Privacy Policy

Information about how we protect your data and safeguard your horse’s privacy.

Privacy Policy
Version date (effective from): October 9, 2025

  1. Controller
    The Rohns UG (haftungsbeschränkt) – ManeMap
    Bührenerstrasse 15B, 26670 Uplengen, Germany
    Phone: +49 177 4957900
    Email: info@manemap.app
    Represented by the managing directors: Marco Rohns and Laura Rohns

Contact for privacy inquiries and data subject rights:
info@manemap.app

  1. Scope of these privacy notices
    This privacy policy explains, in accordance with Articles 13/14 GDPR, how personal data is processed in the ManeMap app and on the website.

  2. Which data we process and for what purposes (purposes & legal bases)

3.1 Account & core service
Data processed: name (or alias), email address, login/authentication data, language, app settings.
Purposes: account creation, authentication, provision of app features, security.
Legal bases: Art. 6(1)(b) GDPR (contract), Art. 6(1)(f) GDPR (security / abuse prevention).

3.2 Horse profiles, training and routine data
Data processed: horse profile (e.g. name, age), training and care notes, appointments/reminders, and any photos you upload.
Purposes: providing the organizational features (profiles, logs, calendar, analytics), user convenience.
Legal basis: Art. 6(1)(b) GDPR (contract).

3.3 „Milo“ / AI-assisted guidance Data processed: your text inputs, selected context data (horse profile). Purposes: generating personalized response suggestions. Service provider: We use the API interfaces of Google (Google Gemini API, Google Ireland Ltd.). Privacy note: We use configurations that ensure that your inputs are not used to train OpenAI's AI models. Legal basis: Art. 6(1)(b) GDPR (performance of the contract for providing the AI feature).

3.4 Location (optional, by permission)
Data processed: device location (only if you agree) or location region for weather lookup.
Purposes: local weather/seasonal guidance.
Legal basis: Art. 6(1)(a) GDPR (consent). Consent can be withdrawn at any time in the device/app settings.

3.5 Push notifications (reminders)
Data processed: device token (push token), reminder content/metadata (e.g. time, type).
Purposes: delivery of reminders you configure in the app.
Legal basis: Art. 6(1)(b) GDPR (contract).

3.6 Crash reporting (Firebase Crashlytics) – opt-in

Data processed:

Crash/error reports and technical device/app metadata (e.g. OS version, device type, app version) and event logs related to crashes.

Purposes:

Stability, error analysis, and improvement of the app.

Opt-in / control:

Crashlytics is disabled by default and is only activated when you explicitly consent to crash reporting in the app (opt-in). You can withdraw this consent at any time in the app settings. If data collection is disabled, crash information may be stored locally on the device; if data collection is enabled later, crash information previously stored locally may be transmitted to Crashlytics (unless deleted beforehand).

Legal bases:

Art. 6(1)(a) GDPR (consent); insofar as access to information on the terminal equipment is required: Section 25(1) TDDDG (consent).

3.7 Usage analytics (app analytics) Data processed: pseudonymized usage data (e.g. buttons clicked, time spent on screens, completed onboarding steps). Purposes: improving the user experience (UX), error detection, and product development. Legal basis: Art. 6(1)(a) GDPR (consent via cookie/tracking banner)

3.8 Access to camera and photo gallery Data processed: photos you actively select or take. Purposes: saving photos in the horse profile or in notes. Legal basis: Art. 6(1)(a) GDPR (consent by confirming the system dialog on first access). Access occurs only locally on the device or for upload to our servers when you save the photo.

3.9 Website: technically necessary data
When you access the website, technically required data may be processed on the server side (e.g. IP address, timestamp, user agent, referrer) in order to deliver and secure the website.
Legal basis: Art. 6(1)(f) GDPR (security/operation) or Art. 6(1)(b) GDPR, if required for provision.

  1. Recipients / processors (Art. 28 GDPR)
    We use service providers as processors:

  • Supabase (EU region): database/storage/backend (hosting and processing of your app data).

  • Google (Gemini API): processing of inputs to generate AI responses ("Milo").

  • Google Firebase Crashlytics: crash reporting.

Note: app store providers (Apple/Google) process payment and billing data under their own responsibility in the context of the store purchase.

  1. International data transfers
    Where service providers process data outside the EEA, this is done on the basis of appropriate safeguards (e.g. Standard Contractual Clauses) or an adequacy decision, where applicable.

  2. Retention period
    We store personal data only as long as necessary for the purposes or as long as statutory retention obligations apply. Business records may be retained for up to 10 years under commercial and tax law (HGB § 257; AO § 147).

  3. Account deletion Automatic deletion through the app is currently not possible. To permanently delete your account and all stored data, please send a brief email to info@manemap.app. We will carry out the deletion promptly and confirm it to you.

  4. Security
    We take appropriate technical and organizational measures (Art. 32 GDPR), including transport encryption, access restrictions, and (depending on configuration) EU hosting.

  5. Children
    ManeMap is not intended for children under 16 years of age. Users aged 16–17 should use the service only with parental consent.

  6. Veterinary/medical notice
    ManeMap provides organizational tools and general guidance. Content – including AI-assisted guidance ("Milo") – is not veterinary advice and does not replace professional diagnosis/treatment. In case of acute symptoms/emergencies: please contact a veterinarian or emergency service immediately.

  7. Changes
    We may update this privacy policy and will then indicate the new effective date.

Get the app

Download