Privacy Policy

1. Controller

Cheveo GmbH
Friedensplatz 7
53111 Bonn, Germany
E-Mail: datenschutz@cheveo.de

2. Data We Collect

When you use DeepHush, we may collect the following data:

  • Account information (email address, display name)
  • Task and list data you create within the app
  • Usage data (features used, session duration)
  • Technical data (IP address, browser type, operating system)
  • Push notification tokens (if you enable notifications)

3. Purpose of Processing

  • Providing and operating the DeepHush service
  • Enabling collaboration features (shared lists, nudges)
  • Sending push notifications you have opted into
  • Improving the app based on aggregated usage patterns
  • Fulfilling legal obligations

4. Legal Basis

We process your data based on:

  • Art. 6(1)(b) GDPR — Performance of a contract (providing the service)
  • Art. 6(1)(a) GDPR — Your consent (push notifications, optional analytics)
  • Art. 6(1)(f) GDPR — Legitimate interests (security, fraud prevention, service improvement)
  • Art. 6(1)(c) GDPR — Legal obligations (tax, accounting)

5. Third-Party Services

DeepHush uses the following third-party services:

  • Supabase — Database and authentication (EU servers)
  • Firebase Cloud Messaging — Push notifications
  • Vercel — Website hosting and cookieless analytics
  • RevenueCat — Subscription management
  • Apple App Store — iOS app distribution and payments

6. Cookies

This landing page uses Vercel Web Analytics, which is cookieless and does not track individual users. No cookie consent banner is required. The DeepHush web app uses essential cookies for authentication and session management only.

7. Data Retention

  • Account data: Retained while your account is active, deleted within 30 days of account deletion
  • Server logs: 7 days
  • Analytics data: Aggregated, no personal data retained

8. Your Rights

Under GDPR, you have the right to:

  • Access your personal data (Art. 15 GDPR)
  • Rectify inaccurate data (Art. 16 GDPR)
  • Delete your data (Art. 17 GDPR)
  • Restrict processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Lodge a complaint with a supervisory authority

To exercise these rights, contact us at datenschutz@cheveo.de.

9. Security

We use SSL/TLS encryption, access controls, and regular security updates to protect your data. All data is transmitted encrypted and stored on secured servers.

Last updated: March 2026