy describes what data we collect, why we collect it, and your rights regarding your data.

Data Controller:

• Company Name: Andrew Grützner
• Address: Donnersbergring 30, 64295 Darmstadt, Germany
• Email: beryllium@andrew-gruetzner.de

What Data We Collect

We collect the following categories of personal information when you use Pawmoji:

1. Device Information
   • Device ID: A unique identifier for your mobile device
2. User-Generated Content
   • Uploaded Photos: Images you upload to create personalized emoji stickers
   • Generated Stickers: The emoji stickers we create for you based on your photos
3. Communication Preferences
   • Push Notification Token: Technical identifier that allows us to send you notifications
   • Language Preference: Your chosen language for the app interface
4. Authentication & Session Data
   • Session Information: Technical data about your login sessions, including encrypted security tokens
   • Device Secret: Encrypted security information to protect your account
5. Purchase & Transaction Data
   • Transaction ID: Unique identifier from the App Store (Apple) or Google Play Store
   • Purchase Token: Verification token from app stores
   • Purchase Date, Price, and Currency: Details of in-app purchases you make
   • Product Information: Which emoji packs you've purchased or accessed
6. Technical & Diagnostic Data
   • Usage Logs: Technical information about how you use the app (timestamps, features accessed)
   • Error Reports: Diagnostic information when something goes wrong
   • Job Processing Data: Status and tracking information for your sticker generation requests

How and Why We Use Your Data (Purpose and Legal Basis)

We process your personal data for the following purposes and rely on the legal bases specified:

To Provide and Improve Our Service (Legal Basis: Performance of a Contract)

When you use Pawmoji, we need to process certain data to deliver our service to you:

• Device ID: We use your device ID to create and manage your unique account without requiring an email or username. This allows you to access your stickers across app sessions.
• Uploaded Photos: We process your uploaded images to generate personalized emoji stickers using artificial intelligence. Your photos are sent to our AI processing partner (OpenAI) and temporarily stored in secure cloud storage (IONOS Object Storage in Berlin, Germany) during processing. These photos are automatically deleted immediately after your stickers are generated.
• Generated Stickers: We store your completed stickers so you can access, download, and use them anytime.
• Session Data: We maintain secure session information to keep you logged in and protect your account from unauthorized access.
• Job Processing Data: We track the status of your sticker generation requests so we can show you progress and deliver completed stickers.

To Process Payments (Legal Basis: Performance of a Contract / Legal Obligation)

Purchase Transaction Data: When you purchase emoji packs, we validate your payment with the Apple App Store or Google Play Store. We store transaction details to:

• Verify your purchase and grant access to paid features
• Prevent fraud and unauthorized purchases
• Comply with tax and accounting regulations (Legal Obligation)
• Provide customer support for purchase-related issues

Important: We do NOT store your credit card or payment method details. All payment processing is handled securely by Apple or Google.

To Communicate with You (Legal Basis: Consent)

Push Notification Token: With your permission, we send push notifications to inform you when your stickers are ready or about important app updates. You can withdraw consent and disable notifications in your device settings at any time.

For Personalization (Legal Basis: Legitimate Interest / Consent)

Language Preference: We remember your chosen language to provide you with a better user experience in your preferred language.

For Security, Fraud Prevention, and Service Improvement (Legal Basis: Legitimate Interest)

We have a legitimate interest in maintaining a secure, reliable, and high-quality service:

• Technical & Diagnostic Data: We monitor system performance, debug errors, and analyze how users interact with the app to improve our service. This helps us identify and fix problems quickly.
• Error Reports: When something goes wrong, we collect error information to diagnose and resolve technical issues.

Data Sharing and Third Parties

We share your personal data with the following third-party service providers to operate our service:

1. IONOS Object Storage (IONOS Group SE)

• Data Shared: Uploaded photos (temporarily during processing), generated sticker images
• Purpose: Secure cloud storage for user content during and after sticker generation
• Location: Berlin, Germany (zone: de/txl)
• Safeguards: Data stored within the EU, subject to GDPR protections

2. OpenAI

• Data Shared: Uploaded photos, image processing prompts, technical metadata
• Purpose: AI-powered generation of personalized emoji stickers
• Location: United States
• Safeguards: OpenAI's data processing agreement and Standard Contractual Clauses

3. Apple App Store / Google Play Store

• Data Shared: Purchase transaction data (transaction IDs, purchase tokens)
• Purpose: Payment validation and fraud prevention
• Location: Apple (United States), Google (United States)
• Safeguards: Apple and Google comply with GDPR requirements

4. Push Notification Services

• Data Shared: Push notification tokens, device identifiers
• Purpose: Delivering notifications about sticker generation status
• Services: Apple Push Notification Service (APNS) for iOS, Firebase Cloud Messaging (FCM) for Android
• Location: Apple (United States), Google (United States)

We do NOT sell your personal data to third parties. We do NOT share your data for advertising or marketing purposes without your explicit consent.

