nyinto is your digital diary. To make sure it actually stays yours, we commit to these seven promises:
Your diary is your diary. Only you see your entries. We don't read along, we don't analyze, we don't train AI on them. No employee just casually peeks in either.
No third-party tracking, no advertising, no selling of user profiles. No Google Analytics, no ad networks, no third-party cookies. For audience measurement we use a self-hosted Matomo instance with anonymized IP, no cross-site tracking — the data never leaves our server, and you can opt out at any time.
Your data is yours. You can delete your account at any time. What you delete is gone — including from our backups (after the backup rotation period).
External services only with your okay. Komoot, Strava and Nextcloud are connected only when you actively authorize them. We store access tokens encrypted; a database leak alone is not enough to open your accounts elsewhere.
At your place, not ours. Photos, videos and calendars stay in your Nextcloud — and photos or videos you capture in the app keep their original on your device. nyinto only holds references, small preview caches and metadata. We don't make ourselves the host for content that belongs somewhere else.
Servers in Germany. Your data sits on servers in Germany and is therefore subject to the strict data-protection law of the EU.
No sharing. We don't sell, rent or trade your data. Disclosures to third parties happen only in response to a valid legal order — and only the minimum required.
The controller for the processing of personal data on this website within the meaning of the General Data Protection Regulation (GDPR) is:
mitarbeiterglück UG (haftungsbeschränkt)We have not appointed a Data Protection Officer. An appointment is not required under Section 38 BDSG, since we do not have more than 20 people permanently engaged in the automated processing of personal data, nor are we required to carry out a data protection impact assessment. Please direct data protection inquiries to datenschutz@nyinto.com.
We process personal data only to the extent necessary for the provision of our services, the pursuit of legitimate interests, or on the basis of consent you have given. The legal bases are Art. 6(1)(a) GDPR (consent), (b) (performance of a contract) and (f) (legitimate interest). The respective storage period is indicated for each individual processing activity below.
Each time our site is accessed, our hosting provider automatically collects information transmitted by your browser:
This data is used solely for technical security, stability and abuse prevention. No personal evaluation takes place. The legal basis is Art. 6(1)(f) GDPR. The log files are automatically rotated and deleted according to our hosting provider's standard (typically 7 days).
We set only technically necessary cookies and storage entries — consent under Section 25(2) TTDSG (German Telecommunications-Telemedia Data Protection Act) is not required for these:
Third-party cookies are not set.
For sign-up we collect your email address, your password (stored exclusively as a cryptographic hash) and optional profile data. Authentication runs via a separate login server on its own subdomain.
Purpose: management of your account, authentication, recovery. Legal basis: Art. 6(1)(b) GDPR (performance of a contract). Storage period: until you delete your account; after that, the data is removed from the live database without delay and, after the backup rotation period (~3 months), also from the backups.
Your diary entries — texts, timestamps, tags, manually set locations, references to media and GPX tracks — are visible only to you. There is no feature to make content publicly available within the platform or to share it with other users.
Legal basis: Art. 6(1)(b) GDPR. Storage period: until you delete the entry or your account.
We store uploaded files in a directory on our server that is not publicly accessible. Access is granted exclusively via a PHP wrapper that, on every request, checks whether you are the owner of the file. Files may contain EXIF geocoordinates or, in the case of GPX tracks, full route information — this content is processed exclusively on our server.
Legal basis: Art. 6(1)(b) GDPR.
Geocoordinates and route data come from several sources: your manual input, uploaded GPX files, imports from Komoot or Strava, and EXIF data from images in your Nextcloud (if connected).
Note: Movement profiles allow conclusions to be drawn about home address, commute and habits. Entering this information is strictly voluntary. There is no analysis across multiple users; location data is not transmitted to third parties.
Legal basis: Art. 6(1)(b) GDPR, or (a) for data from connected services.
Maps are displayed using the open-source library Leaflet. The map tiles are loaded directly from the tile server of the OpenStreetMap Foundation. When a map is loaded, your IP address, your user agent and a timestamp are transmitted to OpenStreetMap.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a functional, free and ad-free map display). Maps are loaded only when you open a page that contains a map.
