The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data means any data that can be used to identify you personally.
Josef Haras
Dr.-Adolf-Schärf-Platz 10/309
1220 Vienna
Email: office@bauchgefuehl.app
This website is built with Next.js and React. These technologies are used to provide and render the website.
We use Supabase as our backend service. Supabase stores data in the EU and is subject to GDPR requirements.
We use Brevo for email marketing and newsletter delivery. Your data is stored in the EU. You can unsubscribe at any time.
This website uses Google Analytics to analyze website usage. Processing is based on our legitimate interest in optimizing our website. You can object to this data processing.
We use PostHog (EU hosting, Frankfurt) to analyze website usage. Before you consent, we only collect anonymous, storage-free usage data (no cookies, no recognition); your IP address is anonymized and not stored. After you consent via the cookie banner, we use PostHog with cookies for reach and funnel analysis as well as session replay (recording of anonymized page interactions; input fields are masked; sensitive areas such as quiz, login, and checkout are not recorded; retention 30 days). A data processing agreement (DPA) is in place with PostHog.
Legal basis: before consent Art. 6(1)(f) GDPR (legitimate interest in anonymous reach measurement without accessing your device), after consent Art. 6(1)(a) GDPR (consent). You can withdraw your consent at any time via the cookie banner.
To improve Bauchgefühl, we also analyze how the app is used, using PostHog with data processing exclusively on EU servers (Frankfurt, eu.posthog.com). IP addresses are anonymized before storage. What we never collect: your health data. Cycle data, symptoms, moods, and all other health information stay encrypted on your device and are never transmitted to our analytics systems — we only record usage behavior, such as which features are used or where the app has problems. Two tiers apply: (a) during installation, onboarding, and sign-up we collect fully anonymous technical events (no identifier is stored on your device; each app start begins a new, unlinkable session — no personal data is processed). (b) Only if you explicitly consent after signing up do we link usage events (e.g. "a feature was used" — never its content) pseudonymously to your account. You can withdraw your consent at any time in the app settings ("Usage statistics" toggle); from that point on, no further data is collected and the analytics identifier is discarded.
Legal basis: Art. 6(1)(a), Art. 9(2)(a) GDPR (consent). Recipient: PostHog Inc. as processor (EU hosting; data processing agreement incl. EU standard contractual clauses).
The app uses Google Firebase to deliver push notifications (Firebase Cloud Messaging) and for crash and performance reports (Crashlytics, Performance Monitoring). This processes technical device information (e.g. device token, device model, OS version, app version, crash logs); no health data is included. The content of cycle-related reminders is computed exclusively on your device. Google Firebase Analytics is not used.
Legal basis: Art. 6(1)(b) GDPR (providing the app features you enabled) and Art. 6(1)(f) GDPR (legitimate interest in stability and bug fixing).
We use the Facebook Pixel for conversion tracking and remarketing. Processing is based on your consent, which you can withdraw at any time.
We use Google Tag Manager to manage tracking tools. Tag Manager itself does not process personal data.
Visible notifications (e.g. cycle reminders) are only shown if you have enabled notifications, and can be turned off at any time. In addition, we send invisible system pushes to all devices where you are signed in — regardless of your notification settings. These never display anything and contain no content or health data; they merely wake the app briefly in the background so it can create your encrypted backup. The backup itself leaves your device exclusively end-to-end encrypted — we cannot read its contents. Delivery uses Firebase Cloud Messaging (see above).
Legal basis: Art. 6(1)(b) GDPR (performance of contract — providing the backup feature).
To generate personalized recipe suggestions, the following data is transmitted to an AI service (Google Vertex AI):
This data is used exclusively to generate the respective response and is not used for training AI models – neither by us nor by Google as the provider of the AI service. Processing is based on Art. 6(1)(b) GDPR (performance of contract).
For more information about data protection at Google Vertex AI, please refer to Google's data processing addendum: https://cloud.google.com/terms/data-processing-addendum
You have the following rights:
If you have questions regarding the collection, processing, or use of your personal data, or if you would like information, correction, blocking, or deletion of data, please contact: office@bauchgefuehl.app
This privacy policy was last updated on June 12, 2026. We reserve the right to amend this policy so it always complies with current legal requirements.