Privacy Policy
Last updated: May 2026
1. Controller
Nina Hoch
KiTrinity
c/o POSTFLEX PFX-914-205
Emsdettener Straße 10
48268 Greven
Email: info@kitrinity.io
2. Overview and Core Principle
Data protection is a core principle of KiTrinity. Our app “OONVAA” is built on the principle of Privacy First: we consider your privacy first with every feature.
By default, your content stays on your device. There is no registration and no account required to use the app. We do not engage in ad tracking and do not create usage profiles. Where data leaves your device, it is limited to what is technically necessary, occurs with your consent wherever possible, and is fully disclosed in section 4.7.
When choosing our service providers, we prefer providers based in and processing data in Germany or the EU wherever possible.
3. Website (kitrinity.io)
3.1 Hosting
This website is hosted via Cloudflare Pages. When you visit the website, technical data (e.g. IP address, browser type, time of access) is automatically stored in server log files. This is done on the basis of Art. 6(1)(f) GDPR (legitimate interest in the secure provision of the website).
Provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare is certified under the EU-U.S. Data Privacy Framework.
3.2 Fonts
The fonts used on this website are served locally from the server. No data is transmitted to third parties (e.g. Google Fonts) when loading the page.
3.3 No Cookies, No Tracking
This website does not use cookies and does not employ any analytics or tracking tools.
3.4 Email Waitlist & Newsletter (Brevo)
When you sign up for our waitlist or newsletter, we collect and process your email address for the purpose of notifying you at app launch or sending newsletters. Processing is based solely on your consent (Art. 6(1)(a) GDPR) via double opt-in.
- Processor: Brevo GmbH, Köpenicker Str. 126, 10179 Berlin (Data Processing Agreement concluded)
- Data category: Email address
- Third-country transfer: Possible via Brevo sub-processors (including USA). Safeguarded by EU Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework.
- Retention: Your data is deleted upon unsubscribe. Unconfirmed entries (double opt-in not completed) are deleted after a reasonable period.
- Withdrawal: You can withdraw your consent at any time via the unsubscribe link in every email. The lawfulness of processing carried out prior to withdrawal remains unaffected.
More information on Brevo's privacy practices: brevo.com/de/legal/privacypolicy
4. App “OONVAA”
4.1 Local Data Storage
All content you create in the app is stored exclusively on your device (SQLite database and SharedPreferences). This includes:
- Sobriety timer and milestones
- Mood journal and craving log
- Journal entries and daily notes
- Settings and personalization
- Morning routines and difficult days
This content does not leave your device and is not transmitted to us or third parties. Since this processing takes place exclusively on your device and we have no access to it, we are not the data controller in this regard.
4.2 Health-Related Data (Special Categories)
“OONVAA” supports you in changing your relationship with alcohol. In doing so, you may provide information that could qualify as health data within the meaning of Art. 9 GDPR (e.g. regarding drinking behavior, cravings, or your well-being).
This information is generally processed exclusively on your device (see 4.1). Health-related content is only transmitted to third parties if you actively use the AI companion Sam (see 4.3), and only on the basis of your prior explicit consent pursuant to Art. 9(2)(a) GDPR.
We obtain this explicit consent separately within the app before you use Sam for the first time. It is voluntary, separate from other consents, and can be withdrawn at any time with effect for the future. If you do not use Sam, no health-related content is transmitted.
4.3 AI Companion Sam (Pro Feature)
Sam uses the Mistral Large language model from Mistral AI, a European provider based in Paris, France. When you send Sam a message, the following happens:
- Pseudonymization before transmission: Personal names and places in your messages are automatically replaced with placeholders (e.g. [PERSON_1], [PLACE_1]) before transmission. Note: this is pseudonymization, not full anonymization – the remaining content of your message is transmitted.
- Transmission: The pseudonymized message is sent via an encrypted connection (HTTPS) to our proxy server (api.kitrinity.io, hosted by Hetzner in Germany), which forwards the request to Mistral AI. An anonymous device identifier is also transmitted.
- No storage of content: Neither we nor Mistral AI permanently store your chat history. The chat history is stored exclusively on your device.
Legal basis: Art. 6(1)(a) and Art. 9(2)(a) GDPR (explicit consent). You actively choose to use Sam.
Processors:
- Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (operation of the proxy server; Data Processing Agreement concluded)
- Mistral AI, 15 rue des Halles, 75001 Paris, France (processing of language model requests; Data Processing Agreement concluded)
4.4 In-App Purchases and Subscription Status (RevenueCat)
Purchases and subscriptions are processed via the Google Play Store. To manage and verify purchase status, we use the service RevenueCat.
