Privacy

I believe your personal data should stay personal. I've built Jory with privacy-first principles, ensuring you maintain complete control over your goals and tasks.

Jory App Privacy

By using Jory, you consent to the collection, use, and sharing of your data as described in this privacy policy. If you do not agree with these terms, please do not use Jory.

πŸ“± What Data We Collect

Personal Information You Provide:

  • None: Your life, your goals

Automatically Collected Information:

  • App Usage: Basic functionality usage for app improvement (no personal content)
  • Device Information: iOS version and device type for compatibility
  • Crash Reports: Anonymous technical data if the app encounters issues

🏠 Where Your Data Lives

Local Storage (Default):

  • All your data stays on your device by default
  • Stored securely in your device's private app container
  • Completely under your control

iCloud Sync (Optional Premium Feature):

  • Your choice: Enable only if you want cross-device sync
  • Apple's security: Data encrypted and stored in your personal iCloud account
  • Your Apple ID: Only accessible to you through Apple's secure infrastructure
  • No third-party access: We never see or access your iCloud data

πŸ” How We Protect Your Data

Security Measures:

  • Local encryption: All data encrypted on your device
  • No data mining: We don't analyze your personal content
  • No advertising: Your data is never used for ads or sold to third parties
  • Apple's standards: We follow Apple's strict security guidelines

Third-Party Services:

RevenueCat (Subscription Management):

  • Handles premium subscription processing only
  • No access to your goals, tasks, or personal content
  • Processes only purchase-related information
  • Compliant with App Store privacy requirements

Apple Store Connect:

  • Collected data: Diagnostic data

Jory is distributed on the Apple App Store, a platform for distributing mobile applications provided by Apple Inc. App Store Connect enables the provider to manage Triphunt on Apple's App Store. Depending on the configuration, App Store Connect provides the provider with statistical data on user engagement and app discovery, marketing campaigns, sales, in-app purchases and payments to measure the performance of Triphunt. App Store Connect only collects such data from users who have agreed to share it with the provider. Users can find more information on how to opt out via their device settings [here] (https://support.apple.com/de-de/HT202100).

Apple iCloud:

Jory uses Apple’s iCloud service, to sync all the data you saved to Jory between all devices signed in to your Apple ID. We don't store any additional personal data.

πŸ‘€ Your Rights & Control

Complete Data Control:

  • Export: Request your data in standard formats
  • Delete: Remove all data permanently at any time
  • Disable sync: Turn off iCloud sync while keeping local data
  • Account deletion: Full data removal upon request

No Tracking:

  • No analytics: We don't track your behavior or personal patterns
  • No location: We don't access or store location data
  • No contacts: We don't access your contacts or other apps
  • No background activity: App only works when you're using it

🌍 International Privacy

GDPR Compliance (EU Users):

  • Lawful basis: Legitimate interest for app functionality
  • Data minimization: We collect only what's necessary for the app to function
  • Right to erasure: Complete data deletion available
  • Consent: Clear opt-in for optional features like iCloud sync

CCPA Compliance (California Users):

  • No sale of data: We never sell personal information
  • Right to know: Transparent about what data we collect
  • Right to delete: Full data deletion available
  • No discrimination: All features available regardless of privacy choices

πŸ”„ Data Retention

  • Active use: Data retained as long as you use the app
  • Account deletion: All data permanently deleted within 30 days
  • App removal: Local data automatically deleted when you uninstall
  • iCloud data: Managed through your Apple ID settings

πŸ“§ Contact & Questions

For privacy questions, data requests, or concerns:

Get in Touch

  • Email: support@joryapp.com
  • Available in: English and German

πŸ“… Policy Updates

  • Notification: You'll be informed of any material changes
  • Effective date: 29. August 2025
  • Version: 1.0

🎯 My Privacy Promise

"I built Jory because I believe in empowering your goals, not exploiting your data. Your dreams, ambitions, and daily progress belong to you alone."

Danny Giebe β€“ Developer

This privacy policy applies to the Jory app available on the Apple App Store. For questions about Apple's data practices, please refer to Apple's Privacy Policy.

