Protecting your data is very important to us. This privacy policy explains what personal data we collect when you use the “StalliQ” app, how we process it, and what rights you have.
We process your data in compliance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other applicable data protection laws.
1. Data Controller
The data controller within the meaning of Art. 4(7) GDPR is:
Christian Sabel
Am Weyerbach 13
56291 Norath, Germany
Email: datenschutz@stalliq.de
2. Overview: What Data Do We Collect?
StalliQ is an equine management app. We only collect data that is necessary to provide the app's features. We do not display advertising, do not use tracking tools such as Google Analytics, and do not collect location data (GPS).
3. Registration and User Account
A user account is required to use StalliQ. During registration, we collect:
| Data | Purpose |
|---|---|
| Email address | Unique account identification, password reset, support |
| Password | Authentication (stored only as a cryptographic hash) |
During registration, we also store the time of registration and your consent declarations (terms of service, privacy policy, health data processing where applicable), including the document version and app version.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
4. User Profile
After registration, you may voluntarily provide additional data in your profile:
- Display name and full name — so other users can identify you, e.g., when sharing a horse
- Profile picture — for visual identification
- Phone number — for contact by stable members (optional)
- Preferred language (German/English)
- Notification settings (push notifications, email notifications, quiet hours, reminder days)
Legal basis: Art. 6(1)(b) GDPR (performance of a contract); for optional data, Art. 6(1)(a) GDPR (consent).
5. Horse Data
You can create one or more horse profiles. The following data may be recorded:
Basic information: Name, nickname, gender, date of birth, breed, color, height, country of birth, profile picture and photo gallery.
Identification data: UELN (Universal Equine Life Number), chip number, FEI ID, passport number, national ID, pedigree (sire, dam, breeder).
Additional data: Character notes, markings, purchase price and date (optional).
This data is used for managing your horse, health care, and — when the UELN is provided — unique identification, e.g., for exchange with other platforms.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
6. Health Data
StalliQ offers comprehensive health management features for your horse. Processing of this data only occurs after your explicit consent during the onboarding process.
The following health data may be recorded:
- Health records: Vet visits, vaccinations, deworming, dental care, farrier visits, injuries, illnesses, surgeries, check-ups
- Weight tracking: Weight in kg, measurement method (scale, tape, estimate), timestamp
- Allergies: Allergen, type (feed, medication, environment, contact), severity, reaction description
- Chronic conditions: Diagnosis, severity, treatment plan, medication
- Symptom documentation: Category, severity (1–5), description, observation time
- Health documents: Medical reports, vaccination records, receipts (as photo or PDF)
Legal basis: Art. 6(1)(a) GDPR (explicit consent). You may withdraw this consent at any time.
7. AI-Powered Document Analysis
StalliQ offers the option to automatically scan health documents (e.g., medical reports, vaccination records) using AI. The process works as follows:
- The document (image or PDF) is sent to the Claude API (Anthropic, Inc.)
- The extracted text and structured data are stored in your account
- The AI request is routed exclusively through our servers (Supabase Edge Function) — your identity is not transmitted to Anthropic
For each AI interaction, we store: the type of request, the model used, token usage, and status (success/failure) — not the content of the request itself.
Legal basis: Art. 6(1)(a) GDPR (consent for health data processing).
8. Appointments and Contacts
You can create appointments (vet, farrier, riding lessons, etc.) with title, description, location, time, reminders, and recurrence rules. You can also store service providers (vets, farriers, etc.) with name, company, phone, email, address, and notes. This data is used exclusively for appointment management within the app.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
9. Costs and Expenses
You can record expenses for your horse (category, amount, date, receipts, recurring costs). This data is used exclusively for your personal cost overview.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
10. Stable Management
When you join or manage a stable, the following data is processed:
- Stable profile: Name, address, contact details, logo, opening hours, rules
- Membership: Your affiliation with the stable, your role (owner, manager, instructor, member)
- Riding lessons: Bookings, waitlist positions, attendance, cancellations
- Lesson cards: Quotas, transactions (deductions, credits)
- Announcements: Notices published by the stable operator
Legal basis: Art. 6(1)(b) GDPR (performance of a contract); for processing by stable operators, Art. 6(1)(f) GDPR (legitimate interest in stable management) may also apply.