OpenStreetMap Foundation privacy notice: osmfoundation.org/wiki/Privacy_Policy.
Our servers are located in Germany and operated by All-Inkl.com Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf. We have a data processing agreement with the hosting provider in accordance with Art. 28 GDPR. All categories of data mentioned in this notice are processed (purely technically, for storage and delivery).
Legal basis: Art. 6(1)(f) GDPR.
Provider: Komoot GmbH, Karlstraße 3, 10117 Berlin, Germany. A connection is established only if you actively enter your Komoot email and your Komoot password in your profile. We store your Komoot password encrypted with a key derived from your user ID — a database copy alone is not sufficient to decrypt it.
Data flows: nyinto → Komoot (login, tour query); Komoot → nyinto (tour lists, GPX data). Data processed: Komoot user ID, tour metadata, GPX routes.
Legal basis: Art. 6(1)(a) GDPR (consent through active connection). You can disconnect at any time in your profile.
Markers for deleted imports: When you delete an imported tour, we store the external Komoot tour ID (no content data) as a deletion marker. Purpose: to respect your deletion and prevent a later data sync from re-importing the tour. Legal basis: legitimate interest in a consistent diary that reflects your choices (Art. 6(1)(f) GDPR). Retention: until you disconnect Komoot — the markers are then deleted.
Komoot privacy notice: www.komoot.com/privacy.
Provider: Strava, Inc., 208 Utah Street, Suite 400, San Francisco, CA 94103, USA. The connection is established via the OAuth 2.0 protocol; access and refresh tokens are stored encrypted in our database. Strava notifies us via webhook of new or modified activities, provided you have agreed to the connection.
Data flows: nyinto ↔ Strava (activity retrieval, webhook for live updates). Data processed: Strava athlete ID, activity metadata, GPX streams.
Note on transfer to the United States: The transfer to the United States is based on the EU Standard Contractual Clauses (Art. 46(2)(c) GDPR); additional safeguards (encryption, purpose limitation, right of withdrawal) are in place.
Legal basis: Art. 6(1)(a) GDPR (consent). You can revoke the connection at any time in your profile or directly in your Strava settings.
Markers for deleted imports: When you delete an imported activity, we store the external Strava activity ID (no content data) as a deletion marker. Purpose: to respect your deletion and prevent a later data sync from re-importing the activity. Legal basis: legitimate interest in a consistent diary that reflects your choices (Art. 6(1)(f) GDPR). Retention: until you disconnect Strava — the markers are then deleted.
Strava privacy notice: www.strava.com/legal/privacy.
The Nextcloud connected to nyinto is your own instance. You provide the URL and credentials yourself. We are not the controller for the content stored in your Nextcloud — we only access, in read-only mode, what you grant us access to.
At nyinto we store: the connection URL, your access tokens (encrypted), the list of monitored folders, a sync token, metadata of the media found (path, file name, GPS coordinates from EXIF, capture timestamp) and small preview caches. The actual media files remain in your Nextcloud — nyinto only references them.
Legal basis: Art. 6(1)(a) GDPR (consent at the time of connecting) or (b) (contract during use). When you delete the connection in your profile, all tokens, caches and metadata related to the Nextcloud held by us are removed.
Calendar (CalDAV): When you enable one of your Nextcloud calendars in your profile, we mirror the following event data into the nyinto database via the open CalDAV interface: title (SUMMARY), description (DESCRIPTION), location (LOCATION), start and end time, time zone, recurrence rules (RRULE) and a unique identifier (UID). The sole purpose is to display your events in your personal logbook. The legal basis is Art. 6(1)(a) GDPR (consent when enabling the calendar) or (b) (contract during use). You enable and disable each calendar individually in your profile under "Services". Retention: for as long as the respective calendar is enabled — when disabling it, you decide yourself whether the imported entries remain in the logbook or are deleted. There is no disclosure to third parties and no transfer to a third country; your Nextcloud is the only external storage location, and you chose it yourself.
Provider: Mollie B.V., Keizersgracht 313, 1016 EE Amsterdam, Netherlands. As soon as you purchase a paid feature (e.g. a subscription), we process the payment via Mollie. You'll be redirected to a secure Mollie payment page; you enter your full payment details (card number, IBAN, PayPal login, etc.) directly on Mollie's site — they never reach our servers.
