We take the protection of your data very seriously and comply with applicable laws and regulations. In the following, we will give you an overview of what data is processed for what purpose and what happens to your personal data when you use our Android app “Grocy Android: Self-hosted Groceries Management” (hereafter often called just “Grocy”, with no further connection to the official grocy project by Bernd Bestel). Personal data (hereafter often referred to as just “data”) is any data with which you can be personally identified.
Responsible person according to Art. 4 GDPR and service provider according to the Telemediengesetz (TMG):
You can find more information and contact details in About.
2. Collected data
We do not collect any data in Grocy. The app does not use ads, tracking or analytics services. Internet access is used only to connect to your Grocy instance and to enable features such as retrieving Open Food Facts data. These features must be explicitly enabled in settings to best protect your privacy by default.
If you contact us via email, you agree that your data will be stored for the purpose of processing your request and for any further correspondence. If there is no reason for us to further store your data or if you exercise your right of revocation, your data will be deleted. Your data will never be passed on to third parties.
If you have installed Grocy via Google Play, diagnostic data about your app usage may be sent to Google, as described in the Google Account Help for Android. You can turn this on or off in the privacy settings of your Android device, usually this setting is already asked for when you set up your device. The collected data is automatically forwarded to the respective app developers, i.e. to us in the case of our apps, if this option is enabled.
Specifically, this involves the causes of crashes, also called “crash logs”, as well as the number and time of the crashes that occurred. We can also see which version of the app the crashes happened on. In the vast majority of cases, this data helps us a lot, so we can search for the displayed errors and fix them faster. The transmitted data is only information about crashes, no other usage or diagnostic data is transferred to us.
However, the data provided to the developers does not constitute personal data because no individuals can be uniquely identified with the information given.
3. Duration of storage
We store your data only as long as it is necessary for a final processing of your request.
4. Rights of data subjects
Right to information
You have the right to request information about the processing of your personal data.
Control over processing
You have the right to request from us the correction, immediate deletion or restriction of processing of data concerning you.
Right to data portability
You have the right to receive personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another responsible party.
Right of withdrawal
You have the right to revoke your consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Right of objection
If the processing of personal data concerning you is necessary for the performance of a task carried out in the public interest or for the protection of our legitimate interests, you have the right to object.
Right of appeal
If you believe that the processing of personal data concerning you violates the General Data Protection Regulation, you have the right to lodge a complaint with a supervisory authority, without prejudice to other legal remedies.
You can reach the competent supervisory authority for Baden-Württemberg at:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit
Your requests to this web server are protected by SSL encryption. Nevertheless, data transmission on the Internet (e.g. communication by email) may have security gaps. A complete protection of data against access by third parties is not possible.
The use of contact data provided within the framework of the imprint obligation by third parties to send unsolicited advertising and information materials is hereby expressly prohibited. We expressly reserve the right to take legal action in the event of unsolicited promotional information, such as spam e-mails.
6. Liability for links
Grocy contains links to third-party services. When you click on such a link, you will be redirected to the respective service. Please note that these services are not operated by us. We therefore strongly recommend that you read their privacy policies. We have no control over the services and take no responsibility for their content, their privacy policies or their practices.
7. Children’s privacy
Grocy is for interested people of all ages. However, we do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will destroy it immediately.
If you are a parent or guardian and you know that your child has provided us with personal information, please contact us so that we can take the necessary action.