Privacy Policy

Privacy is important to us. Therefore, this Privacy Policy explains what data is used and how it is used when you decide to use Gleans web app (the "App"). In particular, we, Gleans UG (haftungsbeschränkt), would like to explain to you how we ensure the protection of your personal data.


Personal data is information that makes it possible to identify you directly or indirectly. It is primarily information that allows conclusions to be drawn about your identity, e.g. your name, your telephone number, your address or e-mail address. Statistical data that cannot be associated with you are not personal data within the meaning of the EU General Data Protection Regulation ("GDPR").


1. Contact persons and data protection officers

Your contact for "Gleans", the app and also operator of the network "Gleans" ("we", "us") is the


Gleans UG (haftungsbeschränkt)
℅ Antler, Jägerstraße 32
10117 Berlin


We are also the so-called data controller in the sense of the applicable data protection law for the processing of your personal data when you use "Gleans" or the app. If you have any questions or concerns about this, our help team will be happy to assist you:

Either via the contact form directly within the app or via email at help@gleans.me.


2. Data processing when using our app

When we collect or use data, this is always for specific purposes. These may result from technical and contractual requirements as well as from your express requests and inputs. Among other things, they enable us to keep the app up to date and user-friendly.

2.1 Installing the app

In order to download and install our app from an app store, you must first register for a user account with the provider of the respective app store (e.g. Apple App Store or Google Play) and conclude a corresponding user agreement with them. We have no influence on this, in particular we are not a party to such a user contract. When downloading and installing the app, the necessary information is transferred to the respective app store, in particular your username, your email address and the number of your account, the time of download, payment information and the individual device identification number. We have no influence on this data collection and are not responsible for it. We process this provided data only to the extent necessary for downloading and installing the app on your mobile device (e.g. smartphone, tablet). Beyond that, this data is not stored further.


2.2 Automatic data collection when using the app

When you use our app, various information of a technical nature is automatically transmitted from your device to our server. This is necessary for technical reasons so that the app works properly and you can use the desired services. In particular, this is the following data:

IP address of your mobile device

Type and version of your mobile device (e.g. "iPhone 6, iOS 8.1")

Name of the requested resource

Date and time of the request

Access status (resource transferred, resource not found, etc.)

Data volume transferred in each case

App version

After the end of the usage process, this data is only stored in so-called log files. Log files do not contain IP addresses and the information stored there does not allow any conclusions about your person. We store the log files for a maximum of 30 days. These log files are evaluated exclusively for the recognition and treatment of possible errors. With the help of statistical information, we can further develop our app to make it as comfortable as possible for our users. The legal basis is Article 6, paragraph 1(b) of the DSGVO.

2.3 Newsletter

If you are registered for "Gleans", you can receive our newsletter in which we regularly send you the latest information and features on the platform.

To send the newsletter, we use the email address that you entered during your registration. Of course, you can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. A message to the e-mail address given above or in the newsletter is of course also sufficient for this purpose. The legal basis for the processing is your consent in accordance with Article 6(1)(a) DSGVO.

We use standard market technologies in our newsletter with which the interactions with the newsletter can be measured (e.g. opening of the e-mail, links clicked on). We use this data in pseudonymous form for general statistical evaluations as well as for the optimization and further development of our content and communication with the users of "Gleans". This is done with the help of small graphics embedded in the newsletters (so-called pixels). The data is only collected pseudonymously, and the collected data is not linked to your other personal data. The legal basis for this is our legitimate interest according to Article 6, paragraph 1(f) of the DSGVO.

We want to provide the most relevant content possible for our users via our newsletter and better understand what readers are actually interested in. The data on the interaction with our newsletters is transmitted to Google Analytics for analysis. You can find more information about this in a separate section of our website's privacy policy. If you do not want your usage behaviour to be analysed, you can unsubscribe from the newsletter or deactivate graphics by default in your email program.


