Privacy Policy

This Privacy Policy of Independo GmbH (“Independo”, “we”, “us”, or “our”) explains how and why we collect, store, use, disclose, and otherwise process personal data when you use our services (“Services”), including for example when you:

• visit our website at https://www.independo.app or any other website that links to this Privacy Policy,
• use our mobile applications or other applications that link to this Privacy Policy,
• create an account, sign in, or use features of our products,
• contact us, including for support, sales, marketing, or events.

This Privacy Policy is intended to give you a legal overview of how we process personal data. For a more practical and up-to-date explanation of how data is processed in the Independo ecosystem, including information about core hosting, security measures, and the subprocessors currently used to support our services, please also see our Data Processing page.

Summary

This summary gives you a high-level overview of the most important points of this Privacy Policy.

Who is responsible for processing your data?

The controller for the processing described in this Privacy Policy is:

Independo GmbH
Lacknergasse 110
1180 Vienna
Austria
E-mail: hallo@independo.app

What personal data do we process?

Depending on how you interact with us and our Services, we may process:

• account and login information,
• profile and organization-related information,
• content you create or upload in our products,
• technical and usage data,
• communications with us,
• payment and subscription-related information,
• information required to operate, secure, and improve our Services.

Do we process sensitive personal data?

Depending on how our Services are used, some content processed through our products may be sensitive in nature.

At the same time, we do not intentionally use our Services to collect, infer, classify, or profile users based on special categories of personal data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data used for unique identification, health data, or data concerning a person’s sex life or sexual orientation, except where such information may be voluntarily provided by users or organizations as part of the content they create or upload in the normal use of the Services.

Where such content is processed, we aim to handle it with particular care and apply appropriate technical and organizational safeguards.

Do we receive information from third parties?

Yes. For example, if you sign in through a third-party identity provider, receive a subscription through an app store, or interact with us through external platforms, we may receive relevant information from those third parties.

Why do we process your data?

We process personal data to:

• provide and operate our Services,
• authenticate users and secure access,
• support communication and customer service,
• improve product functionality and reliability,
• process payments and subscriptions,
• comply with legal obligations,
• protect against fraud, abuse, and security incidents.

Do we share personal data with others?

Yes, where necessary. We may share personal data with service providers, infrastructure partners, payment providers, communication providers, analytics or diagnostics providers, affiliated companies, and other parties where this is required to provide our Services or comply with law.

Are data transferred internationally?

Some service providers we rely on may process personal data outside your country or outside the EEA. Where relevant, we take international transfers into account and rely on appropriate contractual or legal safeguards. For more operational detail, please see our Data Processing page.

What rights do you have?

Depending on applicable law, you may have rights to access, correct, delete, restrict, or object to the processing of your personal data, and to withdraw consent where processing is based on consent.

1. What information we collect

Personal data you provide to us

We collect personal data that you voluntarily provide to us when you:

• register for an account,
• sign in to our Services,
• use our products and features,
• upload or create content,
• subscribe to paid features,
• contact us,
• request information about our products or services,
• participate in surveys, events, or other interactions with us.

Depending on the context, this may include:

• name,
• email address,
• login or account identifiers,
• profile information,
• organization-related information,
• content you create or upload,
• communications and support requests,
• payment or subscription-related information.

You are responsible for ensuring that the personal data you provide to us is accurate and up to date.

Content created in our Services

If you use our products, we may process content that you create, upload, organize, or share through the Services. This may include, depending on the product and feature, things such as calendar content, journal or diary-style entries, documentation content, images, audio, attachments, and similar materials.

Information from third parties

We may receive information from third parties where relevant to the use of our Services. This may include, for example:

• sign-in or identity information from third-party identity providers,
• subscription or purchase-related information from app stores or payment providers,
• information from communication, marketing, or event tools,
• information from affiliated companies or business partners where relevant.

We only use such information where we have an appropriate legal basis to do so.

Automatically collected information

When you visit, use, or navigate our Services, we may automatically collect certain technical information. This may include:

• IP address,
• browser and device characteristics,
• operating system,
• language preferences,
• referring URLs,
• device identifiers,
• app version,
• usage and interaction data,
• error and diagnostic data,
• similar technical information required for operation, security, support, and product improvement.

Like many online services, we may also use cookies and similar technologies. See section 5 for more information.

2. How we process your information

We process personal data where necessary for legitimate business and product purposes, including to:

• provide, operate, and maintain our Services,
• create and manage user accounts,
• authenticate users and enable secure sign-in,
• deliver product features and functionality,
• support collaboration and organization-based use cases,
• process subscriptions and payments,
• communicate with users and respond to support requests,
• monitor reliability, diagnose problems, and improve performance,
• analyze product usage and improve our Services,
• prevent fraud, abuse, unauthorized access, and security incidents,
• comply with legal, regulatory, accounting, and tax obligations,
• enforce our contractual terms and protect our rights.

Where required by law, we will also rely on your consent for certain processing activities.

3. Legal bases for processing

Where the GDPR or similar laws apply, we process personal data on one or more of the following legal bases:

• Performance of a contract: where processing is necessary to provide the Services you requested or to perform our contractual obligations.
• Legitimate interests: where processing is necessary for our legitimate interests, such as operating, securing, supporting, and improving our Services, provided these interests are not overridden by your rights and interests.
• Consent: where you have given us consent for a specific processing activity. You may withdraw consent at any time with effect for the future.
• Legal obligation: where processing is necessary to comply with applicable law.
• Protection of vital interests or other applicable legal grounds: where permitted under applicable law.

