Data protection
Privacy Policy
Status: 22.05.2026
1. Controller
The controller for data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is:
Tim Büttner
Paracelsusstr. 47
73730
Esslingen a Neckar
Email: hallo@getmodo.de
2. General Information and Mandatory Disclosures
The protection of your personal data is important to us. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
3. Hosting by Shopify
Our website is hosted by Shopify Inc., 150 Elgin Street, Ottawa, Ontario, K2P 1L4, Canada. Shopify processes personal data on our behalf (Art. 28 GDPR) based on a data processing agreement.
When you visit our website, the following data is automatically collected:
- IP address
- Date and time of access
- Referrer URL
- Browser type and version
- Operating system
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in the technically flawless provision of the website).
Further information on data processing by Shopify: https://www.shopify.com/legal/privacy
4. Cookies and Tracking
Our website uses cookies. A cookie banner appears on your first visit, through which you can consent to non-essential cookies (Art. 6 para. 1 lit. a GDPR).
Technically necessary cookies (e.g., shopping cart session): Legal basis Art. 6 para. 1 lit. f GDPR.
Analysis and marketing cookies: only with your consent.
[HERE: insert specific list of cookies/trackers used with purpose and storage duration]
5. Payment Providers
During the ordering process, we process your payment data via the following service providers. Their respective privacy policies can be found on their websites:
-
Shopify Payments
- PayPal
Legal basis: Art. 6 para. 1 lit. b GDPR (fulfillment of contract).
6. Shipping Service Providers
To deliver your order, we pass on your address data to the respective shipping service provider:
DHL Paket GmbH, Straße der Pariser Kommune 8-10, 10243 Berlin
Privacy: dhl.de/datenschutz
Legal basis: Art. 6 para. 1 lit. b GDPR.
7. Contacting Us
If you contact us by email, your details will be stored for processing your inquiry. We will not pass on this data without your consent. Legal basis: Art. 6 para. 1 lit. b or lit. f GDPR.
8. Newsletter
[HERE: only if newsletter is active. Otherwise remove section.]
For sending newsletters, we use [HERE: provider, e.g., Shopify Email / Klaviyo / Mailchimp]. You can unsubscribe at any time via the unsubscribe link at the end of each email. Legal basis: Art. 6 para. 1 lit. a GDPR (consent).
9. Storage Duration
We process your personal data only as long as it is necessary for the respective purposes. For order data, statutory retention periods apply (in particular, 6 years according to HGB, 10 years according to AO).
10. International Data Transfer
Some of our service providers (e.g., Shopify, Stripe) are based in the USA or transfer data there. Data transfer takes place on the basis of the EU-US Data Privacy Framework (adequacy decision of the European Commission) or by using EU standard contractual clauses.
11. MODO - App:
11.1. Principle: Local Processing, No Server Transfer
MODO works completely offline. We operate **no backend server** to which your usage data is transferred, and we offer **no account function**. All data generated within the app is stored exclusively on your device:
- **Focus Profiles** (name, selected apps/categories/websites, icon, Strict Mode setting)
- **Focus Sessions** (start and end time, selected profile, reason for termination)
- **Schedules** (planned focus times)
- **Emergency Backup Codes** for emergency unlocking
- **App Settings** and onboarding status
This data never leaves your device. We cannot access it.
If you have activated iCloud backup or a comparable device backup from your smartphone provider, an encrypted backup of this app data may become part of your device backup. In this case, the respective platform operator (Apple or Google) is solely responsible for this processing, not MODO.
---
11.2 Used Device Permissions and Apple Frameworks
11.2.1 Screen Time / Family Controls (iOS)
MODO blocks apps and websites via Apple's **Family Controls / Screen Time** interface. When you block an app or website, iOS stores an **anonymous, opaque "token"** (`ApplicationToken`, `CategoryToken`, `WebDomainToken`) that only the operating system can resolve. **We do not see** which specific apps you block or allow — we only store these encrypted tokens locally on your device and pass them back to the operating system to apply the blocking.
You must explicitly grant the Screen Time permission in the iOS settings; it can be revoked there at any time.
11.2.2 NFC Reading
MODO reads **NFC tags** exclusively to end (or start) a running focus session via a physical "key". Only a predefined text or URL content is checked (see `docs/nfc-payload-spec.md`). **No personal data** is read from the tag or stored. The NFC permission is requested by the operating system and can be denied at any time.
11.2.3 No Further Permissions
MODO **does not** access the following data or functions: location, camera, microphone, contacts, photos, calendar, health data, advertising ID. We also do not use push notifications that run through external servers.
---
11.3. No Third-Party Providers, No Trackers, No Analytics
MODO contains **no** tracking or analytics SDKs (e.g., Google Analytics, Firebase Analytics, Facebook SDK, Adjust, Sentry, etc.). We use **no advertising networks** and share **no data** with third parties — because there is no data to share.
The only interface to third parties consists of the frameworks provided by the operating system (Apple iOS, Google Android). Their privacy practices can be found here:
- Apple Privacy Policy: <https://www.apple.com/legal/privacy/>
- Google Privacy Policy: <https://policies.google.com/privacy>
---
11.4 App Store Data
If you download MODO via the **App Store** (Apple) or **Google Play Store** (Android), the respective store operator processes technical and possibly billing data (e.g., Apple ID, purchase history, crash reports). This processing is **not done by us**, but by Apple or Google under their own responsibility. We only receive anonymized, aggregated statistics from the stores (e.g., number of downloads per country).
---
11.5. Your Rights under GDPR
Insofar as personal data is processed at all (which is practically not the case with MODO), you have the following rights:
- **Right to Information** (Art. 15 GDPR)
- **Right to Rectification** (Art. 16 GDPR)
- **Right to Erasure** (Art. 17 GDPR)
- **Right to Restriction of Processing** (Art. 18 GDPR)
- **Right to Data Portability** (Art. 20 GDPR)
- **Right to Object** (Art. 21 GDPR)
- **Right to Lodge a Complaint** with a supervisory authority (Art. 77 GDPR)
Since all app data is stored exclusively locally on your device, you can exercise your right to erasure directly by uninstalling MODO or deleting existing profiles/sessions in the app's settings menu. A complete uninstallation irrevocably removes all local MODO data.
---
11.6. Changes to this Privacy Policy
We reserve the right to adapt this privacy policy if the app, legal requirements, or our procedures change. The current version will then apply to your next visit. The date at the beginning of this page indicates the last update.
12. Your Rights
You have the following rights:
- Right to information (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw given consents (Art. 7 para. 3 GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
To exercise your rights, please contact: hallo@modo.shop
13. Changes to this Privacy Policy
We reserve the right to amend this policy to always comply with current legal requirements or to implement changes to our services. The new version will then apply to your subsequent visit.