EN DE

App Datenschutzerklärung

Letzte Aktualisierung: 27. Dezember 2025

1. Impressum

Die mobile Anwendung Basyl wird entwickelt und betrieben von:

Stephan Lengl
Kapellenweg 97
83064 Raubling
DEUTSCHLAND

Telefon: +49 176 624 040 59
E-Mail: info@basyl.ai

2. Datenschutzerklärung

2.1 Introduction

Basyl is a personal finance management application designed with privacy as a core principle. This Privacy Policy explains what data we collect, how we process it, and your rights regarding your personal information.

2.2 Privacy-First Architecture

Cloud-Synchronized Personal Finance Management. Basyl provides seamless multi-device synchronization by storing your financial data both locally on your device and securely in the cloud. This architecture enables you to access your complete financial history across all your devices while maintaining strong privacy protections.

Your financial data (expense records, categories, vendors, tags, and settings) is synchronized to our secure cloud infrastructure hosted exclusively in the European Union (Frankfurt, Germany). This enables features such as:

  • Multi-device access: Use Basyl on multiple devices with automatic synchronization
  • Data backup: Automatic cloud backup protects against device loss or failure
  • Seamless experience: Your data stays up-to-date across all your devices

Your Control: You maintain full control over your data. You can export your complete financial history at any time. If you delete your account or uninstall the app from all devices, your cloud data will be permanently deleted.

2.3 Data Processing Overview

Cloud-Synchronized Data Storage

The following data is stored both locally on your device and synchronized to our cloud infrastructure:

  • Expense transactions (amounts, descriptions, dates, payment methods)
  • Categories and subcategories
  • Vendor information
  • Tags and custom classifications
  • User preferences and settings
  • Currency preferences

Legal Basis: Legitimate interest in providing core app functionality, including multi-device synchronization and data backup (Art. 6(1)(f) GDPR). Additionally, performance of contract (Art. 6(1)(b) GDPR) applies when providing you with cloud-based features.

Data Storage Location: All synchronized data is stored on AWS cloud infrastructure within the EU (Frankfurt, Germany - eu-central-1 region). Your data never leaves the European Union.

Data Retention: Your data remains in our cloud infrastructure as long as your account is active. Upon account deletion or app uninstallation from all devices, your cloud data is permanently deleted within 30 days.

Data Security: All data transmission between your device and our servers uses industry-standard HTTPS/TLS encryption.

External Services

To enhance functionality and improve the app experience, Basyl integrates with the following external services:

2.4 Firebase Analytics

Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (a subsidiary of Google LLC, United States)

Purpose: Understanding app usage patterns, improving stability, and optimizing user experience.

Data Collected:

  • Standard analytics data: app version, device model, operating system, language settings, approximate geographic location (country/region level)
  • Session information: app opens, session duration, screen views
  • Technical data: app crashes, performance metrics
  • Custom event names only: We track when certain actions occur (e.g., "transaction_created", "transaction_updated") but transmit no event payloads or parameters. No financial data, transaction amounts, category names, vendor details, or any personal information is included in these events.

What We Do NOT Collect:

  • No transaction amounts or financial details
  • No category or vendor names
  • No expense descriptions or notes
  • No personally identifiable financial information

Legal Basis: Your consent (Art. 6(1)(a) GDPR). You can enable or disable analytics at any time in the app settings.

Data Transfers: Analytics data may be transmitted to Google LLC servers in the United States. Google relies on the EU–U.S. Data Privacy Framework and EU Standard Contractual Clauses for international data transfers.

Third-Party Privacy Policy: https://policies.google.com/privacy

Your Control: You may withdraw your consent and disable analytics tracking at any time through the app's settings menu.

2.5 Sentry Error Tracking

Service Provider: Functional Software, Inc. (Sentry), 45 Fremont Street, 8th Floor, San Francisco, CA 94105, United States

Purpose: Monitoring application stability, detecting crashes, tracking errors, and improving app reliability.

Data Collected:

  • Error messages and stack traces
  • Device information (model, operating system version, app version)
  • Session information and breadcrumbs (user actions leading to errors)
  • Performance metrics
  • IP address (automatically anonymized)

What We Do NOT Collect:

  • No financial data or transaction details
  • No personally identifiable information
  • Error reports are scrubbed of sensitive data before transmission

Legal Basis: Legitimate interest in maintaining app stability and fixing bugs (Art. 6(1)(f) GDPR).