3. General information on the handling of data that you provide to us

3.1 Data security and encryption

We maintain current technical measures to ensure data security, in particular to protect personal data from dangers during data transmissions and from third parties gaining knowledge. These are adapted to the current state of the art.

All data that you send to us from registration or login (e.g. contact details, profile details, posts) are transmitted in encrypted form. This encryption protects the confidentiality of the data exchange between your computer and our web server and helps to prevent e.g. the interception of data. To secure the personal data you provide, we use Transport Layer Security (TLS), which encrypts the information you enter.

With regard to our databases, all technical precautions have been taken to store your data in a secure environment. Access to all of your information is restricted to those employees who need it to carry out their professional activities. It is only granted for quality control purposes and for the purpose of investigating complaints and preventing fraud. All our employees are bound by an agreement to respect data protection and are instructed accordingly.

All personal data that you expressly provide to us via our app will only be used for the purposes for which you have provided us with this data.

3.2 Registration

If you decide to register for our login area, you will be asked to provide us with personal data. Without this data, registration and thus the use of "Gleans" or the app is not possible.

When you register for the first time, your entries are checked for plausibility to protect against fake registrations. For this purpose, the applicant must enter a registration code, for example, which he or she can obtain via various verification procedures that provide an indication of this. For this purpose, we use and archive the following personal data in connection with the data of the applicant or user: registration code used, type of verification procedure, inviting user, if applicable. Once the verification procedure has been carried out, any documents requested for this purpose will be deleted immediately.

For a successful verification we only need the proof of your first and last name. To protect your personal data, we ask you to black out all other personal information that is not relevant for verification when sending personal documents (e.g. invoice or ID card). This includes e.g. customer numbers, identity card number and similar.

If you choose the "By location sharing (GPS)" method for verification, we access your location data once and only for the purpose of verifying your address.

The legal basis for the processing is Article 6, paragraph 1(b) of the DSGVO, which states that the data is necessary for the performance of our service.

Please understand that "Gleans" or the app cannot be used anonymously. This way we can ensure that our terms of use are adhered to and other users are protected.


3.3 Profile data

Furthermore, we use personal data that you actively provide to us (in addition to the profile data when registering, e.g. also when creating a forum post: Username and post or when sending a message in the private messaging system: username, addressee and message). The legal basis is Article 6, paragraph 1(b) of the DSGVO, which states that the data is necessary for the performance of our service.

We will only use your data for other purposes if you have consented to this. The legal basis is Article 6, paragraph 1(a) of the DSGVO.

All personal data will only be stored by us for as long as is necessary for the respective purpose or for as long as we are legally obliged to store it (see section "Storage period").


3.4 Visibility of your data during registration

After registration you will appear as you decide on your profile. What you upload to your profile and make publicly available will be visible to anyone who visits the URL.


3.5 Use of the contact field

You can contact us by filling out the contact form in the app and then sending it to us. If you fill out the form and then click on "Send", the information you entered (subject and post) will be transferred to us via email.

In order to answer your requests as best as possible, we use the Intercom program. For this purpose, data that we need to answer your request is processed by Zendesk on our behalf. This data includes, for example, your name and email address. Zendesk complies with several self-regulatory frameworks, including participation in the EU-US Privacy Shield Framework.

We process the data from your request exclusively for communication with you. The legal basis is Article 6, paragraph 1(b) of the GDPR, which states that the data is necessary for the performance of our service.

We treat the data from your inquiry confidentially. The data you provide and the message history with our help team are stored for follow-up questions and subsequent contact. The storage is necessary at least until the complete processing of your request, but possibly beyond that for the fulfillment of contractual or legal obligations (see section "Storage period").

We have entered into an order processing agreement with Zendesk and implement the strict requirements of the GDPR when using service providers such as Zendesk.



4. Authorizations

Some features require the app to access certain services and data on your mobile device. Depending on the mobile operating system you use, this may require your explicit permission. Below, we'll explain what permissions the app may ask for and what types of features require those permissions.