πŸ“‹ Quick Privacy Summary

  • Your data stays on your device by default
  • iCloud sync is optional and controlled by you
  • No advertising or data selling ever
  • Full data control and deletion rights - just delete the app

Jory Web Privacy

Scope of application

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, insofar as special categories of data are processed in accordance with Art. 9 para. 1 GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information in your end device (e.g. via device fingerprinting), the data processing is also carried out on the basis of Section 25 (1) TTDSG. Consent can be revoked at any time. If your data is required to fulfill the contract or to carry out pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Information on the relevant legal bases in each individual case is provided in the following paragraphs of this privacy policy.

Responsible

Seven Whys Ltd.

26 Anthipolochagou Georgiou M.Savva Shop 1-2
8201 Paphos, Cyprus

Types of data processed

  • Contact data (e.g., e-mail, telephone numbers)
  • Usage data (e.g., websites visited, interest in content, access times)
  • Meta/communication data (e.g., device information, IP addresses)

Categories of data subjects

Visitors and users of the online offer (hereinafter we also refer to the data subjects collectively as "users").

Purpose of the processing

  • Provision of the website, its functions and content
  • Responding to contact requests and communicating with users
  • Security measures
  • Reach measurement/marketing

In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not stated in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the performance of our services and implementation of contractual measures as well as responding to inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

Security Measures

We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, disclosure, safeguarding of availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and the response to data threats. Furthermore, we take the protection of personal data into account as early as the development and selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).

Cooperation with processors and third parties

If we disclose data to other persons and companies (processors or third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties with the processing of data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 GDPR.

Note on the transfer of data to third countries

Among other things, we use tools from companies based in third countries that are not secure under data protection law and US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). If these tools are active, your personal data may be transferred to these countries and processed there. We would like to point out that a level of data protection comparable to that in the EU cannot be guaranteed in third countries that are not secure under data protection law. We would like to point out that the USA, as a safe third country, generally has a level of data protection comparable to that of the EU. Data transfer to the USA is therefore permitted if the recipient is certified under the "EU-US Data Privacy Framework" (DPF) or has suitable additional guarantees. Information on transfers to third countries, including data recipients, can be found in this privacy policy.

Recipients of personal data

As part of our business activities, we work together with various external bodies. In some cases, it is also necessary to transfer personal data to these external bodies. We only pass on personal data to external bodies if this is necessary for the fulfillment of a contract, if we are legally obliged to do so (e.g. passing on data to tax authorities), if we have a legitimate interest in the transfer in accordance with Art. 6 para. 1 lit. f GDPR or if another legal basis permits the transfer of data. When using processors, we only pass on our customers' personal data on the basis of a valid contract for order processing. In the case of joint processing, a joint processing agreement is concluded.

Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to the collection of data (Art. 21 GDPR)

IF THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR).

IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).

Right to lodge a complaint with the supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged violation. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.

Information, correction and deletion

Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, a right to correction or deletion of this data at any time. You can contact us at any time if you have further questions on the subject of personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time to do this. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we generally need time to verify this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.
  • If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of erasure.
  • If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of its erasure.
  • If you have lodged an objection in accordance with Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

Storage period

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion will take place after these reasons no longer apply.

SSL and TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Contact

When contacting us (for example by contact form or e-mail), the user's details are stored for the purpose of processing the request and in the event that follow-up questions arise.

The use of the contact data published in the imprint or comparable information such as postal addresses, telephone and fax numbers and e-mail addresses by third parties for the purpose of sending expressly requested information is not permitted. Legal steps against the senders of so-called spam mails in case of violations against this prohibition are expressly reserved.

Hosting and E-Mail

Hetzner

The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen. Details can be found in Hetzner's privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz.

Hetzner is used on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is displayed as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Β§ 25 para. 1 TTDSG.

Order processing: We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Uberspace (E-Mails)

Uberspace is used for sending e-mails. We have concluded an order processing contract with the provider.

Collection of access data and log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources. This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - for this purpose, the server log files must be recorded.

Last updated: 15. February 2026