11. Horse Sharing and Permissions
You can invite other users to co-manage your horse (e.g., co-rider, vet, trainer). The invitation, assigned role, and individual permissions are stored. Invited users can only see data for which they have been granted permission.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
12. Private Messages
StalliQ provides an internal messaging feature. Message content, timestamps, read status, and any sent images are stored. You can block other users. Messages can be deleted by you (soft delete).
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
13. Push Notifications
With your consent, we send you push notifications (e.g., appointment reminders, new messages, booking confirmations). For this purpose, we store a device-specific push token, which is deleted upon logout. Delivery is handled by the service Expo (Expo, Inc., USA) — see Section 15.
Legal basis: Art. 6(1)(a) GDPR (consent).
14. Offline Functionality
StalliQ works without an internet connection. To enable this, your data is cached locally on your device and automatically synchronized when a connection is available. The local database is completely deleted upon logout.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract); Art. 6(1)(f) GDPR (legitimate interest in offline usability).
15. Sub-Processors and Third-Party Services
We use the following service providers as sub-processors:
| Service Provider | Purpose | Location |
|---|---|---|
| Supabase, Inc. | Database, authentication, file storage, serverless functions | Frankfurt, DE (EU) |
| Expo, Inc. | Push notifications, build service | USA |
| Anthropic, Inc. | AI document analysis | USA |
| Sentry, Inc. | Error monitoring | USA |
| PowerSync (JourneyApps) | Offline synchronization | EU |
Data processing agreements pursuant to Art. 28 GDPR are in place with all sub-processors.
Important: We do not use any analytics or tracking tools (no Google Analytics, no Firebase Analytics, no Facebook SDK). We do not display advertising and do not share your data with advertisers.
16. Data Transfers to Third Countries
Some of our service providers are based in the USA (Expo, Anthropic, Sentry). Data transfers are based on:
- Standard Contractual Clauses (Art. 46(2)(c) GDPR) and/or
- the EU-US Data Privacy Framework (Art. 45 GDPR), where the respective provider is certified
Your core data (profile, horses, health data, messages, appointments) is stored exclusively on servers in Frankfurt, Germany.
17. Data Retention
- Account data: Stored as long as your account is active. Deleted or anonymized immediately upon account deletion.
- Health data: Stored until you delete it or delete your account.
- Messages: Deleted messages are marked as deleted and permanently removed upon account deletion.
- Log data and error reports: Automatically deleted by Sentry after 90 days.
- Consent records: Stored for the duration of statutory retention periods (up to 3 years after withdrawal).
18. Account Deletion and Data Export
Account Deletion
You can delete your account at any time in the app settings. Upon deletion:
- Your horse ownership rights are transferred to a co-owner, or the horse profile is deleted
- All your files (profile pictures, horse photos, documents) are irrevocably deleted
- Your profile is anonymized (name becomes “Deleted User”, email is anonymized)
- Your authentication account is deleted
- All locally stored data on your device is deleted
Data Export
You have the right to receive a copy of all data stored about you in a machine-readable format (JSON) at any time. This feature is available in the app settings.
19. Data Security
- Encryption: All data transmissions use HTTPS/TLS
- Access control: Row-Level Security (RLS) at the database level ensures each user can only access their own data
- Input validation: All inputs are validated server-side
- Passwords: Stored exclusively as cryptographic hashes (bcrypt)
- Files: Health documents are only accessible via time-limited, signed URLs (15 minutes)
- Error monitoring: Sentry only receives your user ID — no names, email addresses, or health data
- Offline security: All locally stored data is deleted upon logout
20. Your Rights
- Right of access (Art. 15 GDPR) — what data we store about you
- Right to rectification (Art. 16 GDPR) — correction of inaccurate data
- Right to erasure (Art. 17 GDPR) — deletion of your data
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR) — export of your data
- Right to object (Art. 21 GDPR) — to the processing of your data
- Right to withdraw consent — at any time with effect for the future
To exercise your rights, simply send an informal message by email to datenschutz@stalliq.de.
You also have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data (Art. 77 GDPR).
21. Minors
StalliQ is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has created an account, we will promptly delete the account and associated data.
22. Changes to This Privacy Policy
We reserve the right to update this privacy policy to reflect changes in legal requirements or new app features. The current version is always available in the app under “Settings > Privacy” and on our website.
For material changes affecting your existing data, we will notify you in advance by email or in-app notification.
23. Contact
If you have questions about the collection, processing, or use of your personal data, wish to exercise your rights, or withdraw consent, please contact:
Christian Sabel
Email: datenschutz@stalliq.de
Am Weyerbach 13, 56291 Norath, Germany