Privacy Policy

Effective Date: April 12, 2026 · Last Updated: April 17, 2026

This Privacy Policy applies to the Dam It! mobile application and website ("Application"), operated by Cornelius Pflüger Digital Solutions ("Service Provider", "we", "us", or "our"), located in Germany.

This policy is designed to comply with:

  • EU General Data Protection Regulation (GDPR / DSGVO)
  • German Telecommunications-Digital Services Data Protection Act (TDDDG)
  • German Digital Services Act (DDG)
  • Applicable U.S. privacy laws (CCPA/CPRA, COPPA)
  • Google Play User Data & Accessibility API Policies

1. Accessibility Service - Prominent Disclosure

Dam It! uses the Android Accessibility Service. This permission is required for the app's core functionality and is subject to special disclosure requirements under Google Play policy.

What the Accessibility Service is used for:

  • Detecting swipe gestures within short-video applications (e.g., YouTube Shorts)
  • Interrupting or blocking continuous scrolling behavior in real time
  • Supporting users in reducing impulsive content consumption

What the Accessibility Service does NOT do:

  • No personal data is collected via the Accessibility Service
  • No screen content is recorded, stored, or transmitted to us or any third party
  • No keystrokes, passwords, or sensitive input fields are monitored
  • No data from the Accessibility Service is shared with third parties under any circumstances
  • All gesture detection and blocking logic runs exclusively on-device, in real time

User Control & Consent:

  • The Accessibility Service is disabled by default
  • Activation requires explicit user consent via Android system settings
  • Users can revoke this permission at any time via Settings → Accessibility
  • Revoking the permission stops the core blocking functionality but does not affect other app features

This disclosure satisfies the Google Play Accessibility API policy requirement for a "prominent disclosure" separate from the general Privacy Policy.

2. Information We Collect

We collect only the minimum data required to operate the Application (data minimisation principle, Art. 5(1)(c) GDPR).

a) Automatically Collected Technical Data

  • IP address (for network communication and security)
  • Device type, operating system version
  • App version and basic diagnostics (crash logs, performance data)
  • General region / country (derived from IP, not stored as precise geolocation)

b) Subscription & Purchase Data (handled by RevenueCat / Google Play)

  • Subscription status (active / inactive)
  • Transaction identifiers issued by Google Play
  • Pseudonymous device identifiers required for entitlement validation

We do not receive, store, or process full payment card details. All payment processing is handled exclusively by Google Play Billing.

c) Website Hosting Data

The dam-it.io website is hosted by Hostinger International Ltd. (Cyprus / Lithuania). When you visit the website, Hostinger's servers automatically log standard web access data (IP address, browser type, pages visited, timestamps). This constitutes a separate processing activity under Hostinger's own privacy policy, available at https://www.hostinger.com/privacy-policy.

3. Legal Basis for Processing (GDPR Art. 6)

All personal data we process is based on one of the following legal grounds:

  • Art. 6(1)(a) GDPR - Consent: Activation of the Accessibility Service; any optional data collection you explicitly agree to
  • Art. 6(1)(b) GDPR - Performance of a Contract: Processing necessary to provide the app functionality and manage your subscription (e.g., verifying entitlements via RevenueCat)
  • Art. 6(1)(c) GDPR - Legal Obligation: Retention of transaction data as required under German commercial and tax law (§ 257 HGB, § 147 AO)
  • Art. 6(1)(f) GDPR - Legitimate Interests: Security monitoring, crash reporting, fraud prevention, and server log analysis. Our legitimate interest is the secure and stable operation of the Application. These interests are not overridden by your interests or fundamental rights given the minimal nature of data processed.

4. Cookies & Tracking Technologies

We do not use any non-essential cookies or tracking technologies. Specifically:

  • No advertising cookies or tracking pixels are placed
  • No cross-site or cross-app user tracking is performed
  • No analytics cookies (e.g., Google Analytics) are used on this website
  • No consent management banner (Cookie-Banner) is required or displayed, as no non-essential cookies are set

Any technically necessary session or preference data used by the web server is covered by the legitimate interest basis (Art. 6(1)(f) GDPR) and the TDDDG exemption for essential storage operations.