4.1 Push messages

The app can alert you to certain news via push notifications, even if you are not actively using the app. The app only uses these push notifications if you have explicitly activated them. The legal basis is Article 6, paragraph 1(a) of the GDPR.

When you activate the Push Notification Service, your device will be assigned a device token from Apple or a registration ID from Google. The sole purpose of their use by us is to provide the Push Services. Without a device token or registration ID, no push messages can be sent to you for technical reasons. These identifiers are only encrypted, randomly generated numbers.

Notes for Apple users:

To be notified of certain events and topics through push notifications, even if you are not currently using the app, you must grant the app the necessary permission. Without your consent, which you give by activating it in the settings, we cannot send you a push message. The first time you log in to the app, you'll be asked if you want to allow push notifications. After that, you can customize push notification permissions in iOS settings and turn push notifications on or off at any time later.

To do this, open the iOS "Settings" app and select the "Messages" menu item. In the following menu, you will find an overview of all apps installed on your device that have a push notification function. Select our app here. Here you can turn the push notification function on or off. You also have the option of customising the display of push notifications in the app according to your wishes.

Notes for Android users:

On Android, all apps are set by default to allow you to receive push notifications even if you don't have the app open. Unfortunately, this is unavoidable due to Google's technical requirements, over which we have no control. The app will not use this permission without your permission. You will only receive push notifications if you explicitly activate this function in the app.

Within the app, you can switch off the push services you have activated at any time. Regardless of the settings in the app, you can also switch off the reception of push messages by calling up the app "Settings" in the main menu of your device and selecting the item "Apps" in the following menu item. There you will find an overview of all apps installed on your device. Select our app here. You can then turn the push notification function on or off via the "Show notifications" checkbox.


4.2 Deleting or changing USB memory contents, reading USB memory contents

During installation, the permissions "Delete or modify USB memory contents" and "Read USB memory contents" are requested. These permissions allow the app to cache content on your device. This is necessary in order to be able to provide you with content from the app even if there is no internet connection at the time. The app only uses storage content that it has created itself for this purpose. Other data on the USB memory is neither deleted nor changed. The read permission is necessary so that you can upload memory content to our app more quickly and easily, e.g. to upload your profile photo. The legal basis is article 6, paragraph 1(b) of the DSGVO.


4.3 Retrieving Network Connections/Network Access

During installation, the permission "Get network connections" is requested. This permission allows the app to determine whether you are connected to the Internet via a Wi-Fi network or via a mobile data connection (GRPS, 3G, LTE). This is to prevent larger data volumes from potentially burdening limited data volumes. The legal basis is Article 6, paragraph 1(b) of the GDPR.


5. evaluation of user behaviour (app tracking)


5.1 Firebase

This app uses "Firebase Services" (Firebase), an analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Firebase enables us to analyse the usage behaviour of the users of this app. The insights gained help us to improve this app and thus make your user experience more enjoyable. Firebase is a real-time database that we use for real-time data exchange and storage. In this process, user data is transmitted to Firebase.

Some Firebase services process personal data. In most cases, the personal data is limited to so-called "Instance IDs", which are provided with a time stamp. These "Instance IDs" assigned by Firebase are unique and thus allow linking of different events or processes. We process this aggregated data to analyze and optimize usage behavior, such as by evaluating crash reports. The legal basis for the processing is Article 6, paragraph 1(b) of the GDPR, which states that the data is necessary for the performance of our service.

For Firebase Analytics, Google also uses the advertising ID of the mobile device in addition to the "instance ID" described above. You can restrict the use of the advertising ID in the device settings of your mobile device.

For Android: Settings > Google > Ads > Reset ad ID

For iOS: Settings > Privacy > Advertising > No ad tracking

Firebase Cloud Messaging is used to transmit push messages or so-called in-app messages (messages that are only displayed within the respective app). A pseudonymous push reference is assigned to the end device, which serves as the target for the push messages or in-app messages. You can find more information in the "Push messages" section above.

