Privacy Policy
Last updated: June 2026
This policy explains what personal data is processed when you visit this website (www.mynotification.app) and when you use the Android app MyNotification. It complements the imprint.
1. Controller
The controller within the meaning of the GDPR is:
Susan KrauseSelchowstrasse 15
12489 Berlin
Germany
Email: mynotificationapp@proton.me
2. Website (mynotification.app)
2.1 Server log files
When you access the website, the hosting provider stores technically necessary data in server log files:
- IP address (truncated after 7 days)
- Date and time of access
- Requested page and HTTP status
- User-agent (browser, operating system)
- Referrer URL (if transmitted by the browser)
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in operational security). This data is not combined with other sources and is deleted after no more than 14 days.
2.2 Cookies
This website sets a single, strictly necessary cookie to remember your language choice (lang, lifetime 1 year, value "de" or "en"). Legal basis: § 25 (2) (2) TDDDG. No tracking, analytics or advertising cookies are used.
2.3 External content
This website loads no external fonts, scripts, tracking pixels or other third-party content.
3. App — Locally processed data
3.1 Captured notifications
The app uses Android's NotificationListenerService to capture incoming notifications from other apps. This data does not leave the device. It is stored exclusively in a local database encrypted with SQLCipher (AES-256). The database key is stored in the Android Keystore and is hardware-protected.
Notification-access permission can be revoked at any time in the Android settings (System → Notifications → Notification access).
3.2 Biometric data (Play edition)
The Play edition offers an optional App-Lock via biometrics, PIN or pattern (the Android-standard BiometricPrompt dialog). The app itself does not process any biometric data — it remains exclusively inside the device's Trusted Execution Environment. The app only receives a binary success/failure response from the system.
3.3 Wallet signature for App-Lock (Seeker edition)
The Seeker edition offers, as an alternative to biometric lock, unlock via Solana wallet signature (Mobile Wallet Adapter). A fixed message ("Unlock MyNotification") is signed locally by the user's wallet. The signature is not stored or transmitted — it serves solely as a local proof of authentication.
4. App — License and payment system
The app provides its main functionality through a license model: a free trial period, then a paid license (see Terms of Service). For license verification and payment processing, the following data is transmitted to a backend server operated at www.mynotification.app/api/ (hosting location: Germany):
4.1 Device ID
On first launch, the app generates a random, pseudonymous Device ID (UUID). This ID is transmitted to the backend server in order to associate the license status with the device. It contains no device hardware information and is not linked to personal data.
Legal basis: Art. 6 (1) (b) GDPR (performance of a contract — license management). Retention: as long as the license is active + statutory retention periods (typically 10 years for tax-relevant data, § 147 AO).
4.2 Wallet address (during payment)
During a payment, the Solana wallet address from which payment is made is transmitted to the backend server, together with the transaction signature. Both are required in order to verify the payment against the public Solana blockchain and link it to the device ID.
Legal basis: Art. 6 (1) (b) GDPR (performance of a contract).
4.3 Payment metadata
After successful verification, the backend server stores:
- Transaction signature (Solana tx hash)
- Paid currency (SOL, USDC or SKR) and amount
- Timestamp and resulting license validity
- Device ID and sender wallet (see 4.1 and 4.2)
Legal basis: Art. 6 (1) (b) GDPR (performance of a contract) and Art. 6 (1) (c) GDPR in conjunction with § 147 AO (statutory retention for tax purposes).
4.4 Solana blockchain — transparency notice
4.5 Push notifications for license reminders
When your license is about to expire within the next 1–2 days, the backend server sends a push notification to the device so you can renew in time. Firebase Cloud Messaging is used (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). The device generates an anonymous FCM registration token, stored against the device ID. The token contains no personal or hardware data.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in service continuity for paying users). Notification permission can be revoked at any time in the Android settings.
5. No tracking, no profiling
This app uses no tracking tools, analytics frameworks, advertising networks or personalised crash reporters. No usage statistics, device fingerprints or marketing profiles are created. There are no user accounts or logins.
6. Recipients / processors
- Backend server (hosting in Germany) — license and payment data
- Google Ireland Limited (Firebase Cloud Messaging) — anonymous push tokens for license reminders
- Solana blockchain (public, decentralised network) — payment record (see 4.4)
No other third parties receive data.
7. Your rights
You have the right at any time to information, correction, deletion, restriction of processing, data portability and objection (Art. 15–21 GDPR). Please contact the email address above. For deletion requests concerning license data, please provide your Device ID or sender wallet address (visible in the app under Settings → License Info).
You also have the right to lodge a complaint with a data-protection supervisory authority (Art. 77 GDPR). The competent authority in Berlin is the Berliner Beauftragte für Datenschutz und Informationsfreiheit.
Blockchain note: Data already recorded on the Solana blockchain (payment transactions) cannot be deleted there for technical reasons. Your right of erasure does however fully apply to any server-side copies of that data — as far as no statutory retention obligations apply.
8. Changes to this policy
This privacy policy may be updated when the app or the legal requirements change. The current version is always available at this URL.