StackBytes logo

Privacy Policy

Last Updated: May 8, 2026

1. An Overview of Data Protection

General Information

The following information provides a simple overview of what happens to your personal data when you use the Lifebound application or visit our website. Personal data is any data with which you could be personally identified.

Data Collection on Our Services

The data processing on this service is carried out by the operator. Contact details can be found in the "Notice Regarding the Responsible Party" section below. Data is collected either because you provide it to us (e.g., registration) or automatically through our IT systems (e.g., technical log files).

2. Notice Regarding the Responsible Party

The party responsible for data processing is:

StackBytes GmbH
Haarwiesenstraße 18
73054 Eislingen, Germany
Phone: +49 174 6201603
Email: info@stackbytes.de

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

3. Storage Duration and Deletion

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, provided we have no other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods).

4. Legal Bases for Data Processing

If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) (a) GDPR. If the processing is necessary for the performance of a contract (e.g., providing the Habit Tracker service), the legal basis is Art. 6 (1) (b) GDPR. Furthermore, processing may occur based on our legitimate interests (Art. 6 (1) (f) GDPR) such as ensuring the security and stability of our infrastructure.

5. Your Rights (Data Subject Rights)

You have the following rights at all times regarding your personal data:

  • Right to Information (Art. 15 GDPR): You have the right to obtain information about the origin, recipient, and purpose of your stored personal data.
  • Right to Rectification (Art. 16 GDPR): You can demand the immediate correction of incorrect data.
  • Right to Erasure (Art. 17 GDPR): Under certain conditions, you can demand the deletion of your data.
  • Right to Restriction of Processing (Art. 18 GDPR): You can request that the processing of your data be restricted.
  • Right to Data Portability (Art. 20 GDPR): You can request that we hand over data we process automatically to you or a third party in a common, machine-readable format.
  • Right to Revoke Consent (Art. 7 (3) GDPR): If you gave us consent, you can revoke it at any time for the future.

RIGHT TO OBJECT: IF DATA PROCESSING IS BASED ON ART. 6 (1) (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

6. Infrastructure, Hosting and Third-Party Services

In order to operate Lifebound, we use the following external service providers. Data Processing Addendums (DPA) have been signed with all providers.

Vercel

Our website is hosted by Vercel Inc., USA. Server location is Frankfurt, Germany. Vercel collects server log files (IP address, browser type, time of access). Legal basis: Art. 6 (1) (f) GDPR.

Railway & Neon DB

Our backend logic runs on Railway (Railway Corp.) and our database is hosted by Neon (Neon, Inc., USA). All habits and account data are stored here. Legal basis: Art. 6 (1) (b) GDPR.

RevenueCat

We use RevenueCat (RevenueCat, Inc.) to manage our subscription-only business model. RevenueCat processes purchase data to grant access to premium features. No payment details (credit cards) are stored by us or RevenueCat; these remain with the App Stores. Legal basis: Art. 6 (1) (b) GDPR.

AppsFlyer

For marketing attribution and analytics, we use AppsFlyer (AppsFlyer Ltd.). This service tracks from which source a user installed the app and how they interact with it. This requires technical IDs (IDFA/GAID). Legal basis: Art. 6 (1) (a) GDPR (Consent) via the App settings or system dialog.

7. Account Deletion and Data Portability

In accordance with Apple and Google policies, users can delete their account and all associated data directly within the app settings. Upon deletion, all habit-related records and account identifiers will be purged from our servers immediately.

8. SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, this service uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" and the lock icon in the browser line.