Tempestia
EN

Privacy Policy

This English text is a convenience translation. The legally binding version is the German original; in the event of any discrepancy, the German version prevails.

Last updated: 2026-06-02

This Privacy Policy informs you, in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR), about the nature, scope and purpose of the processing of personal data within the mobile application Tempestia (the "App").

1. Controller

The controller responsible for the processing of personal data within the meaning of Art. 4(7) GDPR is:

Aiman Zennaoui Gärtnerstr. 58 20253 Hamburg Germany

E-mail: info@tempestia.de

A Data Protection Officer has not been appointed, as the statutory thresholds under § 38 BDSG (Federal Data Protection Act) are not met.

2. What Tempestia does, and what data it needs to do it

Tempestia is a mobile application for the self-directed recording and analysis of working hours. The purpose of the App is to provide workers in Germany — particularly in sectors with a high risk of wage theft (logistics, hospitality, care, retail, construction) — with their own complete shift record that can be used as evidence in disputes with their employer.

For this purpose, the App processes only data that you yourself enter or trigger through an explicit action (clocking in and out, starting and ending a break). No automated collection of data takes place without your action.

The App does not process personal data using artificial intelligence. Your data is never transmitted to AI service providers.

3. Categories of data processed

3.1 Registration and account

When you create a user account, the following data is processed:

  • E-mail address
  • Password (stored exclusively in encrypted form; no plain-text storage)

Purpose: Provision of personal, protected access to the App. Legal basis: Art. 6(1)(b) GDPR (performance of the user agreement).

3.2 Profile data for wage calculation

To correctly calculate your net earnings under German income tax and social security law, the following profile data that you enter is processed:

  • Tax class (I to VI)
  • Federal state (Bundesland)
  • Religious denomination / church tax liability (yes/no)
  • Family status and number of children under 25 years
  • Child allowance counter (Kinderfreibetragszähler, ELStAM)
  • Age indicator (above/below 23 years — relevant for the long-term care insurance surcharge for childless individuals)
  • Type of health insurance (statutory GKV or private PKV) and, where applicable, insurer or PKV premiums

Purpose: Exclusively the calculation of your anticipated gross and net earnings and the statutory deductions. Legal basis: Art. 6(1)(b) GDPR (performance of the user agreement). Insofar as the church tax indication constitutes information about your religious beliefs within the meaning of Art. 9(1) GDPR, processing is based exclusively on your explicit consent pursuant to Art. 9(2)(a) GDPR. You may remove this entry from your profile at any time.

This data is not transmitted to tax authorities, health insurers or employers. The calculations serve solely your own information.

3.3 Job and employer data

You can record in the App information about one or more employment relationships:

  • Employer name
  • Industry and position
  • Hourly wage
  • Contract type (full-time, part-time, mini-job, midi-job, working student)
  • Start date
  • Overtime surcharge

Purpose: Basis for shift assignment and wage calculation. Legal basis: Art. 6(1)(b) GDPR.

3.4 Shift and break times

When you use the time-tracking feature, the following data is recorded:

  • Start and end of each shift (date and time)
  • Start and end of each break within a shift
  • Assignment to a job you have created
  • Optional notes that you add yourself

Purpose: Complete documentation of your working time as a basis for your own evaluations and possible employment-law disputes with your employer. Legal basis: Art. 6(1)(b) GDPR.

3.5 Location data (GPS)

The App records your location exclusively at the following moments:

  • When clocking in (shift start)
  • When clocking out (shift end)
  • When starting a break
  • When ending a break

The geographic coordinates and — where technically determinable — street, house number, postal code and city are stored.

No continuous or background location tracking takes place.

Purpose: The location information serves exclusively as evidence for you that you were at a specific location at the respective time (e.g. at your workplace). The operator of the App does not access or analyse your location data in any form.

Legal basis: Art. 6(1)(a) GDPR (consent). You give consent both through the operating system's permission prompt (iOS/Android) and through the "Enable location tracking" toggle in the App settings. You may disable location tracking at any time — all other features of the App remain fully available without location tracking.

3.6 Device and session data

To maintain your login, the App stores a session token on your device (in the local AsyncStorage). This token contains no substantive data and serves exclusively to recognise your session when the App is reopened.

Legal basis: Art. 6(1)(b) GDPR and § 25(2) No. 2 TDDDG (technically necessary).

