ALogin with APPIK
PrivacyUpdated: July 12, 2026

Privacy Policy

Short version first: appik.net processes only data needed for operation, login, product communication, and voluntary forms.

1. Controller

Patrik Kluge, trading as APPIK, Rothemühleweg 35A, 38112 Braunschweig, Germany.

Contact for privacy requests: privacy@appik.net.

2. Data we process

When you visit the website, server log data such as IP address, date, time, requested URL, referrer, browser, and device information may be processed to deliver the service securely and reliably.

When you sign in, APPIK processes account and session data through Auth.js and Keycloak, especially name, email address, session status, and technical tokens.

When you use profile or settings features, voluntary details such as display name, city, preferences, and settings may be stored.

Newsletter and waitlist forms process the email address you enter and, optionally, your name. Double opt-in is planned for production mailings.

3. Purposes and legal bases

Processing is used to provide the website, secure operations, manage user accounts, answer requests, and send product information that users voluntarily request.

Depending on the process, legal bases are Article 6(1)(b) GDPR, Article 6(1)(f) GDPR, and, for voluntary consent, Article 6(1)(a) GDPR.

4. Cookies and local storage

Required cookies may be set for login, session protection, security, and technically necessary functions.

The analytics preference is stored locally on your device. PostHog is not initialized, no analytics identifier is created, and no analytics data is sent unless you give explicit consent, as required under Section 25 TDDDG where applicable.

5. Analytics and product measurement

With explicit consent, appik.net uses PostHog Cloud EU for product analytics. It measures page views and a small set of interactions such as calls to action, sign-in starts, and requests opened through email links.

Analytics events may include the page URL, referrer, browser and device information, an anonymous identifier, the app environment and release, and the selected interaction. After sign-in, a stable internal account identifier may connect consented anonymous and authenticated activity; names, email addresses, profile content, and authentication tokens are not sent as analytics properties.

Session recording is disabled, as is interaction autocapture. Analytics are not used for advertising, retargeting, or cross-site tracking. You can withdraw consent at any time through Analytics settings in the website footer.

6. Recipients and processors

Technical service providers may support hosting, authentication, email delivery, error analysis, and infrastructure. PostHog Cloud EU acts as a processor for consented product analytics. Providers are used only to the necessary extent.

Data is not shared with third parties for advertising purposes. Transfers to third countries occur only with a suitable legal basis and safeguards.

7. Retention

Server log data is stored only as long as required for security, error analysis, and operation.

Account and profile data remains stored while the account exists or while legal obligations require longer retention.

Newsletter or waitlist data is processed until withdrawal, unsubscribe, or completion of the respective purpose.

Analytics events are retained only as long as needed for product measurement. The analytics preference remains on your device until you change it, clear site data, or the preference format is replaced.

8. Your rights

Under the GDPR, you have rights to access, rectification, erasure, restriction of processing, data portability, and objection.

You may withdraw consent at any time with effect for the future. You also have the right to lodge a complaint with a competent data protection supervisory authority.

9. Security and changes

APPIK uses technical and organizational measures to protect personal data against loss, misuse, and unauthorized access.

This policy will be updated when product scope, processors, or data processing changes materially.

Privacy

Privacy contact

For access, deletion, export, or objection requests, a short email with clear context is enough.