Privacy Policy

1. Data protection at a glance

The following information will provide you with an easy-to-navigate overview of what will happen with your personal data when you visit this website. The term "personal data" comprises all data that can be used to personally identify you. For detailed information, please consult the sections below.

Who is responsible? The data processing on this website is carried out by the operator named under "Responsible party" below.

Which data do we collect? When you visit this website, technical data (in particular your IP address) is automatically recorded by our hosting provider in server log files. We do not collect any other data. This website has no contact form, no accounts, no checkout, and no analytics tools.

What do we use your data for? Solely to provide the website technically and to protect it from abuse. No analysis of your usage takes place.

What are your rights? Access, correction, deletion, restriction, data portability, objection, and the right to file a complaint with the supervisory authority. See § 10.

2. Information about the responsible party

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

3. Hosting

Hetzner

Provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (hereinafter "Hetzner"). The website sevengrid.app is served from a server operated in Germany by Hetzner Online GmbH.

Details are available in Hetzner's privacy policy: www.hetzner.com/legal/privacy-policy/.

The use of Hetzner is based on Art. 6(1)(f) GDPR. We have a legitimate interest in reliable presentation of our website.

Data Processing Agreement: We have entered into a data processing agreement (DPA) with Hetzner pursuant to Art. 28 GDPR ensuring that Hetzner processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

4. Server log files

The provider of the pages (Hetzner) automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• browser type and version
• operating system used
• referrer URL
• hostname of the accessing computer
• time of the server request
• IP address

This data is not merged with other data sources. Collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of the website. The server log files have to be collected for this purpose.

Retention: Server log files are deleted as soon as they are no longer required for the stated purposes, usually after a few weeks. No analysis for advertising or tracking purposes takes place. Data whose further retention is necessary for evidentiary purposes (e.g. in case of a concrete security incident) is exempt from deletion until the matter is finally resolved.

Regional price display (country detection)

So that the Pro purchase price is shown in the currency that applies in your country, we derive a two-letter country code (e.g. DE, US) from your IP address on our server when you load the page. The lookup is performed solely against a database stored locally on our server; no external geo service is called and no connection to any third party is made.

The derived country code is used exclusively to select the price to display. It is not logged, not stored, not combined with other data, and not used to build user profiles. If no price is available for your country, or the IP cannot be resolved, the default price is shown. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a correct, country-appropriate price).

The lookup uses the IP to Country Lite database by DB-IP (db-ip.com), made available under the Creative Commons Attribution 4.0 International License.

5. Fonts (self-hosted)

This page uses the font families Inter, Geist, and JetBrains Mono. All three are released under the SIL Open Font License 1.1 and are served directly from this website's server from the /assets/fonts/ directory.

There is no connection to fonts.googleapis.com, fonts.gstatic.com, or any other third-party CDN. When you visit the website, your IP address is transmitted for the font resources only to our hosting provider (Hetzner, see § 3), not to Google, not to Vercel, not to JetBrains.

Legal basis for serving the fonts: Art. 6(1)(f) GDPR (legitimate interest in consistent, device-independent presentation).

6. localStorage (theme preference)

This website sets no cookies. It uses your browser's localStorage to persist exactly one piece of information on your device:

• sevengrid-theme: stores your selected theme (Aurora, Pine, Atlas, Ember, Forge, Midnight, Plum, Mocha) so your choice persists across visits. Value: one of the listed theme names as a plain string.

This value never leaves your device. It is not transmitted to our server or any third party. It contains no tracking-relevant information. You can remove the entry at any time via your browser settings (clear site data); the theme will reset to the default on your next visit.

Legal basis: § 25(2)(2) TDDDG in conjunction with Art. 6(1)(f) GDPR. The storage is strictly necessary to provide the theme functionality you explicitly requested.

