Exaroo

App Privacy Policy

Last updated: March 10, 2026

Scope: iOS App "Exaroo" and related services

This is the Privacy Policy for the Exaroo app.
You can find the website’s Privacy Policy here: Website Privacy Policy.

Welcome to Exaroo! Protecting your privacy is our top priority. Our app was developed following the principle of data minimization (“Privacy by Design”). Above all, this means: We never store your documents permanently on our servers. Below, we transparently explain what data we collect, how we use it, and what your statutory rights are.

1. How Exaroo Works and Processes Data

The app converts unstructured appointment sources (like photos, PDFs, or text) into structured iOS calendar events using Artificial Intelligence (AI). We offer two different usage modes that affect data processing:

A. Built-in AI Mode (Default)

In this mode, we use our own server (located in Germany) to forward your documents to the Google Gemini AI.

  • Data Flow: Your document is sent to our server via an encrypted connection, processed in memory, and sent directly to Google Gemini for analysis.
  • No Storage: As soon as the analysis is complete (usually after a few seconds), the document is immediately deleted from our server’s memory. There is no database where your images or text are stored.
  • No AI Training: We use Google’s paid API. According to Google’s guidelines, your input data is not used to train Google’s AI models.

B. Advanced Mode / Bring Your Own Key (BYOK)

In this mode, you provide your own API key for OpenAI, Anthropic, or Google.

  • Data Flow: The app communicates directly from your device to the chosen AI provider. Our backend server is not involved in this process and does not receive any of your documents.
  • Responsibility: The privacy policy of your chosen AI provider and your specific subscription plan with them apply. Your API key is stored securely and exclusively locally on your device (Apple Keychain).

2. What Data We Process and Why

To provide you with the app’s features, we process the following categories of data:

  • Document Content (Images, PDFs, Text): Processed exclusively to extract calendar events (Legal basis: Performance of a contract). The transfer is encrypted, and the data is discarded immediately after the request.

  • Calendar Events: The extracted events (titles, times, locations) are kept only in your device’s memory and—after your approval—saved locally to your iOS calendar (EventKit). We do not transmit these events to our servers.

  • Device Identifier (Installation ID): When you launch the app for the first time, we generate a pseudonymous, random string (UUID) that is securely stored in your device’s iOS Keychain.

  • Purpose: This ID is used exclusively to manage usage limits (quotas) in our Free Plan and to protect our servers from abuse / rate-limiting (Legal basis: Legitimate interest).

  • Persistence: Because this ID is stored in the Keychain, it remains even if you uninstall and later reinstall the app. However, we cannot draw any conclusions about your real identity from this ID.

  • Subscription Data: If you subscribe to Exaroo Pro, we process transaction data via Apple StoreKit to unlock your Pro status.

3. Use of Third-Party Providers

We do not share any personal data with third parties for advertising purposes. However, to operate the app, we use necessary technical service providers:

  • Google Gemini (Google Cloud): Processes document content for AI-powered event extraction (only in Built-in Mode).
  • Cloudflare: Serves as a security network (Reverse Proxy, DDoS protection) to shield our server from attacks. Your IP address is temporarily processed during this.
  • Hetzner Cloud: Our server host in Germany (Nuremberg), where data transmission takes place.
  • PostHog Cloud (EU): Used for anonymous product analytics (see Section 4).
  • Apple App Store: For processing in-app purchases and subscriptions.

4. Analytics Data

We use PostHog (hosted in the EU) to understand how our app is used and to fix bugs.

  • Only with your permission: By default, these analytics are designed to be activated only after your explicit consent (opt-in) in the app settings.
  • What we collect: Technical metrics such as file sizes, processing duration, error codes, and the AI model used.
  • What we never collect: We never send document content, calendar events, your IP address, or your name to PostHog. You can disable analytics at any time in the app settings.

5. Data Security

All connections between the app, our servers, and third-party providers are strictly made via secure, encrypted HTTPS connections (TLS 1.2 or higher). Data that remains locally on your device (such as API keys in BYOK mode or the Installation ID) is securely stored in the iOS Keychain.

6. Your Rights (Under GDPR)

Since we do not store your document content and do not maintain traditional user accounts, we do not have access to your past documents. Nevertheless, you have the following statutory rights:

  • Right to access, deletion, and rectification of the data we may temporarily process.
  • Right to withdraw consent (e.g., for analytics, easily done via the toggle in the app settings).
  • Note regarding the Device ID: Since your pseudonymous Installation ID is stored in the secure iOS Keychain, simply uninstalling the app does not automatically delete it. It is only removed if you completely reset your device to factory settings.

7. Contact & Data Controller

Kleinbild Verlag GmbH
Sempacherstrasse 3
6003 Lucerne
Switzerland

[email protected]

If you have any questions about this Privacy Policy or the processing of your data, feel free to contact us at any time. For general app support: [email protected].

Theme