Privacy Policy

This Privacy Policy meets the requirements of the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG), and other applicable data protection laws.

Important: Your dream interpretations and chat messages are transmitted to third-party providers (OpenAI, USA) for AI processing. See details below.

Data Controller under GDPR:

Anatolii Tkachenko
St. Ruprechter Straße 90
9020 Klagenfurt am Wörthersee, Austria
Email: privacy@erita.app
UID: ATU82239025

• Dream Descriptions: Texts you enter for dream analysis
• Chat Messages: Conversations with the AI chatbot
• Account Data: Email address (optional), username
• Settings: App preferences, language settings
• Payment Information: Processed exclusively by app stores (Apple, Google), not by us

• Device Information: Device type, operating system, app version
• Usage Data: Usage statistics, feature usage, session duration
• Technical Data: IP address, crash reports, error logs
• Analytics: Anonymized usage analytics (Firebase Analytics, if enabled)

Attention: Dream descriptions and chat content may contain sensitive data under Art. 9 GDPR (health data, mental state).

Legal Basis: Processing is based on your explicit consent (Art. 9(2)(a) GDPR), which you can withdraw at any time.

We process your data based on the following legal grounds under GDPR:

• Art. 6(1)(b) GDPR (Contract Performance): Provision of app functions
• Art. 6(1)(a) GDPR (Consent): Analytics, marketing, newsletter
• Art. 9(2)(a) GDPR (Consent for sensitive data): Dream interpretation and psychological chat functions
• Art. 6(1)(f) GDPR (Legitimate Interest): Security, fraud prevention, technical optimization
• Art. 6(1)(c) GDPR (Legal Obligation): Tax law, accounting

Important: Your dream descriptions and chat messages are transmitted to OpenAI LLC (USA) to generate AI-based analyses.

• Data Recipient: OpenAI LLC, 3180 18th Street, San Francisco, CA 94110, USA
• Transmitted Data: Dream content, chat messages (may contain sensitive data)
• Purpose: AI-powered dream interpretation and psychological chat functions
• Legal Basis: Your consent (Art. 49(1)(a) GDPR)
• Third Country Transfer (USA): The USA does not have an adequacy decision. We use OpenAI's Data Processing Agreement (DPA) and Standard Contractual Clauses (SCC).
• OpenAI Privacy: https://openai.com/privacy
• Data Retention at OpenAI: OpenAI stores API requests for maximum 30 days for abuse prevention, then they are deleted (as of November 2025, see OpenAI's API Data Policy)

Risks of Transfer to USA: Despite protective measures, there is residual risk of government access by US authorities (FISA 702, Executive Order 12333). You have the right to withdraw your consent at any time (affecting app functionality).

• Firebase (Google): Analytics, Crashlytics, Hosting - Privacy
• App Stores (Apple, Google): Payment processing, app distribution
• Cloud Hosting: Server infrastructure (EU-based)

No sharing with advertising partners, data brokers, or marketing firms without your consent.

• Dream Interpretations & Chat: As long as your account is active; deleted upon account deletion
• Account Data: Until termination + 30 days grace period
• Billing Data: 7 years (statutory retention requirement under Austrian tax law)
• Analytics: Maximum 14 months (anonymized)
• Crash Logs: 90 days

• Encryption: TLS/SSL for data transmission, AES-256 for data at rest
• Access Controls: Role-based access restrictions, multi-factor authentication
• Regular Audits: Security reviews and updates
• Minimization: We collect only necessary data

Data Breach Notification: In case of a data breach, we will notify you and the Austrian Data Protection Authority within 72 hours (Art. 33, 34 GDPR).

You have the following rights regarding your personal data:

7.1 Right of Access (Art. 15 GDPR)
Right to confirmation of whether and what data about you is being processed, including processing purpose, recipients, and retention period.

7.2 Right to Rectification (Art. 16 GDPR)
Right to correction of inaccurate or incomplete data.

7.3 Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)
Right to deletion of your data, unless statutory retention obligations apply.

7.4 Right to Restriction of Processing (Art. 18 GDPR)
Right to temporary blocking of data processing under certain conditions.

7.5 Right to Data Portability (Art. 20 GDPR)
Right to receive your data in structured, machine-readable format (JSON/CSV).

7.6 Right to Object (Art. 21 GDPR)
Right to object to processing based on legitimate interest or for direct marketing.

7.7 Right to Withdraw Consent (Art. 7 GDPR)
Right to withdraw your consent at any time. This may limit app functionality (e.g., no AI analyses possible).

7.8 Right to Lodge a Complaint (Art. 77 GDPR)
Right to lodge a complaint with the competent data protection supervisory authority:

Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna, Austria
Tel: +43 1 52 152-0
Email: dsb@dsb.gv.at
Web: www.dsb.gv.at

Exercise Your Rights: Contact us at privacy@erita.app. We will respond within 30 days.

The mobile app does not use browser cookies. Local storage is used exclusively for app functionality (e.g., settings, session tokens).

Analytics: Firebase Analytics uses device-specific IDs. You can disable analytics in app settings.

The app is designed for persons 18 years and older. We do not knowingly collect data from persons under 16 years without parental consent.

There is no automated decision-making with legal effect or similar significant impact (Art. 22 GDPR). AI analyses serve exclusively for information and self-discovery purposes.

We reserve the right to update this Privacy Policy. Material changes will be communicated by email or in-app notification at least 30 days in advance.

Data Protection Officer:
Anatolii Tkachenko
Email: privacy@erita.app
Address: St. Ruprechter Straße 90, 9020 Klagenfurt am Wörthersee, Austria

What are Cookies?
Cookies are small text files stored on your device when you visit our website. They help us optimize the website and continuously improve it.

1. Necessary Cookies (Technically Required)
• Purpose: Session management, security, basic functions
• Legal Basis: Art. 6(1)(f) GDPR (legitimate interest)
• No consent required

2. Analytics Cookies (Google Analytics)
• Provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
• Purpose: Website analysis, usage statistics
• Cookies: _ga, _gid, _gat_gtag_*, _ga_*
• Duration: _ga (2 years), _gid (24 hours), _gat (1 minute)
• Legal Basis: Art. 6(1)(a) GDPR (consent)
• Third Country Transfer: USA (Art. 49(1)(a) GDPR - consent)
• Google Privacy Policy: https://policies.google.com/privacy

Google Analytics - Special Notes
We use Google Analytics with IP anonymization enabled. This means your IP address is truncated by Google within EU member states or other EEA contracting states.

Data Transfer to USA: Google Analytics transmits personal data to the USA. Despite Standard Contractual Clauses, there is residual risk of government access by US authorities (FISA 702, Executive Order 12333).

Manage Your Cookie Settings
You can adjust your cookie settings at any time:
• Via our Cookie Settings
• In your browser settings
• By withdrawing your consent (with effect for the future)

Browser Settings
You can configure your browser to be informed about cookie placement and allow cookies only on a case-by-case basis, exclude acceptance of cookies in certain cases or generally, and enable automatic deletion of cookies when closing the browser.

Google Analytics Opt-Out
You can prevent data collection by Google Analytics by clicking the following link. An opt-out cookie will be set: Disable Google Analytics

This Privacy Policy fully complies with the requirements of the GDPR (General Data Protection Regulation 2016/679) and the Austrian Data Protection Act (DSG).

In case of conflicts between German and English versions, the German version prevails.