7. External links

This website contains links to external resources, in particular to the sister site byteside.net and, where applicable, the Google Play Store. These are static links: no scripts, pixels, iframes, or embed widgets from these third parties are loaded into our page. Only after you actively click does the destination open; from that point on, the respective provider processes your IP address, cookies, and other browser data according to their own privacy policy. Before you click, no data is transmitted to these third parties.

External links carry rel="noopener noreferrer", so the referrer of your current visit is not transmitted either. Legal basis for providing the links: Art. 6(1)(f) GDPR.

Note: the domain byteside.net belongs to the same responsible party as this website and is, in data-protection terms, not a third party. When switching between the domains, the privacy policy of the respective domain applies.

8. Mobile app: separate privacy policy

The mobile SevenGrid app (planned launch on the Google Play Store, 2026) processes data in a completely different manner from this marketing website. In particular:

• Habit, mood, and reflection data are stored exclusively locally on your device (SQLite database). There is no cloud sync.
• For the optional Pro purchase, the payment processor RevenueCat is used.
• For anonymised crash reports, the service Sentry (EU region) can optionally be enabled.
• On the platform side, Google Play may process data according to Google's platform privacy policy.

A preliminary version of the app privacy policy is already available: App Privacy. For deletion requests, separately: Request data deletion. The final version with all mandatory disclosures (supervisory authority, retention periods per processing activity, third-country mechanisms for RevenueCat/Sentry, etc.) will be published with the Google Play listing for the v1.0 launch and will then additionally be part of the app itself (menu "Privacy"). This document does not cover the app.

9. General notes & mandatory information

Data protection

The operator of these pages takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy. Please note that data transmission on the Internet (e.g. via email) can have security gaps. Complete protection of data against access by third parties is not possible.

SSL / TLS encryption

This site uses SSL / TLS encryption for security reasons and to protect the transmission of confidential content. An encrypted connection is indicated by the address bar showing "https://" and the padlock icon in the browser. HSTS is enabled with a maximum-age directive.

Retention

Unless a more specific retention period is mentioned in this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible grounds for retention.

Legal bases

If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR. If you have consented to the storage of cookies or to access to information on your device, the data processing is additionally based on § 25(1) TDDDG. Consent can be revoked at any time. If your data is required for contract performance or for pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, we process your data on the basis of Art. 6(1)(c) GDPR if required for compliance with a legal obligation. Data processing may also be based on our legitimate interest under Art. 6(1)(f) GDPR.

Recipients of personal data

We only pass personal data to external parties if this is necessary for contract performance, if we are legally obligated, if we have a legitimate interest under Art. 6(1)(f) GDPR in passing it on, or if some other legal basis permits the transfer. The only data processor for this website is Hetzner Online GmbH (see § 3).

No automated decision-making

Automated decision-making, including profiling within the meaning of Art. 22(1) and (4) GDPR, does not take place on this website.

10. Your rights

Right of access, rectification, and erasure

Within the framework of the applicable statutory provisions, you have the right at any time to free information about your stored personal data, its origin and recipients, and the purpose of data processing, and, if applicable, the right to correction or deletion of this data. For this and for any further questions, please contact us: sevengrid@byteside.io.

Right to restriction of processing

You have the right to request the restriction of processing of your personal data. The right to restriction of processing exists in particular if you contest the accuracy of your data, the processing was unlawful, we no longer need the data but you need it to pursue legal claims, or you have lodged an objection.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request direct transfer of the data to another controller, this will only be done as far as technically feasible.

Right to withdraw consent

Many data processing operations are only possible with your express consent. You can withdraw consent already given at any time. The lawfulness of data processing carried out prior to withdrawal remains unaffected by the withdrawal.

Right to object (Art. 21 GDPR)

If data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right at any time to object to the processing of your personal data on grounds relating to your particular situation; this also applies to profiling based on these provisions. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defence of legal claims.

Right to complain to the supervisory authority

In the event of breaches of the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged breach. The supervisory authority responsible for the controller is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Königstraße 10a, 70173 Stuttgart, Germany
www.baden-wuerttemberg.datenschutz.de