Privacy Notice for Käse

Last updated: April 2026

1. Controller & Contact

Controller: VitaApps S.R.L., Bucharest, Romania
Email: contact@vitaapps.dev
Data Protection Contact / DPO: contact@vitaapps.dev

2. Supervisory Authority

EU users may lodge complaints with their national Data Protection Authority (e.g., Romania's ANSPDCP).

3. Scope & Updates

This notice applies to personal data processed via the Käse app and its website. Material changes will be communicated via app or email; continued use indicates acceptance.

4. What Data We Collect

4.1 Information You Provide

  • Registration data (email, password) — optional; anonymous authentication is available
  • Chat screenshots uploaded for AI-powered analysis and reply generation
  • Support inquiries and feedback

4.2 Data Extracted from Screenshots

  • Contact names detected from chat headers
  • Chat messages extracted via OCR (separated into "me" and "them")
  • This extracted data is stored locally on your device in a SQLite database and is not stored on our servers

4.3 Automatically Collected

  • Device identifier (used for rate limiting — stored server-side)
  • Usage analytics and crash reports (Firebase Analytics, Crashlytics)
  • App version and OS metadata

5. AI Processing

  • Screenshots are sent to Google Gemini API via Firebase Cloud Functions for OCR and message extraction
  • Extracted chat text is sent to Gemini for AI reply generation
  • Screenshots are processed in memory and are not stored server-side
  • Google does not train on paid API prompt data, per Google's API Data Usage Policy
  • Generated replies are returned to the app and stored only on your device

6. Local-First Architecture

Käse follows a local-first approach. Conversation history, extracted messages, and generated replies are stored exclusively on your device using an on-device SQLite database (Drift). The following data is stored server-side:

  • Firebase Authentication credentials
  • Rate-limit counters (per-user usage tracking)
  • Coach style unlock codes
  • RevenueCat subscription status

7. Legal Bases & Purposes

  • Service provision: performance of contract (processing screenshots, generating replies)
  • Security & rate limiting: legitimate interests
  • Analytics & crash reporting: legitimate interests (improving app quality)
  • Legal compliance: legal obligation

8. Data Sharing

  • With Firebase (Google) for authentication, analytics, crash reporting, and Cloud Functions hosting
  • With Google Gemini API for screenshot analysis and reply generation
  • With RevenueCat for subscription management
  • For legal obligations, court orders, or protection of rights
  • In case of business transfers (e.g., merger, acquisition)

We do not sell your personal data to third parties.

9. International Transfers

Your data may be processed outside the EU (e.g., Google Cloud servers). Transfers are protected via EU-approved safeguards (Standard Contractual Clauses).

10. Cookies & Tracking

We use Firebase Analytics and Crashlytics for performance monitoring and crash reporting. Non-essential tracking is subject to your explicit consent. Essential services (authentication, rate limiting) are exempt.

11. Data Retention

  • Account data: until account deletion + legally required retention period
  • On-device data (messages, screenshots, replies): stored locally until you delete them or uninstall the app
  • Rate-limit counters: reset periodically; removed upon account deletion
  • Logs & analytics: up to 180 days
  • Support communications: until resolution or deletion request

12. Your Rights

You may, under GDPR, CCPA/CPRA, etc., access, correct, delete, object to processing, request data portability, or withdraw consent. Since most data is stored locally on your device, you have direct control over it. For server-side data, contact us at contact@vitaapps.dev.

13. Children's Privacy

Käse is not directed at children under 16. We do not knowingly collect data from minors; if discovered, it will be promptly deleted.

14. Security

We implement encryption, access controls, and secure infrastructure via Firebase. Screenshots are processed transiently and not persisted server-side. While no system is 100% secure, we follow industry best practices to protect your data.

15. Automated Decision Making

Käse uses AI (Google Gemini) to generate reply suggestions. These suggestions are presented for your review and are never sent automatically on your behalf. You retain full control over whether to use, modify, or discard any generated reply.

16. Third-Party Links & APIs

Our services integrate with third-party APIs (Google Gemini, Firebase, RevenueCat). Each third party has its own privacy policy. Please review before sharing personal data.

17. Updates & Contact

This notice was last updated in April 2026. You'll be informed via app or email of significant updates. If you have questions, concerns, or wish to exercise your rights, contact us at contact@vitaapps.dev.