Privacy Policy

1. Introduction

sareba Computer & Software e.U. ("we," "us," or "our") operates the OpenWebApp mobile application (the "App"). This Privacy Policy explains how we handle information in connection with the App.

We are committed to protecting your privacy and ensuring transparency about our data practices. This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

3. What Data We Collect (and Don't Collect)

3.1 Data We Do NOT Collect

3.2 Data We Collect

The only information we may collect relates to your subscription through Apple's App Store:

Data Type	Purpose	Legal Basis	Storage
Apple ID Subscription Status	Verify subscription and provide app access	Contract Performance (GDPR Art. 6(1)(b))	Apple Inc.
Email (if you contact support)	Respond to your inquiries	Legitimate Interest (GDPR Art. 6(1)(f))	Email server
Crash Reports (optional, iOS)	Improve app stability	Consent (GDPR Art. 6(1)(a))	Apple Inc.

4. How Your Data is Stored

4.1 Local Data Storage

All app data is stored exclusively on your iOS device:

• Conversations: Stored in app's local database on your device
• Settings: Stored in iOS UserDefaults on your device
• API Tokens: Stored securely in iOS Keychain on your device
• Uploaded Files: Temporarily cached during upload, then deleted

4.2 Your OpenWebUI Server

When you use the App, your conversations and uploaded content are transmitted directly to your own OpenWebUI server. We are not involved in this data transfer and have no access to or control over your server.

The privacy and security of data on your OpenWebUI server is governed by:

• Your OpenWebUI server's privacy policy and terms
• Your server administrator's data practices
• The hosting provider you choose for your server

5. Data Transmission and Security

5.1 Direct Connection Architecture

The App connects directly from your device to your OpenWebUI server. Data flow:

1. You → Your Device → Your OpenWebUI Server
2. We (sareba Computer & Software e.U.) are not in this data path
3. No data passes through our servers

5.2 Security Measures

We implement security measures in the App:

• Keychain Storage: API tokens stored in iOS Keychain with encryption
• HTTPS Required: App enforces secure HTTPS connections to your server
• No Cloud Sync: Data never leaves your device except to your server
• App Sandbox: iOS sandbox protects your data from other apps

6. Third-Party Services

6.1 Apple App Store and StoreKit

We use Apple's App Store and StoreKit framework for subscription management. Apple may collect:

• Apple ID information
• Purchase history
• Payment information
• Device information

This data is governed by Apple's Privacy Policy.

6.2 No Analytics or Tracking Services

We do not use:

• Google Analytics or similar services
• Advertising networks
• Social media tracking pixels
• Third-party crash reporting services (beyond optional iOS analytics)

7. Your Rights Under GDPR

As we do not collect your personal data, most GDPR rights are not applicable. However, you have the following rights:

7.1 Right to Information (Art. 15 GDPR)

You can request information about any personal data we may have (e.g., support emails). Contact us at privacy@sareba.net.

7.2 Right to Deletion (Art. 17 GDPR)

Since data is stored locally on your device, you can delete all data by deleting the app. For any data we may have (e.g., support emails), contact us for deletion.

7.3 Right to Data Portability (Art. 20 GDPR)

Your conversation data is stored in a standard format on your device and can be exported through iOS backup mechanisms.

7.4 Right to Object (Art. 21 GDPR)

You can object to any data processing. Since we don't collect personal data, simply don't use the App if you have concerns.

7.5 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority:

8. Children's Privacy

The App is not directed to children under 13 (or 16 in the EU). We do not knowingly collect data from children. If you believe a child has used the App, please contact us.

9. International Data Transfers

Since we do not collect or store your data, there are no international data transfers from us to third countries.

However, note that:

• Apple Inc. (US-based) processes subscription data under their privacy policy
• Your OpenWebUI server may be located anywhere you choose
• You are responsible for any data transfers to your chosen server location

10. Data Retention

10.1 App Data

• Conversations: Stored on your device until you delete them or the app
• Settings: Stored on your device until you delete the app
• Temporary Files: Automatically deleted after processing

10.2 Support Emails

If you contact us for support, we retain your email for up to 3 years for support and legal purposes, then delete it.

10.3 Subscription Data

Subscription data is retained by Apple according to their retention policies and applicable laws.

11. Cookies and Tracking

The App does not use cookies or tracking technologies. If you visit our website (sareba.net), separate cookie policies apply.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy in the App
• Updating the "Last Updated" date
• In significant cases, showing an in-app notification

Your continued use of the App after changes constitutes acceptance of the updated policy.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: We do not collect personal information
• Right to Delete: Delete the app to remove all local data
• Right to Opt-Out of Sale: We do not sell personal information
• Non-Discrimination: We do not discriminate based on privacy rights

14. Contact Us About Privacy

If you have questions or concerns about this Privacy Policy or our data practices:

15. Summary