Privacy Policy

Controller

The controller responsible for data processing is:

Christoph Bimmer bsigned.de Undeostr. 37 85661 Forstinning

E-mail: [email protected]

General information on data processing

The protection of your personal data is an important concern to us. We process your data exclusively on the basis of the statutory provisions, in particular the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Telecommunications Digital Services Data Protection Act (TDDDG).

This privacy policy informs you about which personal data we collect in connection with the use of the website pizzaplan.app and the PizzaPlan app, and how this data is processed.

Personal data is all information relating to an identified or identifiable natural person, for example your name, your e-mail address or your IP address.

Website pizzaplan.app

The following sections concern the use of the website pizzaplan.app.

Hosting and content delivery

This website is provided via Cloudflare Pages. The license verification of the app is carried out via Cloudflare Workers.

Provider: Cloudflare Inc., 101 Townsend Street, San Francisco, CA 94107, USA.

When you access our website and when the app makes requests, your requests are routed via Cloudflare’s global network. In this process, your IP address is processed by Cloudflare for technical reasons. Cloudflare stores temporary access data to ensure operation and to protect against attacks (DDoS protection, Web Application Firewall).

Data processing by Cloudflare is carried out on the basis of a data processing agreement (Data Processing Addendum) and the EU standard contractual clauses.

Cloudflare privacy policy: https://www.cloudflare.com/privacypolicy/

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in the secure and efficient provision of our services).

E-mail forwarding and delivery

Incoming e-mails to our contact address are forwarded to our mailbox via Cloudflare Email Routing. In addition, messages submitted via our contact form are processed by a Cloudflare Worker and likewise delivered as outgoing e-mail to our mailbox via Cloudflare Email Routing. In this process, the e-mail metadata (sender, subject, time) and the content are processed by Cloudflare. The e-mails are not stored by Cloudflare beyond the respective forwarding or delivery process.

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in being reachable by e-mail).

Contact form and spam protection (Cloudflare Turnstile)

A contact form is available on our website. If you use it, the data you enter (name, e-mail address, subject, message) is transmitted to us via a Cloudflare Worker and delivered by e-mail.

To protect against automated requests (spam), we use Cloudflare Turnstile. When the form is loaded, a security check is carried out by Cloudflare. In this process, Cloudflare processes technical data of your browser as well as your IP address in order to distinguish automated requests from human ones. No cookies are set and no permanent user profiles are created.

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in protecting our services against abuse).

Cookies

Our website uses technically necessary cookies that are required for the proper operation of the website. In addition, cookies are used for analysis purposes, provided you have consented to this via our cookie banner (see section “Web analysis”).

The legal basis for the use of technically necessary cookies is Art. 6 (1) lit. f GDPR (legitimate interest in the functional provision of the website). Analysis cookies are only set after your explicit consent (Art. 6 (1) lit. a GDPR).

Web analysis (Google Analytics 4)

We use Google Analytics 4, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies and similar technologies to analyze your use of the website. Activation takes place exclusively after your explicit consent via our cookie banner (opt-in). By default, the analysis is disabled.

We use Google Analytics with the “Consent Mode v2” function. This means that without your consent, no analysis cookies are set and no personal data is transmitted to Google.

When consent has been given, the following data is collected:

  • Page views and navigation behavior
  • Time spent on the pages
  • Referrer URL (where you come from)
  • Browser type, operating system, screen resolution
  • Approximate location (based on the anonymized IP address)
  • IP address (automatically truncated by Google)

The data is processed on Google servers, which may also be located in the USA. The transfer of data to the USA is carried out on the basis of the EU standard contractual clauses.

You can revoke your consent at any time by deleting the cookies in your browser. On your next visit, the cookie banner will be displayed again.

Legal basis: Art. 6 (1) lit. a GDPR (consent).

Google privacy policy: https://policies.google.com/privacy

Fonts

The font “Inter” (body text) is delivered locally from our server. For the serif display font “Fraunces” (headings) we use Google Fonts (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). When the font is loaded, your IP address is transmitted to Google for technical reasons. Google does not set any cookies in this process.

Google privacy policy: https://policies.google.com/privacy

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in the uniform presentation of our content).

Amazon affiliate links on the “Accessories” page

On our website, we offer at pizzaplan.app/zubehoer/ (as well as the corresponding language variants /en/accessories/, /es/accesorios/, /it/accessori/, /nl/accessoires/) a curated overview of pizza accessories with references to the Amazon online shop. We participate in the partner program “Amazon Partnernet” (EU).

Partner program provider: Amazon Europe Core S.à r.l., 38 avenue John F. Kennedy, L-1855 Luxembourg.

If you click on such an affiliate link, you are redirected to the Amazon website in a new browser tab. In this process, Amazon receives our partner tag as well as the usual browser and connection data (IP address, User-Agent, Referrer). In the event of a subsequent purchase, we receive a commission. No additional costs are incurred for you.

The partner tags used differ by language version:

  • German and Dutch: p1265423-21 (amazon.de)
  • English: p126542304-21 (amazon.co.uk)
  • Spanish: p12654230e-21 (amazon.es)
  • Italian: p126542300-21 (amazon.it)

The affiliate links are marked with rel="sponsored nofollow noopener" in order to make their advertising nature transparent.

In addition, we load the product images of the listed articles directly from Amazon servers (m.media-amazon.com). In this process, your IP address is transmitted to Amazon for technical reasons. We use the attribute referrerpolicy="no-referrer" so that Amazon does not receive any information about the exact page on pizzaplan.app from which the image is loaded.