RevenueCat generates an anonymous identifier when the app starts and uses it to check whether a valid purchase or active subscription exists. This check occurs even if you do not use any paid features. Only the anonymous identifier and subscription status are transmitted – no content, no payment data, and no profiling. Payment data is processed exclusively by the respective app store; we only receive information about whether a valid purchase exists.
Legal basis: Art. 6(1)(b) GDPR (performance of contract / provision of purchased features) and Art. 6(1)(f) GDPR (legitimate interest in correct subscription management).
Provider: RevenueCat, Inc., USA. Third-country transfer safeguarded by EU Standard Contractual Clauses.
4.5 No Ad Tracking, No Profiling
The app does not create usage profiles and contains no analytics or ad tracking tools. We do not sell data and do not display advertising. Crash reports are not automatically collected. Technically necessary transmissions (e.g. the anonymous subscription status check per 4.4) are limited to the minimum and are disclosed in the overview under 4.7.
4.6 No Registration
Using the app does not require registration or an account. An optional nickname stays locally on your device and is not transmitted.
4.7 Transparency: What Leaves Your Device – and What Does Not
We disclose which data leaves your device and under what circumstances. All content you create in the app (timer, mood and craving log, journal, settings) remains exclusively on your device.
| When | Where | What | Trigger |
|---|---|---|---|
| Every app start | RevenueCat (USA) | Anonymous identifier to check subscription status. No content, no profiling. | Automatic |
| Sam consent given | api.kitrinity.io (Hetzner, DE) | Anonymous device identifier, consent version, language | You activate Sam |
| Sam message | api.kitrinity.io → Mistral AI (FR) | Anonymous device identifier, pseudonymized message (names/places replaced) | You write to Sam |
| Sam summary | api.kitrinity.io → Mistral AI (FR) | Anonymous device identifier, pseudonymized conversation history | After a conversation with Sam |
| Image for Vision Board | Unsplash (USA) | Only your search term | You search for an image (Pro) |
| Redeem coupon code | api.kitrinity.io (Hetzner, DE) | Anonymous identifier, code | You redeem a code |
| Feedback | Email client | Only what you write yourself | You write feedback |
| Community (planned, not yet active) | Own server (Hetzner, DE) | Self-chosen nickname, profile picture and posts you share; a technical identifier for attributing your own posts | Only with active participation |
What does not leave your device: your journal entries, your mood and craving log, your timer, milestones, and settings.
Once the community feature becomes available, we will update this overview and the date of this policy accordingly.
4.8 Image Search for Vision Board (Unsplash)
When you search for an image in the Vision Board (Pro feature), your search term is transmitted to the image service Unsplash to display matching images. No other data is transmitted.
Legal basis: Art. 6(1)(b) GDPR (provision of the feature you are using).
Provider: Unsplash Inc., USA. Third-country transfer safeguarded by EU Standard Contractual Clauses.
4.9 Community Feature (In Preparation)
A community feature is planned but not yet active. As long as this feature is not enabled, no data processing takes place through it.
Once available, the community will be provided via a server we operate ourselves in Germany (Hetzner) – not via third-party platforms. Participation is voluntary and separate from the rest of the app's functionality: the core app remains usable without an account.
Participation is pseudonymous. You choose a nickname and a profile picture; registration with a real name, email address, or password is not required. However, please note: posts you publish in the community are stored on our server and visible to other participants. The content of your posts may contain health-related information (Art. 9 GDPR); therefore, only publish what you consciously wish to share. A pseudonymous identifier is used for the technical attribution of your own posts (e.g. for editing or deleting).
Before launching the community, we will supplement this privacy policy with specific details on processed data, retention periods, deletion concept, moderation, and legal basis (including explicit consent under Art. 9 GDPR for publishing health-related posts).
5. Your Rights
You have the following rights regarding your personal data:
- Access (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection (Art. 21 GDPR)
- Withdrawal of consent (Art. 7(3) GDPR), including explicit consent under Art. 9
Since all content created in the app is stored locally on your device, you have full control at all times. You can completely delete this data by uninstalling the app. For data processed by us or our processors in connection with the waitlist/newsletter (Brevo) or Sam, you can exercise your rights via the contact address above.
6. Right to Complain
You have the right to lodge a complaint with a data protection supervisory authority. The competent authority depends on your place of residence.
7. Changes
We reserve the right to update this privacy policy to adapt it to changed legal situations or changes to the app. You can always find the current version on this page.