Data flows:
paid, failed, expired, chargeback), timestamp, Mollie transaction ID, chosen payment method (e.g. "creditcard", "ideal", "paypal", "sepadirectdebit"), and for card payments the last four digits and the expiry date (so you can recognize the card in your account).Data processed at nyinto: name, email, billing amount, Mollie transaction ID, payment status, payment method, order date, and optionally the last four digits of the card.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract — no subscription without payment processing). For bookkeeping, Art. 6(1)(c) GDPR (legal obligation) also applies.
Retention period: Transaction and invoice data are subject to commercial and tax law retention requirements and are kept for 10 years (Section 147 AO, Section 257 HGB — German tax and commercial codes). After this period they are deleted.
Controller relationship: We have a data processing agreement with Mollie under Art. 28 GDPR. For the actual payment data (full card number, IBAN, etc.), Mollie acts as an independent controller as a licensed payment institution under Section 32 ZAG / PSD2 (the German payment services oversight law).
Mollie privacy notice: www.mollie.com/privacy.
For audience measurement we use Matomo on our own infrastructure (matomo.nyinto.com). The measurement data does not leave our server.
0).Legal basis: Art. 6(1)(f) GDPR (legitimate interest in privacy-friendly audience measurement).
Objection: You can object to the collection at any time. To do so, click the toggle below — the setting is stored in your browser.
Loading status …
We send only service emails via the SMTP server of our hosting provider in Germany. We do not send newsletters or marketing emails.
Email types:
Legal basis: Art. 6(1)(b) GDPR (performance of contract) for registration, welcome, reset and subscription emails; Art. 6(1)(f) GDPR (legitimate interest in account security) for the security notification.
Data processed: email address, timestamp of the change, user agent.
Retention: The data is transmitted in the email body and not additionally persisted. Delivery logs are automatically rotated according to our hosting provider's standard.
Recipients: Our email host all-inkl.com GmbH (data processor under a DPA).
Under the GDPR you have the following rights:
Send informal requests to datenschutz@nyinto.com.
If you believe that the processing of your data violates the GDPR, you can lodge a complaint with the supervisory authority responsible for us:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)Purpose: Tags are personal keywords that you voluntarily assign to your log entries, tracks, locations, and media to help you categorise them.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract — the tagging feature is part of the nyinto service you have contracted for).
Categories of data: Free-text keywords that you enter yourself. Tags may contain personal information if you choose to name them that way. They are visible to you only.
Retention: Tags are retained as long as they are assigned to at least one piece of content. Tags with no remaining assignments are deleted automatically. All tags are deleted when your account is deleted.
Recipients: No disclosure to third parties. Tags are not analysed and not used for machine learning.
When you use a nyinto subscription, we store in our database:
Purpose: Performance of contract — managing your subscription and controlling access.
Legal basis: Art. 6(1)(b) GDPR.
After registration you automatically receive a 30-day free trial with no payment details required. During this period only the account data described in section F is processed.
When your access ends (trial expired, cancellation, unresolved payment failure), a lock-out period applies:
After the lock-out period expires, an automated cron job permanently deletes your personal content (log entries, GPX tracks, saved locations, and associated files). Payment and transaction records (sections K.5 and R.1) are retained for 10 years in accordance with statutory accounting requirements (§ 147 AO, § 257 HGB).
You will receive a reminder email 7 days before deletion.
Legal basis: Art. 6(1)(b) GDPR (erasure as part of the contract) and Art. 6(1)(c) GDPR (legal retention obligation for billing records).
When you first purchase a subscription, you have a 14-day right of withdrawal under § 356 BGB. The full withdrawal instructions are included in your booking-confirmation email and at /tac#widerruf. During MVP operations, withdrawal requests are processed manually at datenschutz@nyinto.com.
Purpose: If you decide to import your Facebook data into your diary, we process the JSON files you upload from the official Facebook export to create diary entries and saved places.
Legal basis: Art. 6(1)(a) GDPR (consent). The upload is a deliberate action on your part.
