Privacy Policy — THE CASE

Privacy Policy — THE CASE

1. Who We Are

THE CASE is operated by DNT83 UG (haftungsbeschränkt), based in Germany. This privacy policy explains how we collect, use, and protect your personal data when you use THE CASE mobile application.

Contact:
DNT83 UG (haftungsbeschränkt)
Rathsbergstrasse 70
90411 Nürnberg, Germany
info@thecasebydante.de

2. What Data We Collect

Account Data

  • Name, email address, and password when you create an account
  • Profile picture, if you choose to upload one

Shipping Information

  • First name, last name, address, city, state, postal code, country, and phone number — only if you provide it for placing orders

Usage Data

  • Videos you watch (watch history)
  • Videos you mark as favorites
  • Playlists you create
  • Comments you post on videos (visible to other users)
  • Bids you place in auctions

Device Data

  • Device type (iOS or Android) for delivering push notifications
  • Push notification token, if you grant notification permissions

On-Device Storage

  • Authentication tokens are stored securely on your device using platform-provided secure storage (iOS Keychain / Android Keystore) to keep you signed in
  • Language preferences are stored locally on your device

Payment Data

  • Payment information is processed exclusively by Stripe, Inc. We never store, access, or process your credit card details, bank information, or other payment credentials on our servers.

3. What We Do NOT Collect

We do not collect or process:

  • Location data
  • Contacts or address book data
  • Health or biometric data
  • Advertising identifiers or tracking IDs
  • Browsing history outside the app
  • Data from other apps on your device

If we introduce new data collection in the future (e.g., location services, analytics), we will update this policy and request your consent where required before collecting such data.

4. Publicly Visible Information

The following data you provide may be visible to other users of the app:

  • Your username and profile picture
  • Comments you post on videos
  • Bids you place in auctions

5. Why We Collect Data (Legal Basis under GDPR)

DataPurposeLegal Basis
Account dataProviding our serviceArt. 6(1)(b) — contract performance
Shipping addressOrder fulfillment and deliveryArt. 6(1)(b) — contract performance
Watch history, favorites, playlistsApp features you actively useArt. 6(1)(b) — contract performance
CommentsCommunity interaction featuresArt. 6(1)(b) — contract performance
Auction bidsAuction participation and fulfillmentArt. 6(1)(b) — contract performance
Push notification tokenSending notifications you opted intoArt. 6(1)(a) — consent
Payment processing via StripeProcessing purchasesArt. 6(1)(b) — contract performance
On-device token storageMaintaining your login sessionArt. 6(1)(f) — legitimate interest

6. Data Sharing

We share data only with the following third-party processors:

  • Stripe, Inc. — for payment processing. Stripe's privacy policy
  • 820 Labs, Inc. — for push notification delivery. Privacy policy
  • Apple Inc. / Google LLC — for app distribution via App Store and Google Play

We do not sell your data. We do not share data with advertisers. We do not use third-party analytics or tracking services.

7. Data Storage and Security

  • Your data is stored on servers located in Germany
  • All communication between the app and our servers is encrypted via HTTPS/TLS
  • Passwords are hashed using Argon2 and are never stored in plain text
  • Authentication tokens are stored in platform-provided secure storage on your device

8. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are legally required to retain it (e.g., invoices under German tax law must be retained for 10 years).

9. Your Rights (GDPR)

As a user, you have the right to:

  • Access your personal data (Art. 15 GDPR)
  • Correct inaccurate data (Art. 16 GDPR)
  • Delete your account and data — "right to be forgotten" (Art. 17 GDPR)
  • Restrict processing of your data (Art. 18 GDPR)
  • Export your data in a portable format (Art. 20 GDPR)
  • Withdraw consent for push notifications at any time (Art. 7(3) GDPR)
  • Object to data processing (Art. 21 GDPR)
  • Lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise these rights, contact us at info@thecasebydante.de.

10. Push Notifications

Push notifications are optional. You can enable or disable them at any time through your device settings. If disabled, we delete your push notification token from our servers.

11. Children

THE CASE is not directed at children under 16. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, contact us and we will delete it.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes through the app or via email. The "Last updated" date at the top of this policy reflects the most recent revision.

13. Contact and Supervisory Authority

For privacy-related questions:

DNT83 UG (haftungsbeschränkt)
Rathsbergstrasse 70
90411 Nürnberg, Germany
info@thecasebydante.de

Supervisory authority:
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.