4. When and with whom we share personal data

We may share personal data where necessary in the following situations:

Service providers and processors

We may share personal data with third-party service providers that help us operate, secure, support, improve, and commercially manage our Services. Depending on the context, this may include providers for:

• hosting and infrastructure,
• authentication and sign-in,
• synchronization,
• analytics and diagnostics,
• monitoring and observability,
• media processing and delivery,
• email and communication,
• payments and subscriptions.

For a more concrete and current overview of the subprocessors used in connection with our Services, please see our Data Processing page.

Affiliated companies

We may share personal data with affiliated companies where this is necessary for internal administration, support, operations, legal compliance, or related business purposes.

Business partners

We may share personal data with business partners where this is necessary to provide a product, service, promotion, or joint activity requested by you or your organization.

Business transfers

We may share or transfer personal data in connection with a merger, acquisition, financing, sale of company assets, or other corporate transaction.

Legal and safety-related disclosures

We may disclose personal data where necessary to:

• comply with law, regulation, court order, or governmental request,
• protect our rights, property, and interests,
• detect, prevent, or address fraud, abuse, or security issues,
• protect the safety of users or others.

5. Cookies and similar technologies

We may use cookies and similar technologies, such as local storage, analytics tools, and comparable mechanisms, to operate and improve our Services.

These technologies may be used, depending on the context, to:

• keep you signed in,
• remember settings and preferences,
• maintain security,
• understand how our Services are used,
• improve performance and user experience.

Where required by law, we will ask for consent before using non-essential cookies or similar technologies.

6. Third-party sign-in and authentication

Some of our Services may allow you to register or sign in using third-party identity providers, such as Google or Apple, in addition to other sign-in methods we may offer.

If you choose to sign in using such a provider, we may receive certain information needed to authenticate your account and provide access to the Service. The exact information received depends on the provider and your settings with that provider.

We do not control how third-party identity providers process your personal data in their own systems. We encourage you to review their privacy information directly.

For more detail on how authentication-related data is distinguished from the core content users create in our products, please see our Data Processing page.

7. International data transfers

We may transfer, store, or process personal data in countries other than your own, including outside the European Economic Area, where this is necessary for the operation of our Services or where one of our service providers is based or operates internationally.

Where such transfers take place, we aim to ensure that appropriate safeguards are in place, for example through contractual safeguards, legally recognized transfer mechanisms, or other measures required by applicable law.

For a more practical explanation of where our core product environment is hosted and how this differs from certain technical or authentication-related processing by specialized service providers, please see our Data Processing page.

8. How long we keep your data

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention may depend on factors such as:

• the nature of the data,
• the purpose of processing,
• legal, tax, or accounting requirements,
• security and fraud-prevention needs,
• backup and recovery processes,
• contractual obligations.

When we no longer need personal data for the relevant purpose, we will delete it, anonymize it, or securely isolate it until deletion is possible. In practice, when you delete your account or specific data, it is removed from our active production systems. However, to protect against accidental data loss or system failures, encrypted copies of this data may remain in our secure backups for a limited retention period before being permanently overwritten or destroyed. These backups are strictly isolated and only accessed for disaster recovery purposes.

9. Children and minors

Our Services are not directed to children under the age of 13.

Where processing is based on consent and the GDPR or similar laws apply, parental or guardian consent may be required for users under the age of 16, unless a lower age applies under the law of the relevant country. In the European Union, the age at which a child may validly consent to the processing of personal data in relation to information society services may vary between 13 and 16 depending on the Member State.

If we become aware that personal data has been collected from a child without the legally required authorization, we will take appropriate steps to delete that data.

If you believe that a child has provided personal data without the required consent, please contact us at hallo@independo.app.

10. Your data protection rights

Depending on the law applicable to your situation, you may have the right to:

• request access to your personal data,
• request correction of inaccurate or incomplete data,
• request deletion of your personal data,
• request restriction of processing,
• object to certain processing activities,
• request data portability,
• withdraw consent where processing is based on consent,
• lodge a complaint with a competent supervisory authority.

If you would like to exercise any of these rights, please contact us using the details in section 13.

As our main establishment is in Austria, you have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde, Barichgasse 40-42, 1030 Vienna, dsb@dsb.gv.at) or your local supervisory authority.

11. Account information

If you have an account with us, you may be able to access, update, correct, or delete certain account information through the relevant Service or by contacting us.

If you ask us to delete your account, we will delete or deactivate it as required by applicable law and our legitimate operational needs. We may retain certain information where necessary for legal compliance, fraud prevention, dispute resolution, enforcement of our agreements, or other legitimate and lawful purposes.

12. Do-not-track signals

Most web browsers and some mobile operating systems include a “Do Not Track” feature or setting. At this time, no uniform technical standard for recognizing and implementing such signals has been adopted. For that reason, we do not currently respond to Do Not Track signals in a standardized way.

If a legally required standard for responding to such signals is introduced in the future, we may update this Privacy Policy accordingly.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or business developments.

The updated version will be indicated by a revised “last updated date” and will become effective when published. If we make material changes, we may also provide additional notice where appropriate.

We encourage you to review this Privacy Policy from time to time.

14. How to contact us

If you have any questions or comments about this Privacy Policy or our handling of personal data, please contact us:

Independo GmbH
Lacknergasse 110
1180 Vienna
Austria
E-mail: hallo@independo.app

15. How to request access, correction, or deletion

If you would like to request access to, correction of, or deletion of personal data we hold about you, please contact us at hallo@independo.app.

We will review and respond to requests in accordance with applicable data protection law.

16. Applicable law and jurisdiction

This Privacy Policy is governed by Austrian law, without prejudice to any mandatory consumer protection or data protection rights that may apply under the law of your place of residence.

Unless mandatory law provides otherwise, the place of jurisdiction for disputes arising in connection with this Privacy Policy shall be Vienna, Austria.