NIS2 Pilot NIS2 Pilot NIS2 Pilot
← Back DE

Privacy Policy

As of: March 2026 | Version 1.1

Summary: The app stores all data locally on your device. On our website, we use localStorage and sessionStorage for the following purposes: theme preference (nis2-theme), CTA dismissal (nis2-cta-dismissed, sessionStorage), check history (nis2-last-score, nis2-last-date). This data remains exclusively in your browser, is not transmitted to servers and contains no personal data. You can delete this data at any time via your browser settings.

1. Data Controller

Batikaan Sarikurt
c/o Impressumservice Dein-Impressum
Stettiner Straße 41
35410 Hungen
Germany
Email: support@nis2pilot.app

2. What Data Is Processed?

2.1 Locally Stored Data

The following data is stored exclusively locally on your device:

  • Company data entered by you
  • Your answers and results
  • App settings and progress

This data is not transmitted to our servers.

2.2 Purchase Data (In-App Purchases)

In-app purchase transactions are processed through the Apple App Store. We use RevenueCat Inc. (USA) to manage purchases. The following data is processed:

  • Anonymous device ID
  • Purchase status (active/inactive)
  • Product identifier of the purchase

We receive no payment data or names. The website does not collect personal data (see 2.4).

2.3 Technical Data (Crash Reports)

For error analysis, the app uses Sentry (Functional Software Inc., USA). Crash reports are collected only with your explicit consent and are disabled by default. Only technical crash data is transmitted: no personal data, no inputs, no company data.

2.4 Website

The website does not collect personal data. Only local browser storage (localStorage/sessionStorage) is used for convenience functions (see above).

2.5 Feedback Form

Through our feedback form, you can share wishes, issues or general feedback with us. The following data is processed:

  • Message text: Your feedback (required)
  • Email address: Only if you want a reply (optional)
  • Technical data: App version, product tier and request origin (automatically transmitted, not personal)

Your message is forwarded to the operator via email. There is no permanent storage on the server. If you provide an email address, we use it exclusively to respond to your inquiry. Deletion occurs after processing, at most after 6 months.

3. Purpose and Legal Basis

  • Local data storage: Contract performance (Art. 6(1)(b) GDPR) — necessary for app functionality
  • In-app purchases: Contract performance (Art. 6(1)(b) GDPR) — processing your order
  • Crash reports: Consent (Art. 6(1)(a) GDPR) — only with your consent
  • Feedback form: Consent (Art. 6(1)(a) GDPR) — processing your feedback
  • Website convenience functions: Legitimate interest (Art. 6(1)(f) GDPR) — localStorage/sessionStorage for theme and usage preferences

4. Recipients and Third-Party Providers

The following third-party providers may process data:

  • Apple Inc. (USA) — App Store, payment processing
    Privacy Policy
  • Google LLC (USA) — Play Store, payment processing
    Privacy Policy
  • RevenueCat Inc. (USA) — purchase management
    Privacy Policy
  • Functional Software Inc. (Sentry) (USA) — crash reports (disabled by default, only with your consent)
    Privacy Policy
  • STRATO AG (Germany) — web hosting
    Privacy Policy

5. Transfer to Third Countries

RevenueCat Inc. is based in the USA. Data transfer is based on:

  • EU-US Data Privacy Framework (adequacy decision by the European Commission)
  • Additionally: Standard Contractual Clauses (SCCs)

6. Storage Duration

  • Local data: Until you delete it in the app or uninstall the app
  • Purchase data at RevenueCat: According to their retention policies (max. 3 years after contract end)
  • Website data: localStorage entries remain in the browser until manual deletion; sessionStorage is deleted when the tab is closed
  • Rate limiting data: Anonymized IP hashes are automatically deleted after 1 hour

7. Your Rights

You have the following rights under GDPR:

  • Access (Art. 15) — What data we hold about you
  • Rectification (Art. 16) — Correction of inaccurate data
  • Erasure (Art. 17) — In the app: Settings → Delete all data
  • Restriction (Art. 18) — Restriction of processing
  • Data portability (Art. 20) — Export of your data
  • Objection (Art. 21) — Against certain processing

Contact for inquiries: support@nis2pilot.app

8. Withdrawal of Consent

If you have given consent (e.g. for crash reports via Sentry), you can withdraw it at any time. You can disable crash reports in the app settings. The lawfulness of processing carried out before the withdrawal remains unaffected.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The competent authority is:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
www.baden-wuerttemberg.datenschutz.de

10. No Automated Decision-Making

There is no automated decision-making or profiling within the meaning of Art. 22 GDPR.

11. Changes

We reserve the right to update this privacy policy to reflect changes in the legal situation or features. The current version is always available at this URL.