ratit
Back to home Legal

Privacy Policy

Last updated: May 12, 2026

This Privacy Policy informs you about the processing of personal data when using the app "Ratit".

Important Notice: Public Leaderboard

By registering and using the app, you consent to your username, profile picture, and earned scores ("stars") being automatically uploaded to the public global leaderboard of the app and made visible to all other users of the app worldwide. This is a core feature of the app and cannot be disabled while an account exists. If you do not want this data to be displayed publicly, you can delete your account at any time in the app settings.

The following data is uploaded to the leaderboard and is visible to other users:

  • Username
  • Profile picture (if uploaded)
  • Number of stars earned (rating points)
  • Leaderboard position (global and regional)
  • Badges
  • Country code (if location permission was granted, for regional leaderboards)

1. Controller

The controllers responsible for data processing in connection with the app "Ratit" are:

Leon Holluschek
Paul Batthyany
Helfentalweg 2
6020 Innsbruck
Austria
Email: ratit.office@gmail.com

2. General Information on Data Processing

We process personal data exclusively within the framework of applicable legal provisions, in particular the GDPR and other applicable data protection regulations.

Legal bases include in particular:

  • Art. 6(1)(b) GDPR (performance of a contract)
  • Art. 6(1)(f) GDPR (legitimate interests)
  • Art. 6(1)(a) GDPR (consent, e.g. for personalized advertising, location, push notifications)
  • Art. 6(1)(c) GDPR (legal obligation)

3. Categories of Data Processed

  • Email address, password (encrypted)
  • Username, profile picture, bio
  • Uploaded images, post descriptions, and other content
  • Ratings, stars, likes, follows, group memberships, and other interactions
  • Reports of content or users
  • Approximate location (country code) – only if location permission is granted
  • Push tokens (Expo Push Token) and push settings
  • Technical usage data, device data, app version, operating system, IP address, timestamps
  • Advertising IDs (IDFA / Advertising Identifier) – only if App Tracking Transparency consent was given
  • Advertising interaction data (impressions, clicks)
  • Data related to business accounts, company profiles, and product links

4. Purposes

  • Providing the app, registration, login, profile management
  • Displaying and storing uploads, ratings, rankings, follower features, groups, reports
  • Sending push notifications
  • Regional classification for country-specific leaderboards (based on country code)
  • Displaying and delivering advertising, including personalized advertising
  • Moderation, abuse prevention, and platform security
  • Fulfilling legal obligations

5. Location Processing

If the user grants location permission, we determine the approximate location once via the device's location services (accuracy level "Balanced") to derive the country code (e.g. "DE", "AT"). Exact coordinates are not stored. Only the country code is stored in the database to display country-specific leaderboards.

The location request only occurs after explicit consent via the system dialog and can be revoked at any time in the device settings.

6. Push Notifications

We use the push service of Expo (Expo Application Services / 650 Industries, Inc., USA) to send push notifications. An anonymous Expo push token is generated and stored together with the user ID, platform (iOS/Android), and app version. Push notifications are only sent after the corresponding system permission is granted and can be disabled at any time in the device settings or in the app.

7. Advertising and Tracking (Google AdMob)

The app uses Google AdMob, an advertising service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) and Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), to display advertisements.

AdMob may process in particular:

  • Device ID / Advertising ID (IDFA on iOS, Advertising ID on Android)
  • Truncated IP address
  • Device information (model, operating system, language settings)
  • Interactions with ads (impressions, clicks)
  • Approximate location information (based on IP address, by Google)

App Tracking Transparency (iOS): On iOS devices, access to the advertising ID (IDFA) is only enabled after explicit consent via the ATT system dialog. If consent is denied, the user only receives non-personalized advertising.

Personalized advertising: If the user has consented to the use of the advertising ID, Google AdMob may serve personalized advertising and use advertising data across devices for targeting and ad measurement. This processing is carried out by Google as an independent controller.

Data transfers to the USA: As part of using AdMob, data may be transferred to servers in the USA and other third countries. Google is certified under the EU-US Data Privacy Framework.

More information: policies.google.com/privacy
Opt out of personalization: adssettings.google.com

8. Hosting, Database, and Storage (Supabase)

We use Supabase (Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992) for authentication, database, and storage functions. In particular, email, encrypted password, user ID, profile data, content, and interactions are processed. Supabase processes data as a data processor within the meaning of Art. 28 GDPR.

Data transfers to third countries: Processing may also take place outside the EU (in particular the USA). Where required, standard contractual clauses safeguard the level of data protection.

9. Images and Storage

Uploaded images (profile pictures, post images) are stored in Supabase Storage. Profile pictures and post images are generally visible to other users within the app.

10. Uploaded Content and User Responsibility

Users are solely responsible for ensuring they are authorized to use, publish, and share their content and that they do not infringe third-party rights.

11. Social Features

The app may include social features, in particular follows, follower displays, ratings, rankings, groups, and interactions with other users' content. Profile data (username, profile picture, bio, posts, stars, follower counts) are generally visible to other users of the app.

12. Reports and Moderation

When content or users are reported, the following data may be processed in particular: reporting user, reported content or user, reason for report, timestamp, and moderation decisions.

13. Service Providers Overview

  • Supabase Inc. – Authentication, database, storage
  • Google Ireland Limited / Google LLC – AdMob (advertising)
  • Expo Application Services (650 Industries, Inc.) – Push notifications
  • Apple Inc. – App Store distribution, ATT framework, push infrastructure (APNs)

14. Retention Period

We store personal data only for as long as necessary for the respective purposes. Even after account deletion, certain data may be retained for a limited period where necessary to fulfill legal obligations, defend or assert legal claims, or prevent abuse.

15. Rights of Data Subjects

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Competent supervisory authority in Austria: Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, www.dsb.gv.at

Please direct inquiries to: ratit.office@gmail.com

16. Minimum Age

Use of the app is only permitted for users aged 13 and older. Users between 13 and 16 years of age require parental consent where required under applicable law (Art. 8 GDPR).

17. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy with effect for the future. The current version is available at any time in the app and at ratit.app/privacy-en.

German version: ratit.app/privacy