HighFive Contacts

Privacy Policy

Effective Date: September 2025

Controller: 
idyation GmbH, Käthe-Kollwitz-Ring 2, 40822 Mettmann, Germany
Represented by:
Ingo Dyrbusch; Phone: +49 151 26398548;
Email: info@highfivecontacts.com

Table of Contents

  1. Data Protection at a Glance
  2. Data Controller and Contact
  3. Scope of Policy
  4. Hosting and Server Log Files
  5. Data Processing in the App
    • 5.1 Device Data
    • 5.2 Calendar & Photos
    • 5.3 iCloud Synchronization
    • 5.4 Apple Intelligence (Foundation Models)
    • 5.5 Push Notifications & Review Invites
  6. In-App Purchases and Subscriptions
  7. Data Processing on the Website
    • 7.1 Contact Forms & Email
    • 7.2 Newsletter (MailPoet)
    • 7.3 Cookies & Consent Management
    • 7.4 Analytics (WP Statistics)
    • 7.5 Embedded Content & Social Media
  8. Affiliate Links and Disclosure
  9. Legal Bases for Processing (GDPR)
  10. Data Sharing, Processors, International Transfers
  11. Data Retention
  12. Withdrawal of Consent
  13. Right to Object
  14. Data Subject Rights
  15. Children’s Privacy (COPPA)
  16. US Users (CCPA)
  17. Data Security
  18. Changes to the Policy
  19. Contact

1. Data Protection at a Glance

1. Introduction

HighFive Contacts (“we”, “us”) respects your privacy and complies with all applicable laws, notably the General Data Protection Regulation (GDPR, EU 2016/679), the UK GDPR, US CCPA, and COPPA. This Privacy Policy explains how and which personal data we process when you use our apps (iOS/macOS) and website.

2. Data Controller and Contact

The data controller is idyation GmbH, Käthe-Kollwitz-Ring 2, 40822 Mettmann, Germany, represented by Ingo Dyrbusch. Contact details as above.

3. Scope of this Policy

This policy applies to:

  • All uses of the HighFive Contacts iOS & macOS apps
  • The landing page, blog, and any interactive features on our website

4. Hosting and Server Log Files

The website is hosted by Strato AG, Otto-Ostrowski-Str. 7, 10249 Berlin, Germany. Strato records log files (IP address, timestamps, browser details, OS, referring URL) for up to 14 days. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in stable and secure operation). A processing agreement per Art. 28 GDPR is in place.

5. Data Processing in the App

5.1 Device Data

Contact details entered in the app (names, birthdays, notes, reminders) are only stored locally unless synchronization is enabled. We do not access personal data on your device without your permission. Legal basis: Art. 6(1)(b) GDPR (contractual necessity), Art. 6(1)(a) GDPR (consent for optional features).

5.2 Calendar & Photos

With user consent, the app may access calendar entries and photos to enrich profile and reminder features. Legal basis: Art. 6(1)(a) GDPR (explicit consent).

5.3 iCloud Synchronization (Optional)

If enabled, your app data is synced to your personal Apple iCloud account, managed by Apple Inc. Apple may process or transfer data outside the EU/EEA; Apple’s privacy policy applies. Legal basis: Art. 6(1)(a) GDPR (consent). We never access your iCloud data.

5.4 Apple Intelligence (Foundation Models)

Where available (iOS/macOS 26+), features such as birthday gift suggestions and summary writing use Apple Foundation Models. All data processed for intelligent suggestions is handled either locally or, if cloud-processing is required, via Apple’s Private Cloud Compute infrastructure. Apple may process pseudonymized data; Apple’s privacy assurances and GDPR-compliance apply. Legal basis: Art. 6(1)(a) GDPR (explicit consent for optional AI features).

5.5 Push Notifications & Review Invites

The app may send you push notifications for reminders, feature updates, and invitations to review the app. You may disable notifications any time via device settings. Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interest in user engagement).

6. In-App Purchases and Subscriptions

Purchases and subscriptions (e.g., for unlocking macOS features) are handled exclusively via the Apple App Store infrastructure. Payment data (e.g., credit card, billing address) is not stored or processed by idyation GmbH, only by Apple. Apple’s privacy policy applies to all purchase transactions: https://www.apple.com/privacy/ Legal basis: Art. 6(1)(b) GDPR (performance of contract). Apple may process data outside the EU/EEA, using standard safeguards.