5. Third-Party Service Providers

We engage the following processors / independent controllers. Each operates under its own data protection documentation:

Google Play Services & Google LLC
Role: App distribution, billing infrastructure, device integrity checks
Privacy Policy: https://policies.google.com/privacy

RevenueCat, Inc.
Role: Subscription entitlement management and receipt validation
Data processed: pseudonymous device ID, subscription status, transaction receipts
Privacy Policy: https://www.revenuecat.com/privacy

Hostinger International Ltd.
Role: Web hosting for dam-it.io
Data processed: server access logs (IP address, browser data)
Privacy Policy: https://www.hostinger.com/privacy-policy

6. International Data Transfers

Some of our service providers (Google, RevenueCat, Hostinger) are based in or process data in the United States or other countries outside the European Economic Area (EEA).

Where personal data is transferred outside the EEA, we ensure an adequate level of protection through one or more of the following safeguards:

  • Standard Contractual Clauses (SCCs) as adopted by the European Commission (Decision 2021/914)
  • EU–U.S. Data Privacy Framework (where applicable and the recipient is certified)
  • Adequacy decisions issued by the European Commission

You may request a copy of the applicable transfer mechanism by contacting us at the address in Section 13.

7. Data Retention

  • Subscription & transaction data: retained for the duration of the active subscription plus the statutory retention period under German tax law (10 years, § 147 AO)
  • Technical logs / crash reports: retained for a maximum of 90 days for debugging and security purposes, then deleted or anonymised
  • Accessibility Service data: not retained - all processing is transient and on-device only

You may request deletion of your personal data at any time (see Section 8).

8. Your Rights (EU / EEA Users - GDPR)

Under the GDPR, you have the following rights, exercisable free of charge by contacting us:

  • Right of access (Art. 15 GDPR) - obtain confirmation and a copy of data we hold about you
  • Right to rectification (Art. 16 GDPR) - correct inaccurate data
  • Right to erasure ("right to be forgotten", Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR) - including to processing based on legitimate interests
  • Right to withdraw consent at any time without affecting prior processing (Art. 7(3) GDPR)

You also have the right to lodge a complaint with a supervisory authority. In Germany, the competent authority is the data protection supervisory authority (Datenschutzaufsichtsbehörde) of your federal state, or the Federal Commissioner for Data Protection and Freedom of Information (BfDI): https://www.bfdi.bund.de.

9. Your Rights (California Residents - CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA:

  • Right to know what personal information is collected, used, shared, or sold
  • Right to request deletion of personal information
  • Right to correct inaccurate personal information
  • Right to opt-out of the sale or sharing of personal information
  • Right to non-discrimination for exercising these rights

We do not sell or share personal information as defined under the CCPA/CPRA. To exercise any of these rights, contact us at contact@dam-it.io. We will respond within 45 days as required by law.

10. Children's Privacy (COPPA & GDPR)

The Application is not intended for children under the age of 13 (or under 16 where applicable under GDPR Art. 8). We do not knowingly collect personal data from children.

In compliance with the U.S. Children's Online Privacy Protection Act (COPPA, 15 U.S.C. §§ 6501–6506), we do not knowingly collect, use, or disclose personal information from children under 13 without verifiable parental consent.

If you believe we have inadvertently collected personal data from a child, please contact us immediately at contact@dam-it.io and we will delete the data promptly.

11. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encrypted data transmission (TLS/HTTPS)
  • Access controls limiting data access to authorised personnel only
  • Data minimisation - we collect only what is necessary

No system can guarantee absolute security. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours as required by Art. 33 GDPR.

12. No Sale or Advertising Use of Data

We explicitly confirm:

  • We do not sell personal data to any third party
  • We do not use personal data for advertising, profiling, or behavioural tracking
  • We do not track users across unrelated apps or services
  • Data collected via the Accessibility Service is never used for any purpose beyond on-device gesture blocking

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in the Application, legal requirements, or our data practices. Material changes will be communicated within the Application and/or on this website with an updated "Last Updated" date. Continued use of the Application after the effective date of changes constitutes acknowledgement of the updated policy.

14. Contact & Data Controller

Data Controller (Verantwortlicher i.S.d. DSGVO):
Cornelius Pflüger Digital Solutions
Inhaber: Cornelius Pflüger
Germany
Email: contact@dam-it.io

For the full legal notice (Impressum) including postal address, please see the Legal Notice page.

15. German Legal Note

The required Legal Notice (Impressum) pursuant to § 5 DDG and § 18 Abs. 2 MStV is provided at legal-notice.html and is reachable from every page of this website via the footer link within one click.