Privacy Policy

Last updated: April 6, 2026

1. Who We Are

Activities Matter is operated by Stojanov Ventures UG (haftungsbeschrankt), a company registered in Germany (the “Controller” within the meaning of the GDPR).

Contact: Stojanov Ventures UG (haftungsbeschrankt) Langhansstrasse 28, 13086 Berlin, Germany Managing Director: Viktor Stojanov Email: hello@stojanovventures.com Commercial Register: Amtsgericht Berlin-Charlottenburg, HRB 238867 VAT ID: DE345911370

Activities Matter is a privacy-focused journaling and life-tracking app. All your personal journaling data stays on your device. We built the app this way because we believe your private reflections should remain truly private.

2. What Data We Collect

2.1 Account Information

When you create an account, we collect:

  • Your email address
  • An anonymized user UUID
  • If you sign in using Google Sign-In, we receive your email address and profile name from Google
  • If you sign in using Apple Sign-In, we receive your email address (which Apple may relay privately) and optionally your name

Account creation is optional. The app is fully usable without an account.

2.2 Data Stored Locally on Your Device (We Do Not Have Access)

The following data is stored exclusively on your device in a local SQLite database. We never transmit, access, or store this data on our servers:

  • Mood entries and activity logs
  • Journal comments and notes
  • Photos and videos you attach to entries
  • Goals, commitments, and progress data
  • Voice recordings
  • Location data (if you enable location tagging)
  • Contact references (the “with whom” feature)
  • All pillar, category, and activity configurations

2.3 Optional Encrypted Backup

You can optionally back up your data to our secure Supabase servers. This backup is end-to-end encrypted (AES-256) on your device before upload. Only your device holds the decryption key. We cannot read, access, or decrypt your backup data under any circumstances. The backup includes your database, preferences, image attachments, and voice recordings — all encrypted before leaving your device.

You may also optionally protect your backup with a password, which adds an additional layer of encryption (PBKDF2 key derivation with 100,000 iterations).

Legacy backup methods: The app previously supported Google Drive (Android) and iCloud (iOS) for backups. These methods are no longer used for new backups but remain available for restoring older backups during migration.

2.4 Anonymized App Activity Data

We collect anonymized app activity data via TelemetryDeck to understand how the app and its features are used. This data:

  • Is completely anonymized and contains no personal information
  • Tracks which features are used and how often (e.g., that a mood was entered, that an activity was logged, that an insight was viewed) — but never the content itself (not which mood, not which activity)
  • Cannot identify individual users
  • Is stored on TelemetryDeck’s secure servers in Germany (EU)
  • Can be disabled at any time in the app settings

2.5 Device & Technical Data

  • Device platform (iOS or Android)
  • App version

This data does not include any of your journaling content.

2.6 Payment Information

Subscriptions are processed through the Apple App Store or Google Play Store via RevenueCat. We do not directly collect or store your payment details. We receive confirmation of your subscription status only.

2.7 Data We Do Not Collect

Activities Matter does not collect:

  • Browsing history
  • Advertising identifiers
  • Biometric data
  • Health data
  • Your journaling content (it stays on your device)

We access your camera, microphone, location, and contacts only when you explicitly use the feature that requires them. We do not access these in the background.

We process your personal data on the following legal bases:

Processing ActivityLegal Basis
Account creation and authentication (including Google/Apple OAuth)Performance of contract — Art. 6(1)(b)
Processing in-app purchases and subscriptions (RevenueCat)Performance of contract — Art. 6(1)(b)
Storing your encrypted backup on our serversPerformance of contract — Art. 6(1)(b)
Anonymized app activity analytics (TelemetryDeck)Legitimate interest — Art. 6(1)(f)
Processing AI feature requests (when you initiate them)Consent — Art. 6(1)(a)
Responding to support requestsLegitimate interest — Art. 6(1)(f)
Compliance with legal obligationsLegal obligation — Art. 6(1)(c)

Where we rely on legitimate interest, our interest is maintaining and improving the stability, security, and quality of the Service. You may object to processing based on legitimate interest at any time (see “Your Rights” below).

4. AI Features

Activities Matter offers optional AI-powered features including reflection prompts, life insights, and goal creation suggestions. Here is how we handle your data:

  • AI is fully optional. No AI features are used silently or without your explicit action.
  • Consent before every interaction. Before any data is sent to an AI provider, you see a screen showing exactly what data will be shared. You can save your preference to skip this screen for future interactions.
  • Your choice of provider. You choose between Mistral and Anthropic as your AI provider in the app settings.
  • Data transmission. Data is sent over HTTPS. It is not stored by the AI provider and not used for training AI models.
  • No silent access. AI providers do not have access to your data unless you initiate an AI feature.

5. Device Permissions

The app requests device permissions only when you use the specific feature that requires them — never centrally on app launch:

  • Camera: To take photos or videos to attach to your journal entries
  • Photo Library: To choose existing photos or videos from your device to attach to entries
  • Microphone: To record voice notes for your journal entries
  • Location: To optionally capture your location when you create a new entry. Location data is stored locally on your device only and is never transmitted to our servers
  • Contacts: For the “with whom” feature, which lets you tag people from your contacts in your activity entries. You control which contacts are visible within the app. Contact data is not shared with any third party

You can revoke any permission at any time through your device settings.

