Privacy Policy

1. Controller (Art. 4 GDPR)

MY YACHTWEEK SL
Paseo del Borne 14
07012 Palma de Mallorca
Islas Baleares, Spain
E-Mail: privacy@hellokiwi.app
Represented by the Director: Pierre Schorb

2. Purposes

• Travel planning, packing lists and destination management.
• Optional AI assistance (e.g. packing assistant).
• Map/location information (Apple/Google/Viator).
• Notifications for trips, tasks and events.
• Stability, diagnostics and anonymous usage analysis (Matomo).

2a. Multi-Device Synchronisation (iCloud / CloudKit)

HelloKiwi supports cross-device synchronisation of data via iCloud and Apple CloudKit. Your app data — such as trips, destinations, packing lists, photos, settings and status information — is synchronised through the iCloud services of your Apple account.

Synchronisation takes place exclusively within your personal iCloud storage. We do not have access to any content processed via iCloud.

Which data is synchronised depends on your use of the app. Transmission is encrypted according to Apple’s security standards.

You can disable synchronisation at any time by turning off iCloud for HelloKiwi on your device.

3. Legal Bases

• Contract (Art. 6 para. 1 lit. b GDPR)
• Legitimate interest (Art. 6 para. 1 lit. f GDPR)
• Consent (Art. 6 para. 1 lit. a GDPR)

4. Recipients

Apple (push services), OpenAI (functional AI processing), Apple/Google/Viator (map and location information). Data is transferred only for technical provision of app functions.

No names, emails, addresses or other personally identifying data are transmitted as part of the optional AI function. User identification is not possible. Content is processed exclusively for functional purposes within the app and is not used for model training.

4a. Trip Sharing & Collaboration (CloudKit Share)

HelloKiwi allows trips to be shared with other users via Apple CloudKit Share. Associated trip data — such as trip title, destinations, dates, notes, packing lists, images and status information — becomes visible to the people you invite.

Sharing takes place only after your active action (e.g. “Share trip”) and only with the recipients you select. Recipients can view the data and — if permitted — collaborate on the trip.

Processing takes place via iCloud/CloudKit. We do not have access to shared content. You can revoke sharing at any time; the data will then be removed from the recipients’ devices.

Please do not share sensitive data of third parties without their consent.

5. Anonymous Usage Analytics (Matomo)

We use the open-source software Matomo in this app for anonymised analysis of app usage. Processing is exclusively for technical improvement, stability and user experience.

Matomo is operated exclusively on our own server (track.hellokiwi.app). The server is located in a data centre within the European Union. No data is transferred to third countries.

It does not use

• cookies,
• device identifiers or user IDs,
• IP addresses (last two bytes are removed), and
• no data is transferred to third parties.

No personal or content data from the app is transmitted. In particular, no names, email addresses, trip titles, descriptions, participant information or custom packing-list content is collected. Only anonymous technical events (e.g. view appearances or function usage) are recorded without any personal reference.

There is no device or user recognition and no cross-app or cross-platform tracking. Therefore, this analysis complies with the GDPR and Apple’s App Tracking Transparency guidelines.

Processing is based on Art. 6 para. 1 lit. f GDPR (legitimate interest in anonymous measurement). Personal identification is excluded.

6. Storage & Retention

Data is retained only as long as necessary; afterwards it is deleted or anonymised.

Photos, notes and trip data are stored locally on the device in an app-internal database (e.g. Apple Core Data / app storage). We do not upload this data to our own servers.

Any cloud backups provided by the operating system or chosen by the user (e.g. iCloud) are outside our control and governed by the respective providers’ policies.

When the app is uninstalled, locally stored data is removed from the device.

7. Your Rights

• Access, rectification, erasure, restriction
• Data portability
• Objection
• Withdrawal of consent
• Complaint to a supervisory authority (AEPD, Spain)

www.aepd.es

8. Third Countries

Transfers are made only on the basis of recognised safeguards (e.g. EU Standard Contractual Clauses).

9. Security

State of the art, access restrictions, encryption, regular reviews.

10. Provision Obligations

Without certain data, some functions cannot be used (e.g. push without token).

11. Device Access

The app may request the following permissions:

• Calendar: Adding trip and event entries (local; only with consent).
• Camera / Photos: Taking or selecting images (local; no transmission by us).
• Notifications: Reminders for trips, tasks and events (only with consent).

Permissions can be withdrawn at any time in system settings.

12. No Tracking (Advertising & Profiles)

The app does not use advertising tracking SDKs, no advertising profiling, no third-party ad networks and no cross-site tracking.

The Matomo usage described in section 5 is anonymous and on our own server and does not permit personal identification.

13. Changes

Adjustments are made when services or legal requirements change. See the header for the latest update.

Contact

privacy@hellokiwi.app

Version 1.2 • Document ID: HK-PRIV-2025-11-14-EN-MT