The data generated in this context may be transferred by Google to a server in the USA for analysis and stored there. In the event that personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield. Furthermore, we have concluded several additional agreements with Google regarding data processing.

For more information about Google and Firebase privacy practices, please visit https://www.google.com/policies/privacy/ and https://firebase.google.com/support/privacy/.

5.2 Facebook SDK

The Facebook Software Development Kit ("Facebook SDK") of the social network Facebook, a service of Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA ("Facebook") is integrated into this app for marketing purposes.

We use Facebook SDK to make advertising campaigns for mobile apps more user-friendly, for example by not displaying ads for the corresponding app on devices on which the app is already installed. Furthermore, the Facebook SDK allows various evaluations of the installation of the app and the success of the advertising campaign. In addition, individual activities (events) of the user within the app can be analyzed in order to improve our app. The legal basis is Article 6, paragraph 1(f) of the GDPR, based on our legitimate interest in the needs-based design and continuous optimization of our app.

When you use our app, a connection is established between your system and a Facebook server via the Facebook SDK. Facebook sends us statistical and anonymous data about the general use of our app and provides the effectiveness of our Facebook ads. The data accruing in this context may be transferred by Facebook to a server in the USA for evaluation and stored there. In the event that personal data is transferred to the USA, Facebook has submitted to the EU-US "Privacy Shield Framework".

If you are a Facebook member and have allowed Facebook to do so via your account's privacy settings, Facebook may also link the information collected about your visit to us to your member account and use it to target Facebook ads. You can view and change the privacy settings of your Facebook profile at any time. You can still prevent this data processing by disabling profile tracking on our website at the end of our privacy policy while you are logged in. This will stop tracking as soon as you are logged in to the app or our website.

If you opt out of Facebook's data processing, Facebook will only display generic Facebook ads that are not selected based on information collected about you.

You can find more information about this in Facebook's data policy.

5.3 Other services

We also use the services of Microsoft Clarity, Google Analytics and Mixpanel to get a better insight into the behavior of our users. This data is of course anonymous and completely industry standard.

These tools allow us to build a product that is tailored to your needs.


6. facebook fanpage

We operate our own so-called fan page on the social network of Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA ("Facebook"). With the help of this fan page, we want to communicate with everyone who is interested in our work, especially users and fans of Gleans, and inform them about Gleans. The legal basis for this is Article 6, paragraph 1(f) DSGVO.

Through the Fanpage, we may receive information about users registered with Facebook. Examples of such information may relate to users on the one hand: Information about the number of users, their names, interactions between users such as likes or comments. Other examples may include aggregate demographic and other types of information, as well as statistics based on certain parameters about Gleans and the information offered on our Fan Page. This information can help us learn about interactions with our Fan Page.

We have no influence on data that is processed by Facebook. However, we would like to point out that data is transferred to the Facebook servers when you visit the fan page. If you are logged in to Facebook with your user name and password, Facebook receives the information that you have visited our fan page. By logging in, Facebook can assign this information to your user account. Facebook itself uses the aforementioned data and information to create detailed statistics and uses them for its own purposes, over which we have no influence. In the event that personal data is transferred to the USA, Facebook has submitted to the EU-US Privacy Shield. You can find more information about this in Facebook's data policy.

To the extent that we have personal data in this context, users have the rights set out in this privacy policy (see sections "Your rights" and "Right of withdrawal and objection" below in this privacy policy). If users wish to assert additional rights against Facebook, the easiest way to do so is to contact Facebook directly. Facebook knows the details of the technical operation of its social network as well as the associated data processing and the specific purposes of this data processing. Facebook can implement appropriate measures upon request if users exercise their rights. We are happy to support users in asserting their rights, insofar as this is possible for us.


