Privacy Policy

Short version: the LuftDings app collects nothing — no account, no backend, no tracking; everything happens on your device. This website is hosted on GitHub Pages, which (like any web server) processes visitors’ IP addresses in its logs.

Last updated: 21 June 2026. A German version is available: Datenschutzerklärung.

Controller

The controller responsible for data processing under the GDPR is the operator named in the Impressum / Legal Notice. Contact: support@poschenrieder.io.

Scope

This policy covers two things, which are deliberately separate: (1) the LuftDings iOS app, and (2) this website at luftdings.poschenrieder.io. The app and the website do not share data.

1. The LuftDings app

What the app collects

Nothing. The app has no backend server, no analytics, no advertising, no tracking, and no third-party SDKs that collect data. We do not create an account for you, and we never receive, see, or store any of your information. On the App Store the app declares “Data Not Collected.”

Your Airthings credentials

To show live data you provide your own Airthings API credentials (a client ID and secret you generate in your own Airthings account — “Bring Your Own API Key”). These credentials:

• are stored only in the iOS Keychain on your device;
• are shared with the LuftDings widget through a private, on-device App Group container so the widget can refresh;
• are never transmitted to us or to any server we control — we operate no servers for the app.

Your air-quality data

When you use live data, the app sends your Airthings credentials directly from your device to the Airthings Cloud API and receives your latest sensor readings in return. Those readings are cached locally on your device (in the App Group container) so the widgets can display them and show a “last updated” time. This data is not sent anywhere else. Airthings is an independent controller for the data processed through your Airthings account; its handling is governed by Airthings’ own terms and privacy policy, over which we have no control.

Demo mode

Without credentials, the app runs in a demo mode using built-in, fictional sample data. No network requests are made and no data leaves your device.

Legal basis & on-device storage

Processing in the app serves only to provide the functionality you request (Art. 6(1)(b)/(f) GDPR). Storing credentials and cached readings on your device is strictly necessary to deliver the service you explicitly requested, so it falls under § 25(2) TDDDG and requires no separate consent. The app is distributed via the Apple App Store; Apple may process download and usage data as an independent controller under Apple’s privacy policy.

2. This website

This website is static and hosted on GitHub Pages (GitHub, Inc., 88 Colin P. Kelly Jr. Street, San Francisco, CA 94107, USA), delivered via GitHub’s content-delivery network.

• Server logs. Like any web server, GitHub automatically processes technical access data when you visit — including your IP address, date and time, the page requested, referrer, and browser/user-agent string. This is necessary to deliver the site and to keep it secure and stable. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operating a secure website). We have no access to these logs.
• No cookies, no analytics, no tracking, no external fonts or CDNs. The site sets no cookies and loads no third-party scripts or fonts, so no consent banner is required (§ 25 TDDDG).
• International transfer. GitHub is a US provider (Microsoft group). Data may be processed in the USA on the basis of the EU–US Data Privacy Framework and/or EU Standard Contractual Clauses. See GitHub’s privacy statement.

Recipients

Airthings (only via your own account, when you use live data), GitHub (website hosting), and Apple (app distribution). We do not sell or share data with anyone else.

Retention

App data (credentials, cached readings) stays on your device until you delete it or uninstall the app. Website server logs are retained and controlled by GitHub per its own policy; we hold no copies.

Your rights

Under the GDPR you have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and objection (Art. 21), and to withdraw consent (Art. 7(3)) where processing is based on it. Because the app collects no personal data about you and we operate no servers for it, we typically hold nothing to disclose or erase; for website server logs, please also refer to GitHub.

Right to complain

You may lodge a complaint with a data-protection supervisory authority, in particular the one for our location, the Berliner Beauftragte für Datenschutz und Informationsfreiheit, or the authority where you live or work.

Automated decision-making

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.

Children

LuftDings is not directed at children and does not knowingly collect information from anyone, including children.

Changes

If this policy changes, the updated version will be posted here with a new “last updated” date.

Contact

Questions about privacy? Email support@poschenrieder.io or see the Impressum.