legal

wantoo Privacy Policy

Version1.0

Effective date2026-05-31

Data controllerNextLevel Group limited liability company (sp. z o.o.), ul. Glogowska 35A lok. 6/2, 60-736 Poznan, Poland, tax ID (NIP) 7812086892, REGON 541316514, KRS 0001165259

Data contactkontakt@trainone.app

This Policy explains what personal data we process in wantoo, for what purposes, on what legal bases and what rights data subjects have.

  • We process account data: Appwrite user ID, visible name, email address received from the sign-in provider and session identifiers.
  • We process data entered by the User: List titles, public/private status, Item titles, descriptions, URLs, thumbnails and reservation information.
  • We process technical data required for operation: server logs, IP address, device information, sync events and diagnostic data.
  • We do not request special category data such as health data, political opinions or biometric data.
  • Providing the Service, sign-in, synchronization and account handling: Article 6(1)(b) GDPR.
  • Security, abuse prevention, error diagnostics and claims: Article 6(1)(f) GDPR.
  • Tax and accounting obligations, if payments occur: Article 6(1)(c) GDPR.
  • Marketing, analytics or ads not required for the Service: consent, Article 6(1)(a) GDPR, if such features are enabled.
  • The Appwrite backend is self-hosted on Hetzner infrastructure. App data and files are stored on that server.
  • OAuth sign-in providers are Google and Apple. Data scope depends on the settings of the relevant provider account.
  • Payments and subscriptions, if enabled, may be processed by Apple, Google and RevenueCat.
  • Ads, if enabled, may be served by Google AdMob only after consent requirements are satisfied.
  • Data may be disclosed to infrastructure, sign-in, payment, email and support providers to the extent necessary to provide the Service.
  • Google, Apple, RevenueCat or other providers may process data outside the European Economic Area. Appropriate safeguards, such as standard contractual clauses, should then apply.
  • Public Lists and their Items are available to anyone with the link; do not place confidential information there.
  • Account and List data is retained while the User uses the Service and, after deletion, for the time needed to complete deletion, defend claims or comply with legal obligations.
  • Backup data is deleted according to backup rotation cycles.
  • Billing data, if created, may be retained for the period required by tax law.
  • You have the right of access, rectification, erasure, restriction, portability and objection.
  • Where processing is based on consent, you may withdraw consent at any time without affecting prior lawful processing.
  • Requests may be sent to kontakt@trainone.app. We generally respond within one month.
  • You may lodge a complaint with the Polish supervisory authority, the President of the Personal Data Protection Office.
  • We use HTTPS/TLS, access controls, Appwrite document permissions, offline-first local synchronization and backups.
  • Access to data is limited to people and systems that need it.
  • The User should protect their Google or Apple account and the device used to access the app.
  • The website may use necessary technical mechanisms such as session cookies, language preferences and local storage.
  • The mobile app uses device local storage and ObjectBox for offline operation, and the Appwrite SDK for sessions.
  • Analytics and ads that are not technically required should not be enabled without appropriate consent.
  • The Service is not directed to children under 16.
  • Minors should use the Service only with consent from a parent or guardian where required by law.
  • This Policy may be updated when the Service, providers or laws change.
  • The current version is available on the website. We will inform Users about material changes in the app, on the website or by email where required.

In case of discrepancies between the Polish and English versions, the Polish version prevails.

Terms of Service
enpl