6. Location and Map Services

The app includes optional location features that can be enabled or disabled at any time from the app preferences:

  • Location Tracking: Location data is captured only when you create a new entry. This data is stored locally on your device and is never transmitted to our servers.
  • Saved Places: When you create a Saved Place, the app uses map and address resolution services:
    • iOS: Uses Apple Maps and Apple’s geocoding services, subject to Apple’s Privacy Policy and Terms of Use
    • Android: Uses Google Maps and Google’s geocoding services, subject to Google’s Privacy Policy and Terms of Use
    • The app also offers OpenStreetMap as a privacy-friendly map alternative
  • Your Control: All location features are optional and can be disabled at any time. Location data remains stored locally on your device.

7. Data Storage & Security

Server-Side Data

Your data is stored on servers located in the European Union:

  • Account and subscription data: Supabase (hosted on AWS eu-central-1, Frankfurt)
  • Encrypted backups: Supabase (EU) — end-to-end encrypted, we cannot read the content
  • Anonymized analytics: TelemetryDeck (Germany, EU)

We implement appropriate technical and organizational measures to protect your data, including:

  • End-to-end encryption for all backup data
  • Encryption at rest and in transit for all server-side data
  • Access controls and authentication for all backend systems

Data on Your Device

All journaling data is stored locally in a SQLite database on your device. If you delete the app without creating a backup, this data is permanently lost and cannot be recovered by us.

8. Data Sharing & Third Parties

We do not sell your personal information. We do not share your data with third parties for their marketing purposes.

We use the following service providers (data processors) to operate Activities Matter:

ProviderPurposeData Location
Supabase (via AWS)Authentication, encrypted backup storageEU (Frankfurt)
RevenueCatSubscription and in-app purchase managementUS (see International Transfers)
TelemetryDeckAnonymized app analyticsGermany (EU)
Google (Sign-In, Maps, Play Store)OAuth authentication, map display and geocoding, app distributionUS (see International Transfers)
Apple (Sign-In, Maps, App Store)OAuth authentication, map display and geocoding (iOS), app distributionVarious
OpenStreetMapPrivacy-friendly map display (alternative option)EU
Mistral / Anthropic (optional)AI features — only when you initiate themEU (Mistral) / US (Anthropic)

We may share information with authorities only when legally required. However, we cannot provide the content of your journaling data or encrypted backups, as we do not have access to them.

9. International Data Transfers

Our primary data storage is in the European Union. Some of our service providers (Google, RevenueCat, Anthropic, Apple) may process data outside the EU. Where this occurs, we ensure appropriate safeguards are in place:

  • EU-US Data Privacy Framework (for certified US companies)
  • Standard Contractual Clauses approved by the European Commission

Anonymized analytics data (TelemetryDeck) and encrypted backup data (Supabase) remain within the EU.

10. Data Retention

Data TypeRetention Period
Account data (email, UUID)Until you delete your account
Encrypted backup dataUntil you delete your account or your backup
Subscription recordsManaged by RevenueCat per their retention policy
Anonymized analyticsManaged by TelemetryDeck per their retention policy
Local device dataUntil you delete it or uninstall the app

When You Delete Your Account

When you delete your account through the app:

  • Your account information is removed from Supabase
  • Your encrypted backup is permanently deleted from our servers
  • Your anonymized app activity data and subscription details are removed
  • Any data stored locally on your device remains unless you delete it manually or uninstall the app

11. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR) and German data protection law, you have the following rights:

  • Access (Art. 15) — Request a copy of the personal data we hold about you
  • Rectification (Art. 16) — Correct inaccurate personal data
  • Erasure (Art. 17) — Request deletion of your personal data
  • Restriction (Art. 18) — Limit how we process your data
  • Data Portability (Art. 20) — Export your data in a portable format
  • Object (Art. 21) — Object to processing based on legitimate interest
  • Withdraw Consent (Art. 7) — Withdraw consent at any time (e.g., for AI features or anonymized analytics)

To exercise these rights, contact us at hello@stojanovventures.com. We will respond within 30 days.

Note: Since all journaling data is stored locally on your device, we cannot provide copies of it — only you have access. For data access requests, we can provide all data we hold about you on our servers (account information, subscription status). You can also download your local database directly from the app and store it yourself. Please note that once you download your database, you take full responsibility for who has access to it and how it is handled.

You also have the right to lodge a complaint with a supervisory authority. The relevant authority for our company is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte fur Datenschutz und Informationsfreiheit).

12. Age Requirement

There are no age restrictions for using Activities Matter. Users cannot see the content of other users, and no content is age-restricted. By using the app, you represent that you have the legal capacity to agree to these terms.

13. Website Analytics

Our website uses TelemetryDeck, a privacy-focused analytics service that:

  • Tracks basic website usage (pageviews, traffic sources, UTM parameters)
  • Does not use cookies or browser fingerprinting
  • Generates anonymous, hashed user identifiers based on date, website, and partial IP
  • Cannot track users across different websites or days
  • Is GDPR-compliant and does not require cookie consent banners

We collect anonymized website data including page URLs, referrer information, browser type, device type, operating system, and country. We do not collect names, emails, or any personal identifiers on our website.

14. Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes.

15. Contact Us

If you have questions about this privacy policy, your data, or wish to exercise your rights:

Stojanov Ventures UG (haftungsbeschrankt) Langhansstrasse 28, 13086 Berlin, Germany Email: hello@stojanovventures.com

For full company details, see our Imprint.

For EU consumers: You may also use the European Commission’s Online Dispute Resolution platform at ec.europa.eu/consumers/odr.