Data categories: Post text, timestamps, place information (name and, where available, coordinates and address), life events (title, date, place, and any people tagged with them), notes, own places. Photos and videos are not imported.
Retention period: Uploaded JSON files are automatically deleted at most 24 hours after upload. Imported diary entries and places remain in your diary until you delete them.
Recipients: No transmission to Facebook or third parties. Processing takes place entirely on the nyinto servers.
Third-party geocoding: If imported places lack coordinates, we query the place name via the OpenStreetMap service Nominatim (operator: OpenStreetMap Foundation, United Kingdom) to obtain geocoordinates. Only the place name is transmitted; no user identifiers are sent. The response is stored in our internal cache.
Right to withdraw: You can delete imported entries and places at any time, individually or in bulk.
Purpose: Web links are references to external websites that you voluntarily save in your diary — either manually as a dedicated entry type or automatically from the Facebook import (shared links).
Legal basis: Art. 6(1)(b) GDPR (performance of a contract — saving references is part of the agreed nyinto service).
Categories of data: The URL you save, a name/title, a free-text description, and the domain derived from the URL. This information is visible to you only.
Fetch title: When adding a link manually, you can use a button to fetch the page title automatically. The nyinto server then makes a direct HTTP request to the linked external website. That website thereby receives the nyinto server's IP address (not yours) and the requested URL. This only happens on your explicit action; no such request is made during the Facebook import.
Retention: Web links are retained until you delete them, and are deleted at the latest when your account is deleted.
Recipients: No disclosure to third parties. Saved references are not analysed and not used for machine learning (for the optional "fetch title" feature, see above).
When you capture a photo or video in the nyinto app — or pick one from your library — the original file stays on your device. Only a downscaled preview image (thumbnail, at most 400 px) plus the metadata of the shot are sent to nyinto.
Purpose: to show your entries in the app and the web feed using a preview image instead of the original file.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract — capturing diary media is part of the nyinto service you signed up for).
Data categories: the downscaled preview image, the capture timestamp (including the time-zone offset), the GPS coordinates of the shot, the camera model and further EXIF details (e.g. aperture, exposure time, ISO), as well as a device-side asset identifier used for duplicate detection. This information is visible to you only.
Retention: the preview image and metadata are kept until you delete the related entry or your account.
Recipients: no disclosure to third parties. The data stays on nyinto's servers (hosting, see K.1) and is neither analysed nor used for machine learning.
Important: since only the preview image lives on nyinto's servers, you are responsible for backing up your original files yourself (e.g. iCloud, Nextcloud, Google Photos). On other devices, videos appear as a preview image only, not in full resolution.
Controller for payment processing: Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA. Apple acts as "Merchant of Record" for in-app purchases — payment processing, refunds, and tax collection are handled entirely by Apple. nyinto receives no payment data (no card numbers, no bank details).
Purpose: Managing and reconciling subscription states completed via StoreKit 2 (iOS).
Legal basis: Art. 6(1)(b) GDPR (performance of contract — providing the purchased access).
Categories of data processed on nyinto's side:
app_account_token (UUIDv4, a pseudonymous link between the StoreKit transaction and the nyinto account)originalTransactionId (Apple-internal transaction identifier, no personal reference without Apple's keys)notificationUUID, notification type, environment (Sandbox/Production), subscription expiry date, product identifierRetention: Subscription-related transaction data is retained for the duration of the subscription and thereafter until the statutory retention period expires (10 years, § 147 AO). After account deletion, personal fields are erased after the erasure period; the transaction identifier is retained for tax law purposes.
Recipients / international transfer: To verify JWS signatures, nyinto communicates with the Apple App Store Server API (servers in the USA). The transfer is based on Standard Contractual Clauses (Art. 46(2)(c) GDPR). Apple's privacy information: apple.com/legal/privacy/.
Cancellation: A subscription purchased through the App Store can only be cancelled via the Apple ID subscription settings. Server-side cancellation by nyinto is technically not possible.
We update this privacy notice when processing activities or legal frameworks change. The current version is always available here at /privacy.
Last updated: — Updated: Apple In-App Purchase subscription reconciliation (K.6); app-side camera capture (K.5).