7. Data Processing on the Website

7.1 Contact Forms & Email

Personal data submitted via contact forms or email (name, email, message content) is processed solely for handling inquiries. Legal basis: Art. 6(1)(b) GDPR (contractual/pre-contractual necessity).

7.2 Newsletter (MailPoet)

If opted-in, you receive our newsletter via MailPoet; name and email are stored for this purpose. Double opt-in is used for registration. Legal basis: Art. 6(1)(a) GDPR (consent). You may unsubscribe anytime.

7.3 Cookies & Consent Management

Cookies ensure website functionality and, with your consent, website analytics. Necessary cookies: Art. 6(1)(f) GDPR. Analytics cookies: Art. 6(1)(a) GDPR. Consent may be revoked anytime via banner or browser settings.

7.4 Analytics (WP Statistics)

We use WP Statistics (VeronaLabs, Estonia). IP addresses are anonymized before storage and never combined with other personal data. No third-party cookies are used. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in anonymized analytics).

7.5 Embedded Content & Social Media

Embedded content (e.g., YouTube) and social media links (e.g., Etsy, Instagram) may transfer data to the respective providers under their own privacy policies. Legal basis: Art. 6(1)(a) GDPR (consent for activation via Shariff/social plugins).

The app and website include affiliate links (primarily Etsy). Disclosure: “When you click an affiliate link, we may earn a commission from qualifying purchases.” When following an affiliate link, third parties such as Etsy may use cookies or tracking technologies under their own privacy terms. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in financing our services).

9. Data Sharing, Processors, International Transfers

We do not sell or rent your personal data. Where required, data processing agreements under Art. 28 GDPR are in place (Strato, etc.). Data may be shared with:

  • Apple (iCloud, App Store subscriptions, Apple Intelligence features)
  • Strato (hosting)
  • MailPoet (newsletter)
  • VeronaLabs (WP Statistics)
  • Affiliate partners (Etsy) International transfers (e.g., iCloud or Apple Intelligence) follow adequacy criteria or standard contractual clauses.

10. Data Retention

  • App Data: Stored locally or in iCloud, until deleted by user
  • Newsletter Data: Until unsubscribe
  • Contact Inquiries: Duration of request plus statutory retention periods
  • Server Logs (Strato): Up to 14 days
  • Analytics Data: Anonymized, no personal reference

Any consent may be withdrawn at any time with effect for the future (Art. 7(3) GDPR). Examples:

  • Newsletter: via unsubscribe link
  • Analytics: via cookie banner/browser settings
  • iCloud: via device settings
  • Apple Intelligence: via app settings

Withdrawal does not affect the lawfulness of prior processing.

12. Right to Object

You may object at any time (Art. 21 GDPR) to the processing of personal data based on Art. 6(1)(e) or (f) GDPR, due to your particular situation. Where objected, we will cease processing unless compelling legitimate grounds exist or for the establishment, exercise or defense of legal claims.

13. Data Subject Rights

You have the right to:

  • Request access to your personal data (Art. 15 GDPR)
  • Request correction (Art. 16 GDPR)
  • Request erasure (Art. 17 GDPR)
  • Restrict processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR) – for data provided to us (e.g., newsletter)

For exercising these rights, contact info@highfivecontacts.com.

14. Children’s Privacy (COPPA)

Our app and website are not directed to children under 13. We do not knowingly collect data from users under 13. If discovered, such data will be deleted immediately.

15. US Users (CCPA)

While not legally required, we voluntarily offer:

  • Information about categories and sources of collected personal data
  • Right to request deletion (e.g., unsubscribe from newsletter)
  • We never “sell” personal data

16. Data Security

We implement security measures per Art. 32 GDPR (technical and organizational safeguards). This includes encryption, access controls, data minimization, and regular monitoring. No method is 100% secure; data transmission via internet inherently involves risks.

17. Changes to this Policy

We may update this Privacy Policy to reflect changes in law or our services. The latest version is published on our website and within the app.

18. Contact

For any privacy-related questions, or if you wish to exercise your rights: idyation GmbH, Käthe-Kollwitz-Ring 2, 40822 Mettmann, Germany; Email: info@highfivecontacts.com

This Policy applies equally to our website (www.highfivecontacts.com), iOS/macOS apps, and any marketing materials referencing HighFive Contacts.