International Data Transfers

Some of our service providers are located outside the European Union (EU) or European Economic Area (EEA), particularly in the United States. When we transfer your personal data to these countries, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): We use EU-approved contractual terms with our service providers
• Adequacy Decisions: Where applicable, we rely on the European Commission's adequacy decisions
• Additional Security Measures: We implement supplementary technical and organizational measures to protect your data

Infrastructure and Data Location

Our application infrastructure is designed with data protection in mind:

• Application Server and Database: Hosted by OVHcloud (OUIHEBERG SARL) in Paris, France. All core application data and database records are stored within the EU.
• Cloud Storage: Provided by IONOS Group SE in Berlin, Germany (zone: de/txl). Your uploaded photos and generated stickers are stored within the EU.
• AI Processing: Photos are temporarily transmitted to OpenAI (United States) for sticker generation, protected by Standard Contractual Clauses.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including to satisfy legal, accounting, or reporting requirements.

Specific Retention Periods:

• Account Data (Device ID, preferences): Retained until you request deletion of your account
• Uploaded Photos: Automatically deleted immediately after sticker generation is complete
• Generated Stickers: Retained until you request deletion
• Session Data: Retained until you request deletion or until sessions expire naturally
• Purchase Records: Retained until you request deletion (note: we may need to retain certain transaction records for legal and tax compliance purposes even after deletion requests)
• Logs & Technical Data: Retained until you request deletion

You can request deletion of your data at any time by contacting us (see "Your Data Protection Rights" below).

Your Data Protection Rights

Under the GDPR, you have the following rights regarding your personal data:

1. Right to Access

You have the right to request a copy of all personal data we hold about you, including your account details, sticker history, and purchase records.

2. Right to Rectification

If your personal information is inaccurate or incomplete, you have the right to request that we correct or complete it.

3. Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances, such as:

• When the data is no longer necessary for the purpose it was collected
• When you withdraw consent (where processing was based on consent)
• When you object to processing based on legitimate interests
• When the data has been processed unlawfully

4. Right to Restrict Processing

You have the right to request that we limit how we use your data in certain situations, such as when you contest the accuracy of the data.

5. Right to Object to Processing

You have the right to object to processing of your personal data when we rely on legitimate interests as the legal basis. This includes objecting to profiling and direct marketing.

6. Right to Data Portability

You have the right to request that we transfer your data to another service provider in a structured, commonly used, and machine-readable format (where technically feasible).

7. Right to Withdraw Consent

Where we process your data based on your consent (e.g., push notifications), you can withdraw that consent at any time. This will not affect the lawfulness of processing before your withdrawal.

8. Right to Lodge a Complaint

You have the right to file a complaint with your national data protection authority if you believe we have violated your privacy rights.

To exercise any of these rights, please contact us at:

• Email: beryllium@andrew-gruetzner.de
• Address: Donnersbergring 30, 64295 Darmstadt, Germany

We will respond to your request within one month. If your request is complex or we receive multiple requests, we may extend this period by two additional months, but we will inform you.

Data Security

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it from unauthorized access, loss, misuse, or disclosure. These measures include:

• Encryption: Sensitive data (such as session tokens) is encrypted both in transit (using HTTPS/TLS) and at rest
• Access Controls: We limit access to personal data to authorized personnel who need it to perform their job duties
• Secure Storage: User content is stored in secure cloud infrastructure with industry-standard security practices
• Regular Security Reviews: We regularly review and update our security measures to address new threats

However, please note that no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Cookies and Tracking Technologies

Currently, Pawmoji is a mobile application and does not use traditional web cookies. However, we do use similar tracking technologies:

Local Storage

We store certain data locally on your device (such as session tokens and preferences) to improve app performance and provide a seamless user experience.

Analytics and Monitoring

We do not currently use third-party analytics tools such as Google Analytics or Firebase Analytics. Technical monitoring is limited to error tracking and system performance monitoring necessary for maintaining service quality.

Children's Privacy

Pawmoji is not designed or intended for use by children. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without appropriate consent, we will take steps to delete that information promptly.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at beryllium@andrew-gruetzner.de so we can take appropriate action.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make significant changes, we will notify you by:

• Updating the "Last Updated" date at the top of this policy
• Displaying a prominent notice within the app
• Sending you a push notification (if you have notifications enabled)

We encourage you to review this privacy policy periodically. Your continued use of Pawmoji after any changes indicates your acceptance of the updated policy.

Contact Us

If you have any questions about this privacy policy, how we handle your personal data, or if you wish to exercise your data protection rights, please contact us:

Andrew Grützner

• Email: beryllium@andrew-gruetzner.de
• Address: Donnersbergring 30, 64295 Darmstadt, Germany

How to Contact the Appropriate Supervisory Authority

If you are located in the EU/EEA and believe that we have violated your data protection rights, you have the right to lodge a complaint with your national data protection authority. You can find contact details for EU data protection authorities here:

https://edpb.europa.eu/about-edpb/about-edpb/members_en

For users in specific countries:

• Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
• France: Commission Nationale de l'Informatique et des Libertés (CNIL)
• UK: Information Commissioner's Office (ICO)