Privacy Policy
Last updated: 12 June 2026
This privacy policy informs you about the nature, scope and purpose of the processing of personal data when you use the NewsMapp mobile app and this website (newsmapp.de). It is based on the EU General Data Protection Regulation (GDPR). The German version is authoritative.
1. Controller
The controller within the meaning of Art. 4 No. 7 GDPR is:
| Name | Tammo Ahnfeldt |
|---|---|
| Address | Sachsenring 3, 21465 Wentorf bei Hamburg |
| info@newsmapp.de |
2. Overview & principles
NewsMapp processes as little personal data as possible (data minimisation, Art. 5 GDPR). There are no ads and no advertising tracking. This website uses no cookies and embeds no third-party content that transfers data to others (fonts are served locally).
The main legal bases are: performance of the user contract (Art. 6(1)(b) GDPR) for the account and app features, and our legitimate interest (Art. 6(1)(f) GDPR) in security, abuse prevention and stable operation.
There is no automated decision-making, including profiling, within the meaning of Art. 22 GDPR.
3. Hosting & server log files
This website is provided via Firebase Hosting, a service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). When you access it, the hosting provider automatically collects server log files transmitted by your browser/device — including (shortened) IP address, date and time of access, page accessed, amount of data transferred and browser/device type. This data is used solely for technical delivery, stability and security (e.g. defending against attacks) and is not merged with other data sources. Legal basis: our legitimate interest in secure, reliable operation (Art. 6(1)(f) GDPR). Log data is retained only briefly.
4. TLS encryption & data security
For security reasons this website and the app use TLS encryption (recognisable by "https://"). Transmitted data is thereby protected against interception by third parties. Stored data is held encrypted at rest by our providers. To prevent abuse we use technical and organisational measures, including Firebase App Check (ensures requests come from the genuine app) and strictly limited database access rules.
5. Data processing in the app
a) Account & sign-in
To use the app you create an account with email address and password. Authentication is handled by Firebase Authentication (Google). The password is stored only in encrypted/hashed form; we have no access to it. We send a verification email. Legal basis: Art. 6(1)(b) GDPR.
b) Profile & settings
In Cloud Firestore (Google) we store your user profile and filter preferences (e.g. preferred categories, time range, search term). This data is tied to your account and accessible only to you. Legal basis: Art. 6(1)(b) GDPR.
c) Profile photo
If you upload a profile photo, it is stored in Firebase Storage (Google), tied to your account only. Providing it is optional. Legal basis: Art. 6(1)(b) GDPR.
d) Security & operation
To prevent abuse we use Firebase App Check and Firebase Remote Config (technical configuration, e.g. maintenance mode). Device-related security signals are processed. Legal basis: Art. 6(1)(f) GDPR.
e) Map display
The map is rendered via Google Maps (Google). Loading the map may transfer technical data (e.g. IP address, device information) to Google. Your device location is only determined if you grant the corresponding permission. Legal basis: Art. 6(1)(b) and (f) GDPR. Google's privacy terms also apply.
f) News classification
To categorise the news, article texts (title/summary of the respective item) are transmitted server-side to OpenAI and assigned to a category. No personal data of users is transmitted in this process — only the public news texts are processed. Legal basis: Art. 6(1)(f) GDPR.
g) News source
The news is sourced from The New York Times (Top Stories API). No user data is transmitted to The New York Times Company; only public news content is retrieved.
6. Contacting us
If you contact us by email (e.g. the support address), we process the data you provide (email address, content of your request) to handle your enquiry. Legal basis: Art. 6(1)(b) GDPR (for contract-related enquiries) or our legitimate interest in responding (Art. 6(1)(f) GDPR). This data is deleted once it is no longer required, unless statutory retention obligations apply.
7. Recipients & transfers to third countries
We use the services named above as processors/providers: Google (Firebase, Google Maps) and OpenAI. Data processing agreements pursuant to Art. 28 GDPR are in place with processors. Where technically possible, data is processed in data centres within the EU; our database (Cloud Firestore) is hosted in Germany. In some cases — in particular for authentication, map display and classification — this may involve a transfer to the USA, safeguarded by appropriate measures (in particular EU Standard Contractual Clauses and/or certification under the EU-US Data Privacy Framework). Your data is not shared for advertising purposes.
8. Retention
Account and profile data are stored for as long as your account exists. When you delete your account (in the app under "Delete profile"), the associated data is permanently removed. News content is cleaned up automatically on a regular basis. Technical log data is retained only briefly. Otherwise we delete personal data once the purpose of processing no longer applies and no statutory retention obligations exist.
9. Minors
Our service is not directed at children. Persons under the age of 16 should not transmit personal data to us without the consent of their parents/guardians. We do not knowingly collect data from children below this age.
10. Your rights
You have the right at any time to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18) and data portability (Art. 20 GDPR).
Right to object (Art. 21 GDPR): where we process data on the basis of our legitimate interest, you may object at any time on grounds relating to your particular situation.
Withdrawal of consent (Art. 7(3) GDPR): where processing is based on your consent, you may withdraw it at any time with effect for the future.
You can delete your account directly in the app at any time. For other matters, contact the email address above. You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the member state of your residence or the place of the alleged infringement.
11. Changes to this policy
We update this privacy policy when our data processing or the legal situation changes. The current version published here applies.
NewsMapp