7. disclosure of data

A passing on of the data raised by us takes place in principle only, if:

you have given your express consent to do so in accordance with Article 6(1)(a) DSGVO,

the disclosure is necessary in accordance with Article 6(1)(f) DSGVO for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in not having your data disclosed,

we are legally obliged to disclose in accordance with Article 6(1)(c) DSGVO, or

this is legally permissible and necessary according to Article 6 paragraph 1(b) DSGVO for the processing of contractual relationships with you or for the implementation of pre-contractual measures, which take place upon your request.

Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include, in particular, our data center, which stores our website and databases, IT service providers who maintain our system, and consulting companies. If we pass on data to our service providers, they may only use the data to perform their tasks. The service providers have been carefully selected and contracted by us. They are contractually bound to our instructions, have suitable technical and organisational measures in place to protect the rights of the data subjects and are regularly monitored by us.

In addition, disclosure may occur in connection with official inquiries, court orders and legal proceedings if it is necessary for legal prosecution or enforcement.

7.1 Amazon Web Services

Your data is partially processed on servers provided by Amazon Web Services, a service of Amazon Web Services Inc, 410 Terry Avenue North, Seattle, Washington 98109, USA ("AWS"). The servers we use are generally located within the European Union. However, for technical reasons, parts of your data may also be processed in countries outside the European Economic Area, in particular in the USA. To ensure the protection of your data in this case, AWS participates in the EU-US Privacy Shield. In addition, we have concluded a special contract with AWS that meets the requirements with regard to the standard contractual clauses of the European Commission. The legal basis is Article 6, paragraph 1(f) of the GDPR, based on our legitimate interest to store content of our app securely and reliably by external service providers.


8. storage period

In principle, we store personal data only as long as necessary for the fulfilment of contractual or legal obligations for which we have collected the data. Thereafter, we delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for civil claims or due to statutory retention obligations.

For evidentiary purposes, we must retain contractual data for three years from the end of the year in which any business relationship with you ends. Any claims become statute-barred at the earliest on this date in accordance with the statutory limitation period.

Even after this, we still have to store some of your data for accounting reasons. We are obliged to do so because of legal documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified there for the retention of documents are two to ten years.


9. your rights

You have the right to request information about the processing of your personal data by us at any time. When you request information, we will explain the data processing to you and provide you with an overview of the data stored about you.

If any data stored by us is incorrect or no longer up to date, you have the right to have this data corrected.

You can also request the deletion of your data. If deletion is exceptionally not possible due to other legal provisions, the data will be blocked so that they are only available for this legal purpose.

You can also have the processing of your data restricted, e.g. if you believe that the data we have stored is incorrect. You also have the right to data portability (Article 20 DSGVO). This means that we will send you a digital copy of your personal data stored by us upon request. You can request this directly in the app. To do so, go to the menu item "You in the neighborhood" to the sub-item "About Gleans". Then select the menu item "My data". There you can click on the button "Create archive". You will then get a link to download your data stored with us.

To exercise your rights as described here, you can also contact us at any time using the contact details above.

You also have the right to object to data processing based on Article 6, paragraph 1(e) or paragraph 1(f) of the GDPR. Finally, you have the right to complain to the data protection supervisory authority responsible for us. You can assert this right at a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged infringement. In Berlin, the competent supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.

Of course, you can also view, change or delete many details yourself directly and conveniently in your user account.


10 Right of revocation and objection

In accordance with Article 7(3) of the GDPR, you have the right to withdraw your consent at any time. This has the consequence that we no longer continue the data processing based on this consent for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Insofar as we process your data on the basis of legitimate interests pursuant to Article 6, paragraph 1(f) of the GDPR, you have the right to object to the processing of your data pursuant to Article 21 of the GDPR, insofar as there are grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which will also be implemented by us without giving reasons.

If you wish to make use of your right of revocation or objection, it is sufficient to send an informal message to the above-mentioned contact data.


11. changes to this privacy policy

Due to the further development of our app, the use of new technologies and changes in legal or regulatory requirements, changes to this privacy policy may become necessary. We therefore recommend that you read this privacy policy again from time to time.