Thalesto
Home

Privacy

These privacy notes describe in a compact form how Thalesto processes personal data. The app supports the organization of a search for psychotherapeutic care and does not provide medical advice.

This English version is provided for convenience. The German version remains the primary reference.

Controller

Amir Qaud
Auäckerweg 8
76297 Stutensee
Email: support@thalesto.de
Phone: 0176 63709107

Data processed

  • Account and sign-in data, especially technical login identifiers
  • Search profiles such as city, district, therapy type and optional advanced filters
  • Feedback about practices, waiting lists, first appointments and contact corrections
  • Push and device settings, especially Firebase registration tokens and technical platform assignment
  • Support, feedback and tester communication by email
  • Technical server, security and backup data

Purposes

  • Providing the app and the account
  • Showing practices and time windows according to your search profile
  • Documenting search progress
  • Improving practice data through community feedback
  • Sending notifications
  • Error analysis, security and support

Legal bases

Where data is required to provide the app, processing is based in particular on Art. 6(1)(b) GDPR. For security and operational purposes, Art. 6(1)(f) GDPR may also apply. Where health-related data is processed, this should additionally be based on explicit consent. This consent is technically recorded during setup or in the app privacy settings.

Sign-in and identity data

Depending on the platform, Thalesto uses Google Sign-In or, later, Apple Sign In. In particular, unique technical user identifiers are processed. If the respective login provider transmits an email address, it is not stored in plain text in the backend, but as a server-side HMAC hash. This allows the account to be assigned technically without permanently storing the login email in readable form in the database.

Service providers

Depending on the feature, hosting, email, push and login services are used, currently mainly Contabo, IONOS, Google Sign-In and Firebase. Apple Sign In is planned for a later iOS version.

Based on the current state, IONOS is used only for support emails and contact communication. This may include sender address, recipient address, subject, email content and voluntarily sent attachments. The app backend, database, push and login do not run through IONOS.

Google Sign-In is currently used for sign-in in the Android app. Firebase Cloud Messaging is used for push notifications. The technical Firebase data payload is limited to a few technical fields such as notification type, job ID, count and collapse key. Visible push texts may still contain organizational information, such as city or district, therapy type, time window or waiting-list notes. Firebase Analytics, Crashlytics, Firestore, Firebase Storage, Firebase Auth and Remote Config are currently not used.

According to current support information, Contabo operates the VPS in Lauterbourg. VPS auto backups are stored within the EU/EEA according to support and include up to 10 daily restore points. With Google/Firebase, processing outside the EU/EEA cannot be ruled out depending on the service and technical processing; the relevant Google/Firebase documentation is used for this.

Support and error analysis

If you voluntarily send us screenshots, error reports or exports, these data may be processed for error analysis. For quality assurance, technical optimization and support, external development tools such as Codex, ChatGPT or OpenAI may temporarily be used in individual cases. This does not happen during regular app use and is handled as data-sparingly as possible.

Website

The landing page at thalesto.de currently runs without tracking cookies, newsletter or login.

If you voluntarily contact us as an Android tester, we process your email address, where applicable your Google Play email address, your city or test region and your voluntary message only to organize the test, invite you through Google Play and communicate about feedback. Please do not send diagnoses, medical findings or personal health details by email.

Your rights

You have rights including access, rectification, deletion, restriction, objection, data portability and withdrawal of consent. For requests, contact support@thalesto.de.

You may withdraw your consent to processing health-related information for the future. Because Thalesto cannot be used meaningfully without information about the search profile, feed, waiting list, protocol and notifications, withdrawal is implemented in the app through Profile > Privacy > Withdraw consent and the Delete my data function.

Account deletion

Information about account deletion, data export and backup rotation is available under Data deletion.