After redirection to amazon.de (or the respective country page), the Amazon privacy policy applies there: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in refinancing our content through affiliate revenue).

PizzaPlan app

The following sections concern the use of the PizzaPlan app.

No advertising

The PizzaPlan app does not display any advertising and does not use any advertising trackers or advertising networks. No data is transmitted to advertising service providers.

Local data storage

The app stores various data exclusively locally on your device (settings, recipe values, favorites, shopping list, cache). This data is not transmitted to servers or third parties. Storage takes place by means of AsyncStorage (unencrypted, app-internal). The Pro license status as well as the associated purchase token are additionally stored in encrypted form by means of SecureStore.

Storage period: The data remains on the device until the app is uninstalled or until you use the “Delete all data” function in the app settings.

Legal basis: Art. 6 (1) lit. b GDPR (performance of a contract) as well as Art. 6 (1) lit. f GDPR (legitimate interest in the functionality of the app).

Crash reports and error analysis (Sentry)

In order to improve the stability and quality of the app, there is the option of transmitting crash reports to the service Sentry.

Provider: Functional Software Inc. (Sentry), 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA.

The transmission takes place exclusively with your explicit consent (opt-in). The function is disabled by default. You can give or revoke your consent at any time in the settings under “Privacy” -> “Send crash reports”.

When consent has been given, the following data is collected:

  • Crash and error reports (stack traces)
  • Performance data (sampling rate: 20 %)
  • Session data (start, end, duration)
  • Navigation behavior (visited screens)
  • App version, operating system, device type
  • IP address (for technical reasons during transmission)

The data is processed on Sentry servers in the USA. The transmission is carried out on the basis of the EU standard contractual clauses. Retention period: 90 days.

Legal basis: Art. 6 (1) lit. a GDPR (consent). The consent can be revoked at any time with effect for the future.

Sentry privacy policy: https://sentry.io/privacy/

In-app purchases and license verification

The app offers a paid Pro version as a one-time in-app purchase. The purchase is processed exclusively via the Google Play Store (Google Ireland Ltd.) or the Apple App Store (Apple Distribution International Ltd.). The app itself does not process or store any payment data.

To check the Pro status, the app communicates at regular intervals (a maximum of once within 7 days) with the server api.pizzaplan.app. In this process, the following data is transmitted:

  • Purchase token
  • Order ID (Google Play) or Transaction ID (Apple)
  • Platform (Android/iOS)
  • Package name of the app
  • Product ID

The communication is signed by means of HMAC-SHA256. The processing is carried out via Cloudflare Workers (see section “Hosting and content delivery”). No personal data such as name or e-mail address is transmitted.

Legal basis: Art. 6 (1) lit. b GDPR (performance of a contract).

The app contains recommendations for products in the “Accessories” area that are linked via Amazon affiliate links (affiliate tag: g010118-21). Product images are loaded directly from Amazon servers (m.media-amazon.com). In this process, your IP address is transmitted to Amazon for technical reasons. When you open an affiliate link, your external browser is started. Amazon then receives the usual browser data.

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in refinancing the app through affiliate revenue).

General provisions

The following sections apply both to the website and to the app.

Contacting us

If you contact us by e-mail or via the contact form on our website, the data you provide (name, e-mail address, subject, message content) is stored by us in order to process your request and to keep it on file in the event of follow-up questions. The data transmitted via the contact form is transmitted in encrypted form (TLS) and processed by a Cloudflare Worker (see section “Contact form and spam protection”).

The legal basis is Art. 6 (1) lit. b GDPR (pre-contractual measures or performance of a contract) as well as Art. 6 (1) lit. f GDPR (legitimate interest in answering your request).

We delete the data collected in this context once storage is no longer necessary, or we restrict the processing if statutory retention obligations exist.

Storage period

Unless a different storage period is specified in this privacy policy, your personal data remains with us until the purpose of the data processing ceases to apply. If you assert a legitimate request for deletion or revoke a consent to data processing, your data will be deleted, provided we do not have any other legally permissible reasons for storage (e.g. retention periods under tax or commercial law). In the latter case, deletion takes place after these reasons cease to apply.

Your rights

Within the framework of the applicable statutory provisions, you have the following rights at any time regarding your personal data:

  1. Right of access (Art. 15 GDPR): You have the right to request confirmation as to whether personal data concerning you is being processed, and to obtain information about this data.

  2. Right to rectification (Art. 16 GDPR): You have the right to request the rectification of inaccurate personal data as well as the completion of incomplete data.

  3. Right to erasure (Art. 17 GDPR): You have the right to request the erasure of your personal data, provided one of the grounds mentioned in Art. 17 GDPR applies.

  4. Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of the processing of your personal data.

  5. Right to data portability (Art. 20 GDPR): You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format.

  6. Right to object (Art. 21 GDPR): You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data.

  7. Right to withdraw consent (Art. 7 (3) GDPR): Insofar as you have given consent to data processing, you can revoke it at any time with effect for the future.

To exercise your rights, you can contact us at any time at: [email protected]

Supervisory authority

If you are of the opinion that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) Promenade 18 91522 Ansbach Telephone: +49 981 180093-0 E-mail: [email protected] Website: https://www.lda.bayern.de/de/index.html

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, this website and the communication of the app use SSL or TLS encryption.

Changes to this privacy policy

We reserve the right to adapt this privacy policy so that it always complies with the current legal requirements or in order to implement changes to our services in the privacy policy. The new privacy policy will then apply to your next visit.

Last updated: 18 April 2026