Privacy Policy

1. Data controller

VEHI Digital UG (haftungsbeschränkt)
Am Pichelssee 58, 13595 Berlin
Email: info@reachcheck.com
Represented by: Alexander Reich

2. Overview of processing

ReachCheck is a check-in service ("dead man's switch"): users confirm at regular intervals that they are OK. If a check-in is missed, your designated emergency contacts are notified by email. We process personal data only to provide this service, perform the contract, and comply with legal obligations.

3. Data we collect

• Account: Email address, name (optional), language preference; sign-up only via magic-link authentication (passwordless).
• Check-in configuration: Interval, grace period, activation status; technical ping tokens (stored hashed).
• Emergency contacts: Email, optional name. Contacts receive an invitation and must confirm via double opt-in (DOI). We store consent timestamp, consent version, and optionally hashed IP.
• Escalation message: Subject and body you compose, sent to emergency contacts when you miss a check-in.
• Emails: Sent via Postmark (transactional: magic link, invites, reminders, escalations, email change, account deletion). No marketing emails.
• Payments: For Plus/Family subscriptions, billing via Stripe. We store Stripe customer and subscription IDs; card data is not stored by us.
• Logs: Escalation and reminder logs (e.g. type, recipient, due date, sent time) for traceability; automatic deletion after 30 days.
• Rate limiting: Hashed identifiers (email + IP) to prevent abuse (e.g. magic-link requests).
• Cookies and similar technologies: Necessary cookies (e.g. session, language, cookie preferences); optional analytics (e.g. PostHog) and marketing cookies only with your consent.

4. Purpose and legal basis (GDPR)

Processing is based on: contract performance (Art. 6(1)(b) GDPR) for account, check-in, contacts, messages, and billing; legitimate interest (Art. 6(1)(f) GDPR) e.g. for fraud and abuse prevention, logs, and IT security; consent (Art. 6(1)(a) GDPR) for optional analytics and marketing cookies; legal obligation (Art. 6(1)(c) GDPR) where applicable, e.g. retention periods.

5. Recipients and third parties

Data may be shared with: (1) Postmark (email delivery), (2) Stripe (payment processing), (3) optionally PostHog or other analytics/marketing services if you have consented, (4) hosting and infrastructure providers (e.g. Vercel, database). Recipients may be in third countries (e.g. USA); we use appropriate safeguards (e.g. EU standard contractual clauses) where required.

6. Retention

Account data, configuration, contacts, and messages are retained until account deletion or withdrawal of consent (for contacts). Escalation and reminder logs are automatically deleted after 30 days. Rate-limiting data is kept only for the duration of the time window. After termination/deletion, personal data is deleted or anonymised in accordance with the contract and applicable law.

7. Your rights

You have the right to access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and to object (Art. 21), as well as to withdraw consent (Art. 7(3) GDPR). Use the in-app settings (e.g. data export, delete account) or contact us at the email above. You also have the right to lodge a complaint with a supervisory authority (e.g. Berlin Commissioner for Data Protection and Freedom of Information).

8. Cookies and consent

Necessary cookies are required for the app to function and are not subject to consent. We use optional analytics and marketing cookies only if you have given your consent. You can change your cookie preferences at any time via the cookie banner or cookie settings on the website. See the cookie settings for more details.

9. Security

We implement technical and organisational measures to protect personal data against unauthorised access, loss, or manipulation. Access to personal data is restricted; sensitive values (e.g. tokens) are stored hashed. Communication uses HTTPS.

10. Changes

We may update this Privacy Policy as needed, e.g. when the service or legal requirements change. The current version is always available on this page. We will notify you of material changes by email or in the app where appropriate.