lingr

Privacy Policy

Last updated: 11 June 2026

1. Controller

The controller for data processing on this website and in the lingr app is:

Johannes Lenz
Auenstr. 68, 80469 München, Germany
Email: datenschutz@lingr.online

2. Collection and processing of personal data

2.1 When visiting the website

We host lingr.online on Cloudflare Pages. As part of delivery, Cloudflare temporarily processes the following data:

  • IP address (anonymised after 24h)
  • Date and time of the request
  • Browser type and version, operating system
  • Referrer URL

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure, performant delivery). Details: Cloudflare Privacy Policy.

2.2 At registration & in your profile

lingr is exclusively for people aged 18 and over. When registering and maintaining your profile, we process:

  • Email address (for login and communication)
  • Password (stored only as a hash, never in plain text)
  • Username, bio and profile/album photos
  • Date of birth (for age verification; only your age is shown publicly later)
  • optional profile details: account/relationship type (single/couple), relationship status, height, weight, body type, "tribes", interests/tags, status
  • approximate location (only with your consent; city/district, in a separate table — your exact GPS position is never shown to other users)

Legal basis: Art. 6(1)(b) GDPR (performance of the usage contract). For special categories of data (incl. sexual orientation, health), section 2.4 additionally applies.

2.3 During app usage

  • Connections and requests (who you're connected with), favourites, blocks
  • Chat messages and photos shared within them (transmitted via TLS, stored in the database with strict access control — only chat participants have access)
  • Pulses, vouches (authenticity confirmations), profile visits
  • Events: events you create, applications/participations, ratings, event chats
  • reports you submit and the moderation status of your photos
  • push device token (linked to your account, for notifications)

Public photos pass through automatic content moderation (on-device) before publication. You share private-album photos with specific contacts only and can revoke access at any time.

Legal basis: Art. 6(1)(b) GDPR (contract).

2.4 Special categories of personal data (Art. 9 GDPR)

As an app for queer people, where you choose to provide them we process details that belong to the special categories under Art. 9 GDPR and are particularly protected:

  • information about your sexual orientation or sex life (e.g. sexuality, position, "tribes")
  • voluntary health information (e.g. HIV/safer-sex status)

Providing this information is entirely voluntary. Where you do provide it, we process it solely on the basis of your explicit consent (Art. 9(2)(a) GDPR), so that we can provide the core features (profile, discovery, filters). You can change or remove these details at any time in your profile and withdraw your consent with effect for the future; processing up to the withdrawal remains lawful.

2.5 Waitlist & email updates

On lingr.online you can voluntarily join our waitlist to be notified at launch and about important news. For this we process:

  • your email address
  • the time of sign-up and the language version of the site (de/en)
  • where available: information about how you reached us — the campaign tags from the address you opened (UTM parameters such as source/medium/campaign) and the website you visited before (referrer)

This origin information is used solely to evaluate which channels bring sign-ups. We use no tracking pixels and no cross-device profiling for this; the evaluation is based on the address parameters you send along, stored in our own database.

Sign-up uses a double opt-in process: you first receive an email with a confirmation link; only after you click it do we add you to the list. This ensures the address really belongs to you.

The legal basis is your consent (Art. 6(1)(a) GDPR). You can withdraw it at any time with effect for the future — via the unsubscribe link in every email or by messaging datenschutz@lingr.online. We store your address until you withdraw consent — at the latest until three months after the app launches — and delete it afterwards.

We use Klaviyo (see Processors; a US provider, see section 4 on transfers) to send and manage the list; we additionally store the sign-up in our own database at Supabase.

2.6 Our presence on social media (Facebook/Instagram)

We maintain publicly accessible profiles on the social media services Instagram and Facebook (provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland). When you visit or interact with these profiles, Meta processes personal data (e.g. your usage behaviour) and provides us with anonymised statistics about the use of our pages ("Insights"). We have no access to the underlying raw data and no influence over its further processing by Meta.

For the collection of these statistics we are joint controllers together with Meta (Art. 26 GDPR); all other processing is Meta's sole responsibility. The legal basis is our legitimate interest in an appealing public presence and reach analysis (Art. 6(1)(f) GDPR). You can find out which data Meta processes in detail and what rights you have towards Meta in Meta's Privacy Policy.

If you prefer to join the waitlist or send app enquiries in a data-minimising way rather than via social media, please use our form on lingr.online or write to datenschutz@lingr.online. For our advertising on Meta we use no tracking pixels and do not upload any contact lists to Meta; ads are delivered solely by Meta based on interest/audience categories.

3. Processors

We use the following service providers under data-processing agreements pursuant to Art. 28 GDPR:

  • Supabase Inc. (EU region) — database, auth, storage. Hosting in Frankfurt.
  • Klaviyo (Klaviyo, Inc., 125 Summer Street, Boston, MA 02110, USA) — sending and managing the waitlist and newsletter emails. The data processing addendum (DPA) incl. EU Standard Contractual Clauses is automatically part of Klaviyo's terms of service; Klaviyo is also certified under the EU–U.S. Data Privacy Framework.
  • Cloudflare — website hosting, DDoS protection, DNS.
  • Apple Inc. — App Store, push notifications, Sign in with Apple.

4. Transfers to third countries

Where possible, we keep data in the EU. For Apple services (push notifications, App Store purchases) and for sending the newsletter/ waitlist emails via Klaviyo, data is transferred to the USA — in each case on the basis of the EU Standard Contractual Clauses (SCC) and the EU–U.S. Data Privacy Framework.

5. Retention period

  • Active accounts: as long as you use the account
  • Deleted accounts: 30-day recovery window, then irreversible deletion
  • Logs (anonymised): max. 90 days
  • Invoicing data (if any): 10 years (§ 147 German Fiscal Code)

6. Your rights

You have the right at any time to:

  • access the data we store about you (Art. 15 GDPR)
  • rectification of inaccurate data (Art. 16 GDPR)
  • erasure ("right to be forgotten", Art. 17 GDPR)
  • restriction of processing (Art. 18 GDPR)
  • data portability (Art. 20 GDPR)
  • object to the processing (Art. 21 GDPR)
  • withdraw consent given, with effect for the future

You can change many details directly in the app (edit profile) or export them yourself ("Export my data"). For all other requests, send a short email to datenschutz@lingr.online; we respond within the statutory period of one month (Art. 12(3) GDPR).

7. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data-protection supervisory authority at any time — for a company based in Bavaria this is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany.

8. Cookies and tracking

This website sets no tracking cookies, no analytics, no advertising pixels. Fonts are served locally from our own server — no data is transferred to third parties such as Google. Should any cookies be used, they are technically necessary; consent is not required for these (§ 25(2) German TDDDG).

9. Push notifications (in the app)

If you grant push permission, we process the device token issued by the Apple Push Notification service. You can disable push notifications at any time in your iOS settings.

10. Changes to this privacy policy

We reserve the right to adapt this policy if our processing changes or legal requirements evolve. Last change: 11 June 2026.