Elsen Technologies UG (haftungsbeschränkt), represented by its managing director Florian Elsen ("we", "us", or "our"), operates the Grace's Desire mobile application and website (the "Service"). This Privacy Policy describes how we collect, use, and protect your personal data in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). By using the Service you agree to the practices described here. Please also read our Terms of Service.
1. Data Controller (Verantwortlicher)
Elsen Technologies UG (haftungsbeschränkt)
Fliederweg 7, 34212 Melsungen, Deutschland
Registergericht: Amtsgericht Fritzlar, HRB 13081
E-Mail: info@elsen-technologies.de
Account data — email address, username, and password hash when you register.
Date of birth — collected once during mandatory age-verification to confirm you are 18 or older. Stored only as the year to minimise data held.
Partner link data — a temporary or permanent partner code used to connect two accounts. No relationship details beyond the link itself are stored.
Referral code — if you use or share a referral code, we record that association to apply any promotional reward.
Push notification token — an APNs or FCM device token, stored only to deliver notifications you have enabled. Revocable at any time from device settings.
Usage data — anonymised interaction counts (e.g., quiz completions, article views, game plays) used to improve the app.
Purchase verification data — a receipt or token from Apple or Google to verify subscription status. We do not receive or store your payment details.
Special Category Data (Art. 9 GDPR)
Grace's Desire is an intimacy application. By using features such as the intimacy quiz, couple games, and the shared story tool, you may share information that relates to your sexual life or sexuality. Under Art. 9 GDPR, this constitutes special category personal data and is subject to a higher level of protection.
We process this data exclusively on the basis of your explicit consent (Art. 9(2)(a) GDPR), which you provide by accepting this Privacy Policy and the in-app Terms of Service during account setup. You may withdraw this consent at any time by deleting your account; withdrawal does not affect the lawfulness of any processing carried out before that point.
4. Legal Basis for Processing
Explicit consent (Art. 9(2)(a) GDPR) — for special category data relating to sexual life/sexuality (see above).
Consent (Art. 6(1)(a) GDPR) — for processing beyond what is strictly necessary, such as push notifications and anonymised research.
Contract (Art. 6(1)(b) GDPR) — for processing necessary to provide the Service (account management, partner linking, subscription verification).
Legitimate interests (Art. 6(1)(f) GDPR) — for security monitoring and fraud prevention, where our interests are not overridden by your rights and freedoms.
Legal obligation (Art. 6(1)(c) GDPR) — where retention is required by applicable law.
5. How We Use Your Data
To create and maintain your account and authenticate you.
To enable partner linking between two accounts.
To deliver the app's core features (games, quiz, stories), which may involve storing your in-app activity.
To verify in-app purchases with Apple and Google.
To send push notifications you have opted into.
To respond to support requests.
To improve the app using anonymised, aggregated usage statistics.
To comply with legal obligations.
6. Data Sharing and Third-Party Services
We do not sell your personal data. Data is shared only with the following services, and only to the extent necessary to operate the Service:
Apple Sign-In / Google Sign-In — if you use social login, Apple or Google process your authentication. Their privacy policies apply.
Apple App Store / Google Play — payment processing for subscriptions. We receive only a verification token, not your payment details.
Firebase Cloud Messaging (Google) — push notification delivery. Your device token is transmitted to Google's FCM infrastructure.
No special category data is shared with any third party.
7. Data Retention
Your personal data is retained for as long as your account is active. When you delete your account all personal data — including any intimacy quiz results, game history, and story content — is permanently and irreversibly removed within 30 days. Anonymised, aggregated usage data is not subject to deletion as it cannot identify you.
8. Data Security
We implement appropriate technical and organisational measures to protect your data:
Passwords are hashed using the Argon2id algorithm — we never store your plaintext password.
All data in transit between the app and our servers is encrypted via TLS 1.2 or higher.
Access to production systems is restricted to authorised personnel only.
Special category data is stored with the same protections as all account data and is not singled out for separate processing.
9. Children's Privacy
The Service is strictly for users aged 18 and over. We do not knowingly collect personal data from minors. If you believe a minor has created an account, contact us at info@elsen-technologies.de and we will delete the account promptly.
10. Your Rights Under GDPR (Betroffenenrechte)
If you are located in the EEA, you have the following rights:
Access (Art. 15) — obtain a copy of the data we hold about you.
Rectification (Art. 16) — ask us to correct inaccurate or incomplete data.
Erasure / "right to be forgotten" (Art. 17) — request deletion of your personal data. You can also delete your account directly from the app's Settings screen.
Portability (Art. 20) — receive your data in a structured, machine-readable format.
Restriction (Art. 18) — ask us to restrict processing in certain circumstances.
Objection (Art. 21) — object to processing based on legitimate interests.
Withdraw consent (Art. 7(3) / Art. 9) — at any time, without affecting the lawfulness of prior processing.
To exercise any of these rights, contact info@elsen-technologies.de. We will respond within one month (Art. 12(3) GDPR).
You also have the right to lodge a complaint with a supervisory authority. In Germany, the federal authority is: Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153, 53117 Bonn www.bfdi.bund.de
11. International Transfers
Your data is stored on servers located in the European Union. Some third-party services (e.g., Firebase) may process data outside the EEA. Where this occurs, transfers are made under appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission (Art. 46 GDPR).
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via the app before the changes take effect. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.