Quick Navigation
Data Controller
Benedikt Falk (Main Developer / Hauptentwickler)
Streitbichlweg 8, 83457 Bayerisch Gmain, Germany
E-Mail: legal@rmdme.com
This privacy policy applies to the RMDme app for mobile devices, developed by Benedikt Falk as a free service. This service is provided "AS IS". RMDme is currently available for testing in Austria and Germany.
Information We Collect
User Provided Information
Registration with RMDme is mandatory. We process:
- Email address (for login)
- Pseudonymous user ID
- Password hash (never stored in plain text)
- User-chosen display name
Security Note
Passwords are handled by AWS Cognito and stored only as salted cryptographic hashes. All traffic is encrypted in transit.
Automatically Collected Information
The app may collect certain information automatically, including device type, OS identifiers, IP address, and limited technical usage information. We do not use cookies or analytics/advertising tools in the current version.
Location Information
This application does NOT gather precise location information or any real-time location data from your device.
Purposes & Legal Bases (GDPR)
| Purpose | Legal Basis |
|---|---|
| Core app functions (reminders, notifications) | Art. 6(1)(b) GDPR |
| Voice input for reminders (optional) | Art. 6(1)(b) GDPR |
| Smart reminder creation | Art. 6(1)(b) GDPR |
| Account & authentication | Art. 6(1)(b) GDPR |
| Transactional communications | Art. 6(1)(b) GDPR |
| Stability & security (server logs) | Art. 6(1)(f) GDPR |
Voice Input Options
- Apple Speech: Audio is sent to Apple's servers; Apple acts as independent controller.
- Whisper AI (local): Processing happens entirely on your device. Audio is automatically deleted after transcription.
Third Parties & Data Processors
We do not use analytics or advertising SDKs. The following processors help us provide our service:
- AWS Bedrock (EU region) Processing for smart reminder suggestions. Configured so prompts are not used to train models.
- AWS Cognito (EU region) Account & authentication services.
- Amazon RDS (EU region) Database storage for user accounts and reminders.
- Amazon API Gateway & Lambda (EU region) API management and serverless compute functions.
- Amazon CloudWatch (EU region) Monitoring with minimal technical metadata only.
- Apple APNs Push notification delivery using device token only.
- Amazon Bedrock Guardrails (EU region) Safety filtering to block/redact sensitive inputs.
Data Retention
| Data Type | Retention Period |
|---|---|
| Reminders | Until completion + 30 days |
| Processing prompts & metadata | Real-time processing, logs < 30 days |
| Voice input (Whisper AI) | Duration of transcription only |
| Push tokens | Until account deletion |
| Technical logs | 30 days |
| Account data | Life of account; deleted within 30 days of closure |
Your Rights (EU/EEA)
Under the GDPR, you have the following rights:
- Access - Request a copy of your personal data
- Rectification - Correct inaccurate data
- Erasure - Request deletion of your data
- Restriction - Limit processing of your data
- Portability - Receive your data in a portable format
- Objection - Object to processing based on legitimate interests
How to Exercise Your Rights
Contact us at legal@rmdme.com. We will respond within one month. You can also disable notifications in your device settings, withdraw consent in the app, or delete your account directly in the application.
You can also lodge a complaint with a supervisory authority if you believe your rights have been violated.
Security
We provide physical, electronic, and procedural safeguards to protect your information:
- Data encrypted in transit
- Passwords stored only as salted hashes
- Limited developer access on need-to-know basis
- No raw audio recordings stored
- Sensitive fields avoided in logs
Sensitive Information
Please avoid entering health, financial, or other special-category data in reminders or voice inputs. We use automated safety filters (Amazon Bedrock Guardrails) to block obvious sensitive content, but filters cannot guarantee detection of all sensitive data.
Children
The app is not directed to children. You must be at least 16 years old to use RMDme. If we learn that we have collected personal data from a person under 16, we will delete it and may disable the account.
Parents or guardians can contact us at legal@rmdme.com.
International Data Transfers
Where services operate outside the EEA (e.g., push delivery infrastructure), we rely on appropriate safeguards such as:
- EU-US Data Privacy Framework
- Standard Contractual Clauses (SCCs)
- Encryption in transit
Changes to This Policy
This Privacy Policy may be updated from time to time. We will notify you of changes by updating this page. Continued use is deemed approval of all changes.
Questions about Privacy?
If you have any questions regarding privacy or this policy, please contact us.
legal@rmdme.com