Privacy Policy
1. Controller
Fabian Paulik
Nikolaus-Lenau-Str. 14
85757 Karlsfeld, Germany
Email: hello@perrenixapp.com
Website: perrenixapp.com
2. Which data we process and why
2.1 Registration and account
An account is required to use Perrenix. We process the following data:
- Email address (mandatory)
- First name (mandatory)
- Password (stored encrypted, no plaintext access)
- Time of registration and last login
Legal basis: Art. 6 para. 1 lit. b GDPR (performance of contract)
2.2 Two-factor authentication (2FA)
Perrenix optionally offers SMS-based two-factor authentication to secure your account. When activated, we process:
- Your mobile phone number (to send verification codes)
- The status of 2FA activation
The phone number is processed via Firebase Authentication (Google LLC) and forwarded to the respective SMS provider for SMS delivery.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent through activation)
2.3 Reflection content and entries
The core purpose of Perrenix is personal self-reflection. For this we process:
- Free-text answers to daily reflection questions
- Free entries via the AI companion
- Photos and images uploaded by you
- Timestamps, streak data, and points balance
- Metadata (word count, language, category)
Legal basis: Art. 6 para. 1 lit. b GDPR (performance of contract)
2.4 Points system
Perrenix uses a points system for motivation. Points are awarded automatically for activities such as answering questions, daily login, or adding photos. We store the points balance and a log of the last 100 point awards.
Legal basis: Art. 6 para. 1 lit. b GDPR (performance of contract)
2.5 Health data (special categories pursuant to Art. 9 GDPR)
Processing takes place exclusively on the basis of your explicit consent (Art. 9 para. 2 lit. a GDPR). This is obtained separately when you first open the Health tab via an active checkbox.
Health data is always private and is never visible to others, even when your profile is set to public. You can withdraw your consent at any time.
2.6 Ancestry research
In the Ancestry tab you can write free-text entries about your family history and upload documents (images, PDFs up to 5 MB). We store:
- Free texts about family history
- Uploaded documents (as encrypted files in the database)
- Metadata (timestamps, word count, document count)
Ancestry data is always private — never visible to others, even when your profile is set to public.
Legal basis: Art. 6 para. 1 lit. b GDPR (performance of contract)
2.7 Profile visibility
You can set your profile to "public" or "private". When public, other users can view your general reflections — but only after your inactivity period has elapsed. The following data remains private regardless:
- Health data
- Ancestry data
- Account data and settings
Legal basis: Art. 6 para. 1 lit. a GDPR (consent through activation)
2.8 AI companion (Gemini AI)
Perrenix offers an AI-powered companion and an AI persona. The following applies:
- Your inputs are transmitted to the Google Gemini API for processing.
- Transmission is encrypted via Firebase Cloud Functions (region: europe-west1).
- Google processes the content to respond to your request. We have concluded a Data Processing Agreement (DPA) with Google in accordance with Art. 28 GDPR.
Legal basis: Art. 6 para. 1 lit. b GDPR (performance of contract)
2.9 Legacy contacts (inactivity unlock)
Legal basis: Art. 6 para. 1 lit. a GDPR (consent)
3. Data transfer and storage location
| Service | Provider | Purpose | Location |
|---|---|---|---|
| Firebase Firestore | Google LLC | Data storage | EU |
| Firebase Auth | Google LLC | Authentication, 2FA | EU |
| Firebase Cloud Functions | Google LLC | Backend logic | EU (europe-west1) |
| Google Gemini API | Google LLC | AI companion | USA¹ |
¹ For transfers to the USA we rely on the EU Standard Contractual Clauses (SCC) and the EU-US Data Privacy Framework.
4. Storage duration
- Account data and content: Until account deletion
- After deletion request: Complete deletion within 30 days
- Phone number (2FA): Until 2FA is deactivated or the account is deleted
- Legacy contacts: Until deactivated or the account is deleted
5. Your rights
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR) — "right to be forgotten"
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw consent (Art. 7 para. 3 GDPR)
Contact: hello@perrenixapp.com
Competent supervisory authority: Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 27, 91522 Ansbach, Germany, www.lda.bayern.de
6. Data processing agreements
Google LLC (Firebase and Gemini API) — DPA via the Firebase Data Processing Terms. No data is shared with advertisers or third parties.
7. Data security
- All connections are TLS-encrypted
- Firebase Firestore Security Rules restrict access to authenticated users
- Health and ancestry data are always private at the database level
- Passwords are securely hashed by Firebase Auth
- Optional 2FA for additional account protection
8. Death of the user and digital legacy
The inactivity unlock is carried out to the best of our technical ability, but without guarantee. Heirs may request account access by providing a death certificate and certificate of inheritance. Relatives may request complete deletion.
9. Children and minors
Perrenix is intended exclusively for persons aged 18 and over.
10. Automated decision-making
Perrenix does not make any automated decisions with legal effect (no profiling within the meaning of Art. 22 GDPR). The AI companion serves exclusively as a conversational partner.
11. Changes
Material changes will be communicated by email or via in-app notification.