Privacy Policy

Effective 2025-10-23. This policy applies to the RMDme app developed by Fabian Strobl, provided as a free service "AS IS".

Data Controller

Fabian Strobl
Schöttlstraße 10, 81369 München, Germany
Email: legal@rmdme.com

What Information We Collect

When you register, we process your email address, a pseudonymous user ID, and a password hash. Passwords are handled by AWS Cognito and stored only as salted cryptographic hashes.

The app may also collect device type, OS identifiers, IP address, and limited technical usage information automatically.

Purposes and Legal Bases (GDPR)

• Core app functions — Art. 6(1)(b): reminder data, due date/time, recurrence rules, time zone, device push token.
• Voice input — Art. 6(1)(b): optional feature to create reminders by voice via Apple Speech or Whisper (on-device).
• Smart reminders — Art. 6(1)(b): text is processed with AI (AWS Bedrock, EU region) to generate smart due dates and title suggestions. Prompts are not used to train models.
• Account & authentication — Art. 6(1)(b): email, password hash, user ID.
• Stability & security — Art. 6(1)(f): minimal server-side logs (timestamps, error codes, IP addresses).

Third-Party Recipients

• AWS Bedrock (EU region) — AI processing
• AWS Cognito (EU region) — authentication
• AWS infrastructure (EU region) — hosting, database, logging
• Apple APNs — push notification delivery (device token only)
• Apple Speech (optional) — speech recognition under Apple's privacy policies

Data Retention

• Reminders: until completion + 30 days, then deleted.
• AI prompts: processed in real time, not retained beyond ~30-day operational logs.
• Voice input: audio discarded after processing; transcribed text follows reminder retention.
• Account data: retained for the life of the account; deleted within 30 days after closure.

Your Rights (EU/EEA)

Under GDPR you have rights of access, rectification, erasure, restriction, portability, and objection (Arts. 15-21). Contact legal@rmdme.com and we will respond within one month.

Opt-Out

• Disable notifications in your device settings.
• Withdraw consent for optional features in the app.
• Request access or deletion via legal@rmdme.com.
• Delete your account in the app before uninstalling.

International Transfers

Where services operate outside the EEA, we rely on the EU-US Data Privacy Framework and/or Standard Contractual Clauses.

Children

You must be at least 16 years old to use RMDme. If we learn data was collected from someone under 16, we will delete it.

Security

Data is encrypted in transit, passwords are stored as salted hashes, and we avoid logging sensitive content. No security system can prevent all breaches.

Changes

We may update this policy from time to time. Changes will be posted on this page.

Contact

Questions about privacy? Email legal@rmdme.com.