joviapp-kellnerhilfe

Privacy Policy for the JoVi App

Legal version: 2026-06-06.base.v1 Approved for app version: 2.1.8+261601438

Version date: 06.06.2026

1. Controller

The controller responsible for the processing of personal data within the meaning of the General Data Protection Regulation is:

Johannes Vilsmeier
Blütenstr. 11 71384 Weinstadt
Email: developer.joviapp@gmail.com
Privacy contact: developer.joviapp@gmail.com

2. Subject Matter of This Base Privacy Policy

This Base Privacy Policy applies to the general local use of the JoVi App without enabled cloud or Pro features. It covers in particular local solo use on the end device as well as generally available export, scan, help, and content functions.

Separate Cloud Privacy Notices additionally apply to cloud features such as sign-in. Separate Pro Privacy Notices additionally apply to paid Pro features and subscriptions such as team synchronization and server-supported collaboration. From a technical perspective, Pro features are always also cloud features.

3. Processed Data in Base Use

3.1 Locally Stored Data

In local base use, the app stores data especially using local app storage, Hive, and SharedPreferences. This may in particular include:

• menus and menu items
• table orders
• cashier and payment data
• table layout and table names
• app settings, language, UI scaling, and other usage preferences
• local markers, read states, and hidden states within the app
• local history information within the app

As a rule, these data remain on your end device as long as you do not activate separate cloud functions.

3.2 Export, Import, and Sharing Data

The app offers export, import, download, open, and share functions. In this context, the following may in particular be processed or transferred to targets selected by you:

• menu files in .jovi format
• CSV, HTML, and PDF exports
• statistics files from locally available data sets

If you use a share, open, or save function, data are transferred to the target app, file storage, or system function selected by you. From that point on, their data protection conditions additionally apply.

3.3 Camera and Scan Functions

The app uses a scanner function for QR-based or camera-supported processes. The camera is only used if you actively call the corresponding function.

3.4 Technical and Operational Data

To provide the base functions, technical metadata may also be processed, in particular:

• platform and operating system context
• app version and build number
• timestamps of processes
• error and status information within local app workflows

According to the reviewed code, there is no separate use of advertising tracking, advertising SDKs, or classic user profiling.

3.5 External Content and Embedded Services

The app uses several services provided by GitHub, Inc. / Microsoft. The Community screen fetches its content, such as texts, cards, and video IDs, from GitHub servers. The online versions of the legal documents can also be opened via GitHub Pages. Every connection to GitHub servers technically involves the transmission of your device’s IP address.

In the Community screen, YouTube videos are displayed as embedded players directly within the app. For this purpose, the package youtube_player_flutter is used, which internally loads a YouTube player via a WebView (https://www.youtube.com/embed/...). When the Community screen is opened and the relevant section becomes visible, the device automatically establishes a connection to Google/YouTube servers. The following may in particular be transmitted:

• IP address of the device
• device information and browser context of the embedded WebView
• cookies or tracking identifiers from YouTube/Google if you are signed in to Google or Google cookies are present on your device

The processing of data by Google and YouTube is governed by Google’s privacy policy (https://policies.google.com/privacy).

4. Purposes of Processing

In base use, we process data in particular for the following purposes:

• providing local app functions
• local storage and display of menus, orders, payment data, and statistics
• export, import, opening, and sharing of content at the user’s request
• providing scan and camera functions on user request
• error analysis, abuse prevention, and technical stability
• loading external community and legal-text content when you actively use those functions

5. Legal Bases

Where the GDPR applies, we rely in particular on the following legal bases for processing:

• Art. 6(1)(b) GDPR for providing the base app functions you use
• Art. 6(1)(f) GDPR for security, abuse prevention, stability, and administrative purposes
• Art. 6(1)(a) GDPR where you voluntarily use functions such as external sharing, camera usage, or embedded external content
• Art. 6(1)(c) GDPR where legal retention or evidence obligations exist

6. Recipients and Service Providers Used

According to the reviewed code status, the following external services are particularly used or integrated in base use:

• GitHub, Inc. / Microsoft for loading Community screen content and for hosting and retrieving the online versions of the legal texts via GitHub Pages. In this context, the IP address, request time, requested content, and technical connection or app-context data may in particular be processed.
• YouTube / Google LLC for the embedded YouTube videos in the Community screen. In this context, the IP address, device and WebView information, player usage data, and, where applicable, cookies or comparable identifiers may in particular be processed.
• system or third-party apps as well as platform-specific file and sharing functions when export, open, save, or share functions are used. In this context, the files, file names, contents, and, where applicable, technical metadata selected by you are transferred to the destination chosen by you.

Depending on the service accessed and the technical infrastructure, processing may also take place outside the European Union or the European Economic Area, in particular in the United States. The specific third-country processing is governed by the privacy information of the respective provider. Those notices may also contain further information on the transfer mechanisms used in each case, such as adequacy decisions or other appropriate safeguards.

7. Storage Locations and Retention Periods

7.1 Local Data

Locally stored data generally remain on your end device until you delete them in the app, uninstall the app, or reset local storage.

7.2 External Transfers at Your Request

If you use export, open, or sharing functions, further retention after the transfer depends on the target app, file storage, or system function selected by you.

7.3 External Online Content

Where you open online legal texts, community content, or embedded videos, the retention period for the related connection and usage data depends on the respective external provider.

8. Security

The reviewed project status uses local storage mechanisms, app-internal state management, and platform-specific system protections in base use. Please note that no electronic data processing is completely secure. You should protect end devices appropriately and not share sensitive exports without safeguards.

9. Obligation to Provide Data

Providing locally processed data is required for the respective function. Without entering menus, orders, or other content, certain functions cannot be used meaningfully.

10. Rights of Data Subjects

Subject to the legal requirements, you have in particular the following rights:

• right of access under Art. 15 GDPR
• right to rectification under Art. 16 GDPR
• right to erasure under Art. 17 GDPR
• right to restriction of processing under Art. 18 GDPR
• right to data portability under Art. 20 GDPR
• right to object under Art. 21 GDPR
• right to withdraw consent with effect for the future
• right to lodge a complaint with a supervisory authority under Art. 77 GDPR

If you wish to exercise your rights, please use the privacy contact address stated above.

11. Changes to This Base Privacy Policy

This Base Privacy Policy may be amended for the future if factual reasons require it, especially due to changes in base functions, external integrations, or legal requirements.

12. No Automated Decision-Making

According to the currently reviewed project status, no automated decision-making including profiling within the meaning of Art. 22 GDPR takes place that produces legal effects concerning you or similarly significantly affects you.

13. Notes for Commercial or Organizational Use

If you use the app in the context of a business, club, or other organization and enter personal data of employees, temporary staff, team members, guests, or other third parties, you may have your own data protection obligations. These may in particular include:

• your own information duties toward affected persons
• verification of a suitable legal basis
• internal deletion and authorization concepts
• contractual or organizational arrangements within the business where necessary

14. Contact

Questions about data protection may be sent to:

developer.joviapp@gmail.com