4. Processors and recipients

Your data is shared with third parties only with the following processors within the meaning of Art. 28 GDPR:

4.1 Supabase (hosting, database, authentication)

Provider: Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992

The data mentioned in Section 3 is hosted on servers operated by Supabase. The servers are located within the European Union (Region: Ireland). No transfer to third countries outside the EU takes place in the course of standard use.

A data processing agreement pursuant to Art. 28 GDPR has been concluded with Supabase Inc. Supabase Privacy Policy: https://supabase.com/privacy

4.2 Apple App Store / Google Play Store (obtaining the App and payment processing)

When you download and install the App, Apple Inc. and Google LLC independently process data (Apple ID / Google account, device information, installation data). I have no influence over this processing.

If you purchase a paid additional feature (single PDF export or Tempestia subscription, see § 5 of the Terms of Service), the payment is handled exclusively by Apple or Google as independent controllers for this purpose. The Provider does not receive any complete payment data (in particular no credit card, bank or account details), but only a purchase or entitlement confirmation provided by the respective app store, which is processed exclusively to unlock the purchased feature. The legal basis for this is Art. 6(1)(b) GDPR (performance of the contract for the respective additional feature).

Privacy policies:

  • Apple: https://www.apple.com/legal/privacy/
  • Google: https://policies.google.com/privacy

5. Transfers to third countries

No transfer of your data to countries outside the European Union or the European Economic Area takes place.

6. Retention period and deletion

Your data is stored for as long as your user account exists. You may at any time modify or delete individual shifts, breaks, jobs or profile data within the App yourself.

Upon deletion of the user account:

  • The deletion request is registered immediately. During a transition period of 30 days from the deletion request, recovery of the account remains technically possible upon explicit request. This grace period protects against accidental deletion.
  • After the 30 days have elapsed, all personal data associated with your account is irrevocably removed from the production database.
  • In backups, deleted data is overwritten in the course of the standard backup rotation.
  • An anonymised deletion log (timestamp and pseudonymised case ID, with no reference to an identifiable person) is retained for three years to fulfil the accountability obligation under Art. 5(2) GDPR.

The legal basis for the 30-day transition period is Art. 6(1)(f) GDPR (legitimate interest in avoiding unintended data loss and in handling recovery requests).

7. Your rights as a data subject

You have the following rights with respect to your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR) — see Section 6
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR) — see Section 8

To exercise these rights, an informal message to info@tempestia.de is sufficient.

8. Withdrawal of consent

Where the processing of your data is based on consent (in particular for location tracking under Section 3.5 and the church tax indication under Section 3.2), you may withdraw your consent at any time with effect for the future. The lawfulness of processing carried out prior to withdrawal remains unaffected.

Withdrawal takes effect either directly in the App settings (the "Enable location tracking" toggle) or by deleting the relevant profile entry.

9. Right to lodge a complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority concerning the processing of your personal data (Art. 77 GDPR). The competent authority is the data protection supervisory authority of your habitual residence, your place of work, or the place of the alleged infringement.

A list of German supervisory authorities is available at: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

10. No automated decision-making

No automated decision-making, including profiling within the meaning of Art. 22 GDPR, takes place. The calculations shown in the App (shift duration, gross/net earnings, statutory minimum breaks, rest period violations) are technical computations based on the data you have entered and produce no legal effect with respect to you.

11. Data security

The transmission of personal data between the App and the Supabase servers is encrypted via TLS (Transport Layer Security). Passwords are stored exclusively in encrypted form. To protect against unauthorised access to other users' records, the App uses Supabase's Row-Level Security mechanisms.

12. Notice on the legal effect of App content

The calculations, notices and analyses shown in the App — in particular regarding wage claims, statutory break times, night-shift surcharges, rest periods, claim deadlines (Ausschlussfristen) and mini-job limits — constitute legal estimates based on your inputs. They do not replace individual legal advice from a qualified lawyer. For the use of these values in employment-law disputes, I expressly recommend prior consultation with a qualified professional.

13. Changes to this Privacy Policy

I reserve the right to amend this Privacy Policy where required by legal developments, technical changes or an expansion of the App's functionality. You will be informed of material changes within the App at least 14 days before they take effect.

The current version is available in the App under "Profile → Privacy" and at https://tempestia.de.