App Privacy Policy

Atrigam GmbH built the Atrigam mobile app (iOS and android) as well as the Atrigam web app (https://app.atrigam.com) and the Atrigam modeler (https://modeler.atrigam.com) as free apps. All apps (furthermore called our "services") are provided by Atrigam GmbH at no cost and require you to adhere to our Terms of Use by concluding a Contract of Use (furthermore called “contract”, https://app.atrigam.com/termsAndConditions).

This privacy notice informs you how we process your personal data when you use the services.

1 Collection of personal data when using our services

1.1 Download of the mobile app

When downloading the mobile app, the required information is transferred to the App Store, i.e. in particular user name, e-mail address and customer number of your account, time of download and the individual device code. We have no influence on this data collection and are not responsible for it. We only process the data to the extent necessary to download the mobile app to your mobile device.

1.2 Provision of the services

When using the mobile app, we collect the personal data described below to enable convenient use of the functions. If you want to use our mobile app, we collect the following data that are technically necessary for us to offer you the services and to ensure stability and security:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access Status/HTTP Status Code
  • Amount of data transferred in each case
  • Operating system and its interface
Access to the Service will be provided by means of a personal account or a personalized token for a single session. The legal basis is the provision of the services under the contract, Art. 6 (1) (1) b) GDPR.

1.3 Personal Profile

You also can enter personal information about you (in particular name and e-mail) in the app, although this is not required for the provision of the service. The legal basis for the personal profile is thus Art. 6 (1) (1) a) GDPR and you can withdraw your consent at any time with effect for the future by deleting the information in your profile.

1.4 Error Handling

We collect data related to errors (through the third party product Sentry called Error Log Data. This Error Log Data consists of the user ID, email, username, phone number and your device Internet Protocol (“IP”) address, device name, operating system version, the configuration of the app when utilizing our Service, the time and date of your use of the Service. We use the Error Log Data exclusively for error logging. For these errors we collect so-called “breadcrumbs”, i.e. the path taken by the user to get to the error to investigate and handle the root cause. We process this information under Art. 6 (1) (1) b) GDPR to perform the contract. Where we do not have a contract in place with you, we rely on Art. 6 (1) (1) f) GDPR to pursue our legitimate interests of detecting errors and their source to provide a working Service. We have assumed that this matches your interest as well.

2 Cookies

Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device's internal memory. We use a “shared session cookie” so that webclient and modeler work together in single sign-on mode. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device. If you choose to refuse our cookies, you may not be able to use some portions of this Service. Of course we do not use tracking cookies or anything similar.

3 Service Providers

We may employ third-party companies and individuals due to the following reasons:

  • to facilitate our Services
  • to provide the Services on our behalf
  • to perform Service-related services or
  • to assist us in analyzing how our Services are used.
These third parties have access to your personal data. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.

3.1 Firebase

We use certain Google Firebase services (“Firebase”) for which the following personal data are being processed:

  • Firebase Authentication: Passwords, Email addresses, Phone numbers, User agents, IP addresses) to enable end-user authentication, and to facilitate end-user account management. It also uses user-agent strings and IP addresses to provide added security and prevent abuse during sign-up and authentication.
  • Firebase Cloud Functions: IP address. Cloud Functions uses IP addresses to execute event-handling functions and HTTP functions based on end-user actions.
  • Firebase Cloud Messaging: Firebase installation IDs. Firebase Cloud Messaging uses Firebase installation IDs to determine which devices to deliver messages to. Cloud messaging enables us to send you push notifications or in-app messages. The end device is assigned a pseudonymised push reference, which serves as the target for the push notifications or in-app messages. The push messages can be deactivated at any time in the settings of the end device, but they can also be activated again.
  • Firebase Cloud Storage: Customer data. See https://firebase.google.com/terms/service-level-agreement/cloud-storage for more information.
  • Firebase Dynamic Links: Device specs (iOS), IP Addresses (iOS). Dynamic Links uses device specs and IP addresses on iOS to open newly-installed apps to a specific page or context.
  • Firebase Hosting: IP addresses. Hosting uses IP addresses of incoming requests to detect abuse and provide customers with detailed analysis of usage data.

Firebase is part of the Google Cloud Platform and offers many services for developers. You can see which data are processed and for what purpose under data processing information: firebase.google.com/support/privacy/. Google Firebase often uses "instance IDs", which, according to Google's information, are stored until the end customer makes an API call to delete the ID. After that, the data will be deleted from the live and backup system 180 days after being called up. For more information, see:

firebase.google.com/support/privacy/manage-iids. These instance IDs are determined, for example, to know which device messages are to be sent to.

We do not assume any guarantee for the above Information from Google and only refer to the information provided. Google is entitled to change or delete this information at any time, to delete or change the URL (link on Google websites) or to make the information available on another site.

Google is a service provider for us and thus a data processor for you in accordance with Art. 28 GDPR. We have concluded a data processing contract as well as EU model contract clauses. See https://policies.google.com/privacy/frameworks for more information. You can reach Google at Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. The Google Firebase Terms of Service can be found here:

firebase.google.com/terms/. Google provides an overview of Google Firebase data protection topics here: firebase.google.com/support/privacy/ and the privacy policy can be found at: policies.google.com/privacy.

3.2 Sentry

We use Sentry as an error management tool for our services. Sentry is operated by Sentry Inc., 45 Fremont Street, 8 th Floor, San Francisco, CA 94105, USA. Sentry is used in particular to improve the technical stability of the Service by monitoring system stability and identifying code errors. Personal data are only used for this purposes. For more information, see Sentry's privacy policy: https://sentry.io/privacy/.

We have concluded a data processing agreement as well as new EU Standard Contractual Clauses with Sentry.

3.3 Expo

Expo - From the Expo SDK we solely use OTA (Over-The-Air) Updates which rely on IDFA when collecting potential crash logs during updates. This applies only to the mobile app. Expo ensures that no personal data are transferred (https://docs.expo.dev/distribution/app- stores/#ios-specific-guidelines).

4 Links to other sites

Our services do not contain links to other sites. Users can, however, add hyperlinks to the WorkItems. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

5 Your rights

You have the following rights towards us with regard to your personal data:

  • Right to information
  • Right to rectification or erasure
  • Right to restriction of processing
  • Right to object to processing
  • Right to data portability
You also have the right to complain to a data protection supervisory authority about the processing of your personal data in our company.

6 Changes to this policy

We may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. This policy is effective as of 3 February 2022.

7 Contact us

If you have any questions about our Privacy Notice, please do not hesitate to contact us at support@atrigam.com.