Altura
Log In

Privacy Policy

Last updated: February 2026

1. Data Controller

Responsible for data processing on this website is:

Perez Sales Turnhallenstr. 26 67310 Hettenleidelheim Germany
Email: info@getaltura.app

2. Data We Collect

We collect and process the following personal data:

2.1 Account Data

  • Email address (for login and communication)
  • Name (optional, for personalization)
  • Profile picture (optional)
  • Password (stored encrypted)

2.2 Usage Data

  • Vision entries and goals
  • Habits and their progress
  • Journal entries
  • Calendar entries and time blocks
  • Review entries

2.3 Technical Data

  • IP address (anonymized)
  • Browser type and version
  • Operating system
  • Date and time of access

2.4 Payment Data

Payment information is processed directly by our payment provider Stripe. We do not store credit card numbers or bank details. We only receive a customer ID from Stripe to associate subscriptions.

3. Purpose of Data Processing

We process your data for the following purposes:

  • Providing and operating the Altura app
  • Managing your user account
  • Processing payments and subscriptions
  • Improving our services
  • Communication regarding your account
  • Fulfilling legal obligations

4. Legal Basis

Processing of your data is based on the following legal grounds:

  • Contract performance (Art. 6(1)(b) GDPR): For providing our services
  • Legitimate interests (Art. 6(1)(f) GDPR): For security and app improvement
  • Consent (Art. 6(1)(a) GDPR): For optional features like newsletters
  • Legal obligation (Art. 6(1)(c) GDPR): For retention requirements

5. Data Sharing

We only share your data with third parties in the following cases:

  • Supabase: Hosting and database (servers in the EU)
  • Vercel: Website hosting (GDPR compliant)
  • Stripe: Payment processing (PCI-DSS certified)
  • Resend: Transactional email delivery (e.g., password resets, notifications)
  • Sentry: Error monitoring and performance tracking (anonymized data)
  • Kit (ConvertKit): Email marketing and newsletter (only if you opt-in)
  • Anthropic: AI coaching processing (only when you use the Auryn coach feature)
  • OpenAI: Voice transcription (Whisper), text-to-speech, and semantic search embeddings (only when you use voice or AI features)

All service providers are contractually obligated to comply with GDPR.

6. Data Retention

  • Account data: Until account deletion
  • Usage data: Until account deletion
  • Billing data: 10 years (legal retention requirement)
  • Technical logs: 30 days

7. Your Rights

You have the following rights regarding your personal data:

  • Access (Art. 15 GDPR): You can request information about your stored data
  • Rectification (Art. 16 GDPR): You can request correction of inaccurate data
  • Erasure (Art. 17 GDPR): You can request deletion of your data
  • Restriction (Art. 18 GDPR): You can request restriction of processing
  • Portability (Art. 20 GDPR): You can receive your data in a common format
  • Objection (Art. 21 GDPR): You can object to processing

To exercise your rights, you can use the data export and deletion features in settings or contact us at info@getaltura.app.

8. Data Security

We employ the following security measures:

  • SSL/TLS encryption for all data transfers
  • Encrypted password storage
  • Row Level Security (RLS) in the database
  • Regular security updates
  • Access restrictions on a need-to-know basis

9. Third-Party Calendar Integrations

Altura offers optional integrations with third-party calendar services. When you connect a calendar service, we access your data only as described below.

9.1 Google Calendar

  • When you connect your Google account, we request access to view your calendar list and events.
  • We use this data solely to display your calendar events within Altura and to sync events you create in Altura to your Google Calendar.
  • Your calendar data is stored securely and is never shared with third parties.
  • You can disconnect your Google account at any time in Settings, which revokes our access.

Google API Limited Use Disclosure: Altura's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, do not transfer it to third parties (except as necessary to provide the service), and do not allow humans to read this data unless you have given explicit consent, it is necessary for security purposes, or we are required to do so by law.

9.2 ICS Import/Export

You can import calendar events from ICS files or subscribe to your Altura calendar via a private feed URL. The feed URL contains a unique token that provides read-only access to your events. You can revoke this token at any time in Settings.

11. Cookies

We only use technically necessary cookies for authentication and session management. These cookies are required for the app to function and cannot be disabled.

We do not use tracking or advertising cookies.

12. Changes

We may update this privacy policy from time to time. For significant changes, we will notify you by email. The current version is always available on this page.

13. Right to Complain

You have the right to file a complaint with a data protection supervisory authority regarding the processing of your personal data.

14. Contact

For privacy-related questions, contact us at:
Email: privacy@getaltura.app