Last updated: April 12, 2026

Splito is provided as native mobile applications (Google Play, Apple App Store), a separate web application, and an API. This privacy policy applies to informational pages served under this domain, invite links (e.g. /event/…), and related processing. Processing in the native apps and in the separate web app is also governed by the respective notices and settings there.

Table of contents

• Controller
• Overview of processing
• Legal bases
• Security measures
• Disclosure of personal data
• International transfers
• Storage and deletion
• Data subject rights
• Online services and hosting
• Cookies
• Plugins and embedded content

Controller

Sven Antwertinger

Email: [email protected]

Overview of processing

The following overview summarizes the types of data processed, the purposes of processing, and categories of data subjects.

Types of data

• Master data.
• Contact data.
• Content data.
• Usage data.
• Meta, communication and procedural data.
• Log data.

Categories of data subjects

• Communication partners.
• Users.

Purposes of processing

• Communication.
• Security measures.
• Organizational and administrative procedures.
• Feedback.
• Provision of our online services and usability.
• IT infrastructure.

Legal bases (GDPR)

Consent (Art. 6(1)(a) GDPR) — the data subject has consented to processing for one or more specific purposes.

Legitimate interests (Art. 6(1)(f) GDPR) — processing is necessary for the purposes of legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

National laws in Germany: In addition to the GDPR, national data protection rules may apply (e.g. BDSG). Switzerland: These notices also serve transparency under Swiss law; GDPR terminology is used for clarity where applicable.

Security measures

We implement appropriate technical and organizational measures according to legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, context and purposes of processing, as well as the varying likelihood and severity of risks to rights and freedoms of natural persons.

TLS/HTTPS: We use TLS encryption for data transmitted between our online services and your browser or device (or between servers), indicated by HTTPS in the URL.

Disclosure of personal data

In the course of processing, data may be transmitted to recipients such as IT service providers or providers of services and content integrated into our website. We observe legal requirements and, where required, conclude appropriate agreements (e.g. data processing agreements).

International transfers

Where data is transferred to third countries (outside the EU/EEA), we do so in accordance with legal requirements. For transfers to the USA, we primarily rely on the EU–US Data Privacy Framework (DPF) where applicable, and, where needed, supplementary measures such as Standard Contractual Clauses (SCCs). See https://www.dataprivacyframework.gov/.

Storage and deletion

We delete personal data in accordance with legal requirements when consent is withdrawn or the legal basis ceases to apply, unless statutory retention obligations or overriding interests require continued storage.

Retention periods under German law may include, for example, tax and commercial retention periods (e.g. 6–10 years for certain records). Where multiple retention periods apply, the longest period generally governs.

Rights of data subjects

Subject to applicable law, you may have the rights to access, rectification, erasure, restriction of processing, data portability, objection (including to direct marketing), and to lodge a complaint with a supervisory authority.

Online services and hosting

We process user data to provide our online services. This includes, for example, IP addresses required to deliver content and functions to your browser or device.

Server log files: Access may be logged (requested resources, timestamps, transferred data volume, user agent, referrer, IP address, provider). Logs are used for security (e.g. abuse prevention) and service stability. Deletion: log information is typically stored for up to 30 days and then deleted or anonymized, unless longer retention is required for evidence purposes.

Cookies

We use cookies and similar technologies where permitted. Where consent is required, we obtain it in advance. Necessary cookies may be used based on legitimate interests or legal obligations. You can withdraw consent and adjust browser settings where applicable.

Plugins and embedded content; Google Fonts

We may embed content or fonts from third-party servers. Providers may process IP addresses and technical data required to deliver fonts or content.

Google Fonts (served by Google): Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy policy: https://policies.google.com/privacy. Further information: Google Fonts privacy FAQ. Where data is processed in the USA, appropriate safeguards (e.g. DPF/SCCs) may apply.

Based on a privacy policy template (Datenschutz-Generator.de)