Data Transfers: Error data may be transmitted to Sentry servers in the United States. Sentry relies on EU Standard Contractual Clauses for international data transfers.

Third-Party Privacy Policy: https://sentry.io/privacy/

Data Retention: Error data is retained for 90 days and then automatically deleted.

2.6 Currency Conversion API (Frankfurter)

Service Provider: apilayer Data Products GmbH, Austria
API Endpoint: https://www.frankfurter.app

Purpose: Providing current and historical exchange rates for multi-currency expense tracking.

Data Transmitted:

  • Currency codes (e.g., USD, EUR)
  • Date for historical rate requests
  • IP address (technical requirement for network requests)

Legal Basis: Legitimate interest in providing accurate currency conversion functionality (Art. 6(1)(f) GDPR).

Data Retention: We do not store data from these requests. The API provider may process request logs according to their own privacy policy.

2.7 AWS Cloud Infrastructure

Service Provider: Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg

Purpose: Hosting our complete backend infrastructure to enable multi-device synchronization, data backup, and cloud-based features.

Data Location: EU (Frankfurt, Germany) - eu-central-1 region. All data processed through AWS remains within the European Union.

Cloud Services: Our backend infrastructure uses AWS cloud services to store and synchronize your financial data, process synchronization requests, and ensure reliable operation.

Data Processed:

  • All financial data: expense transactions, amounts, descriptions, dates, payment methods
  • Categories, subcategories, vendors, and tags
  • User account information and preferences
  • Synchronization metadata (device identifiers, sync timestamps)

Legal Basis: Legitimate interest in providing reliable and scalable infrastructure (Art. 6(1)(f) GDPR), and performance of contract (Art. 6(1)(b) GDPR) for cloud-based features.

Data Transfers: No data transfers outside the EU. All processing and storage occur within the Frankfurt (eu-central-1) region.

Data Security:

  • All data transmission uses HTTPS/TLS encryption
  • Access controls and authentication mechanisms protect your data from unauthorized access

Third-Party Privacy Policy: https://aws.amazon.com/privacy/

Data Retention: Your data remains in AWS infrastructure as long as your account is active. Upon account deletion, all data is permanently removed from our systems within 30 days.

2.8 Your Rights Under GDPR

As a data subject in the European Union, you have the following rights:

  • Right of Access (Art. 15 GDPR): Request confirmation of what personal data we process and obtain a copy.
  • Right to Rectification (Art. 16 GDPR): Request correction of inaccurate personal data.
  • Right to Erasure (Art. 17 GDPR): Request deletion of your personal data under certain conditions.
  • Right to Restriction of Processing (Art. 18 GDPR): Request limitation of processing under certain circumstances.
  • Right to Data Portability (Art. 20 GDPR): Receive your data in a structured, commonly used format.
  • Right to Object (Art. 21 GDPR): Object to processing based on legitimate interests.
  • Right to Withdraw Consent (Art. 7(3) GDPR): Where processing is based on consent, you may withdraw it at any time.

Exercising Your Rights: You can export, modify, or delete your financial data at any time through the app interface. For requests regarding your cloud-stored data, analytics data, or general privacy inquiries, contact us at:

Email: info@basyl.ai

We will respond to your request within one month of receipt.

2.9 Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

German Federal Commissioner for Data Protection and Freedom of Information:
Website: www.bfdi.bund.de

2.10 Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in Transit: All network communications use HTTPS/TLS encryption to protect data during transmission between your device and our servers
  • Local Storage: Data on your device is stored securely in a local database
  • Access Controls: Strict authentication and authorization mechanisms prevent unauthorized access to your data
  • EU Data Residency: All data storage and processing occurs exclusively within the European Union (Frankfurt, Germany)
  • Minimal Data Collection: We only collect and process data necessary for app functionality

2.11 Children's Privacy

Basyl is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal data, please contact us.

2.12 Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes through the app or by other means. The "Last Updated" date at the top of this document indicates when the policy was last revised.

2.13 Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

Stephan Lengl
Email: info@basyl.ai
Phone: +49 176 624 040 59

3. Haftungsausschluss

The content and information provided within the Basyl application are for informational purposes only. While we strive for accuracy, we make no warranties or representations regarding the completeness, accuracy, or reliability of any information.

Financial decisions should be made with appropriate professional advice. Basyl is a personal finance tracking tool and does not provide financial, tax, or legal advice.

© 2025 Stephan Lengl. Alle Rechte vorbehalten.

← Zurück zur Startseite