1. Controller
Controller under GDPR: Kai Uhlig. Contact: see Imprint in this App.
2. Data we process
Local data: sets, part progress, settings on your device.
Account (optional): email, display name via Supabase.
Cloud sync (optional): list sync for premium users.
Collaborative search sessions: invite codes and session metadata.
Third-party APIs (e.g. Rebrickable) may process technical request data when online.
3. Purposes and legal bases
Contract performance (Art. 6(1)(b) GDPR).
Consent for optional processing such as marketing/ads (Art. 6(1)(a) GDPR).
Legitimate interests for security and stability where applicable (Art. 6(1)(f) GDPR).
4. Retention
Local data remains on your device until you delete it, uninstall the app, or choose “Delete account & local data” in your profile.
When you delete your account in the app, your login account, all related cloud data (lists, parts, search groups, memberships) and all local app data on the device are permanently deleted. You will not be able to sign in with the same account again.
We use Supabase (hosting, authentication, database) as a processor. After deletion, personal data may remain in the infrastructure provider’s automatic backups for a limited period until they are overwritten in the normal backup cycle. Such data is not actively used or restored for other purposes.
Statutory retention obligations (e.g. commercial or tax law) remain unaffected.
5. Recipients
Supabase, Rebrickable, ad partners (e.g. AdMob) only with consent.
6. Your rights
See “GDPR – Your rights” in this App for access, rectification, erasure and more.