Privacy Policy

1. Data Controller

The party responsible for data processing on this website/app is:

Mirco Stege
Scanbox 10571
Ehrenbergstr. 16a
10245 Berlin
Germany
E-Mail: [email protected]

2. Data We Collect

When using Still, the following personal data is processed:

2.1 Account Data

• Email address: For identification and login
• Password: Stored encrypted (bcrypt hash)
• Display name: Optional, shown to friends

2.2 Usage Data

• Fasting events: Timestamps when you start fasting/eating
• Fasting templates: Your chosen fasting templates
• Notification settings: Your preferences
• Activity logs: Actions you perform in the app

2.3 Social Data

• Friends/Followers: When you follow other users

2.4 Health Data (Special Category)

Fasting data and derived physiological states (such as ketosis, autophagy, or fat burning) qualify as health data under GDPR Art. 9. This data receives special protection.

• Fasting periods: Start and end timestamps of your fasting sessions
• Physiological signals: Derived states such as ketosis, autophagy, and fat burning phases
• Fasting templates: Your chosen fasting protocols (e.g. 16:8, OMAD)

Processing of health data is based on your explicit consent (GDPR Art. 9(2)(a)). You provide this consent when you first use the app.

You can withdraw your consent at any time from the Settings page. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

3. Legal Basis

Processing is based on the following legal grounds:

• Art. 6(1)(b) GDPR: Contract performance (providing app features)
• Art. 9(2)(a) GDPR: Explicit consent for processing health data (fasting periods, physiological signals)
• Art. 6(1)(f) GDPR: Legitimate interest (improving the app)

4. Cookies and Session Data

Still uses only technically necessary cookies for authentication. These session cookies are required to keep you logged in.

• Session cookie: JWT token for authentication
• Consent cookie: Records your GDPR Art. 9 health data consent status

We do not use: Tracking cookies, advertising cookies, analytics, or third-party cookies.

5. Data Storage

Your data is stored on servers within the EU. Data is retained as long as your account exists.

6. Your Rights

You have the following rights regarding your data:

• Access: Know what data is stored about you
• Rectification: Correct inaccurate data
• Erasure: Delete your data ("right to be forgotten")
• Restriction: Restrict processing
• Data portability: Export your data
• Objection: Object to certain processing

To exercise your rights, contact us at the email address above.

7. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority.

8. Data Security

We implement technical and organizational measures:

• Encrypted transmission (HTTPS/TLS)
• Passwords stored only as hash (bcrypt)
• Regular security updates

9. Changes

This privacy policy may be updated. The current version is always available on this page.