Privacy Policy

Last updated: 12 May 2026

Short version: Ocean Insight stores all data locally on your device using Hive. We run no servers, collect no personal analytics, and cannot see your usage. Ads in the free version use Google AdMob, which may process an advertising ID with your consent. Premium users see no ads.

1. Data Controller

The controller responsible for data processing in connection with this app and website is:

Tom Göckeritz
Kaulsdorfer Str. 8a
12621 Berlin
Germany
Email: tom@attomic.de

2. Data We Collect and Why

2.1 Local App Data (Hive)

All app preferences, progress, achievements, and collection data are stored exclusively on your device using Hive (a local Flutter database). This data never leaves your device and is not transmitted to any server operated by us. It includes:

  • Daily discovery progress and streak count
  • Unlocked achievements and trophy status
  • App settings (language, theme preferences)
  • Purchase status (Premium / free tier flag)

Legal basis: Legitimate interest / contract performance (Art. 6(1)(b) GDPR). Processing is entirely local.

2.2 Advertising ID — Google AdMob (free version only)

The free version of Ocean Insight displays ads served by Google AdMob. With your consent (collected via the UMP/User Messaging Platform consent dialog on first launch), AdMob may process your device's advertising ID to serve interest-based ads. If you decline consent, you will still see ads but they will be non-personalised.

Legal basis: Consent (Art. 6(1)(a) GDPR). You may withdraw consent at any time in the app's Settings → Privacy.

Premium subscribers do not see ads and AdMob is not loaded for them.

2.3 UMP Consent State

Your ad-consent choice (accept / decline) is stored locally on your device via the Google UMP SDK and is not transmitted to us.

2.4 In-App Purchase Tokens

When you make a purchase (e.g. Ocean Insight Premium), the transaction is processed entirely by Apple App Store or Google Play. We receive only a purchase receipt token to verify entitlement, which is validated against the respective store's servers. We do not store payment card details.

Legal basis: Contract performance (Art. 6(1)(b) GDPR).

2.5 No Analytics, No Servers

We do not use Firebase, Crashlytics, Amplitude, Mixpanel, or any other analytics service. We operate no backend servers. No usage data, crash logs, or behavioural data is transmitted to us.

3. Recipients and Processors

The following service providers process data on our behalf (Art. 28 GDPR) or as independent controllers in connection with the App and website. Data Processing Agreements (DPAs) are in place with all processors.

3.1 Website Hosting

  • netcup GmbH, Daimlerstr. 25, 76185 Karlsruhe, Germany (web hosting; server location Austria, EU). When the website is accessed, server logs (IP address, timestamp, requested resource, user agent) are stored for a maximum of 7 days for security and stability purposes. Legal basis: legitimate interest (Art. 6(1)(f) GDPR). DPA in place.

3.2 App Third Parties

  • Google Ireland Ltd. (Google AdMob — ad serving in the free version; independent controller under Google AdMob terms) — Google Privacy Policy
  • Apple Distribution International Ltd. (iOS distribution & IAP; independent controller) — Apple Privacy Policy
  • Google Ireland Ltd. (Google Play — Android distribution & IAP; independent controller) — Google Privacy Policy
  • ElevenLabs, Inc., USA (text-to-speech audio; processed at build time only, no runtime data flow) — ElevenLabs Privacy Policy
  • Google LLC, USA (Gemini API — AI-generated images, build time only, no runtime data flow) — Google Privacy Policy

3.3 Contact Form

  • Formspree, Inc., 1717 N St NW Suite 1, Washington, DC 20036, USA (processes contact form submissions as a processor under Art. 28 GDPR; DPA in place) — Privacy Policy · Data Processing Agreement.

3.4 International Data Transfers (USA)

Transfers to recipients in the USA (Google LLC, ElevenLabs, Formspree) are based on the EU Standard Contractual Clauses (Art. 46(2)(c) GDPR) and — where applicable — on the EU-US Data Privacy Framework (EU Commission adequacy decision of 10 July 2023, Art. 45 GDPR). Despite these safeguards, US government authorities may have access to data without the level of judicial protection available in the EU.

4. Children's Privacy

Ocean Insight is designed for a mixed audience including children. We take children's privacy seriously and comply with both GDPR-K (German supplementary rules for minors) and COPPA (U.S. Children's Online Privacy Protection Act) principles:

  • We do not knowingly collect personal information from children under 13 (COPPA) or under 16 (GDPR default) without verifiable parental consent.
  • All data stored by the app is local to the device only.
  • When displaying ads (free version), the UMP consent dialog is shown. If parental consent is not obtained, non-personalised ads are displayed by default.
  • Parents or guardians may request deletion of any data by contacting us (see Section 5).

5. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR) — You may request information about the data we process about you.
  • Right to rectification (Art. 16 GDPR) — You may request correction of inaccurate data or completion of incomplete data.
  • Right to restriction of processing (Art. 18 GDPR) — Under certain conditions you may request restriction of processing.
  • Right to erasure (Art. 17 GDPR) — You may request deletion of your data. For local Hive data, you can delete it directly in the app (Settings → Delete All Data). For AdMob data, please contact Google.
  • Right to object (Widerspruch) — You may object to processing based on legitimate interests.
  • Right to data portability — Where applicable, you may receive your data in a machine-readable format.
  • Right to withdraw consent — Where processing is based on consent (e.g. personalised ads), you may withdraw at any time without affecting prior processing.
  • Right to lodge a complaint — You may lodge a complaint with your national data protection authority. In Germany: Bundesdatenschutzbeauftragter (BfDI).

To exercise your rights, contact: tom@attomic.de

6. Data Retention

Local Hive data persists on your device until you uninstall the app or manually delete it via Settings. We hold no data on our servers. Purchase receipt tokens are retained only as long as needed to validate your subscription entitlement.

7. Website Cookies

This website (ocean-insight.app) uses only a localStorage flag (cookie_consent) to remember your cookie-banner choice. No tracking cookies, no analytics scripts, and no third-party embeds are loaded. The website has no login and collects no personal data unless you submit the contact form (see below).

7.1 Contact Form

If you use the contact form, your name, email address, and message are transmitted via Formspree (see Section 3.3) as a processor and forwarded to tom@attomic.de. Legal basis is Art. 6(1)(b) GDPR (pre-contractual or request-based communication) or Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries). A Data Processing Agreement is in place with Formspree; for international transfer to the USA see Section 3.4. We retain contact messages for up to 2 years or until you request deletion.

8. Changes to This Policy

We may update this Privacy Policy if our processing or legal requirements change. The "Last updated" date at the top reflects the current version. For material changes, we will notify you in the App or by email. Where required by law, we will obtain renewed active consent; no processing based on a changed consent requirement takes place without renewed consent.

9. Contact

Tom Göckeritz
tom@attomic.de
or use our contact form.