Privacy Policy
This Privacy Policy informs you about the nature, scope and purpose of the processing of personal data in connection with the use of the Journew app (hereinafter the “App”) and about your rights under the EU General Data Protection Regulation (GDPR).
Your travel data (e.g. trips, activities and tickets) is generally stored locally on your device; the developer has no access to it. For certain features — such as loading recommended content — a limited amount of data is transmitted to the developer. The details are set out in this Policy.
Contents
- Controller
- Scope
- Principles of data processing
- Storage of travel data (local and iCloud)
- Sharing trips
- Map display and location
- Loading of additional content
- Legal bases of processing
- Recipients and processors
- Data transfers to third countries
- Retention period
- Your rights as a data subject
- Right to lodge a complaint with a supervisory authority
- Data security
- Target audience of the App
- Changes to this Privacy Policy
1. Controller
The controller within the meaning of the GDPR and other data protection provisions, hereinafter also referred to as the “developer”, is:
Tobias Klüver Rethelstr. 34 40237 Düsseldorf, Germany Email: datenschutz@journew-app.com
2. Scope
This Privacy Policy applies to the use of the Journew app on Apple devices. It does not apply to third-party services (e.g. Apple/iCloud) referred to in this Policy, which are subject to their own privacy policies.
3. Principles of data processing
The App is designed to process as little personal data as possible. The travel content you create in the App generally remains within your own sphere of control — either exclusively on your device or, if you use iCloud, in your personal iCloud account. The developer does not collect, store or process this travel content on its own servers and has no access to it.
Only for the loading of additional content (see Section 7) is limited, anonymised data transmitted to a server operated by the developer.
4. Storage of travel data (local and iCloud)
4.1 Local storage
All travel data you create in the App is initially stored locally on your device. As long as iCloud synchronisation is not enabled, this data does not leave your device.
4.2 iCloud synchronisation
If iCloud is enabled, the data is automatically synchronised to a private database in your iCloud account using Apple infrastructure (iCloud/CloudKit). The following applies:
- Only the respective iCloud account itself can access the data in the private database.
- Access by the developer or other third parties is not possible via this route.
- Synchronisation for the App can be disabled at any time in the device’s iCloud settings.
iCloud is provided by Apple (see Section 9). Apple’s privacy policy additionally applies to the processing of your data in iCloud.
4.3 Deletion of data
You can delete your data at any time:
- via the settings within the App, and
- in the device’s iCloud settings, if you use synchronisation.
5. Sharing trips
If iCloud is enabled, you may share individual trips with other people. The following applies to sharing:
- When a trip is shared, invited users gain access to all data associated with that trip, including:
- travel dates,
- destination,
- planned activities,
- stored tickets.
- When a trip is shared with others, it is removed from the private database and transferred to a shared database to which all invited users have joint access.
- Depending on your settings, invited users may either only view or also modify this data.
- When sharing is ended, the users concerned lose access to the shared database. If the trip is no longer shared with anyone, it is transferred back to the private database of your iCloud account.
Note on residual data on devices of formerly invited users: Data relating to a trip that was stored on the devices of (formerly) invited users is only deleted after the App is next launched on the respective device. It cannot be ruled out that, due to technical circumstances, data may remain on those devices and be readable — for example, if a device has no internet access and the App is opened before the information about the termination of sharing could be retrieved.
Your responsibility when sharing: You decide on your own responsibility with whom you share a trip. You are responsible for ensuring that the disclosure of the data concerned is permitted and that you only share with persons to whom such disclosure is allowed.
6. Map display and location
To display destinations and activities, the App shows map material via Apple frameworks (Apple Maps / MapKit). The processing associated with the map display is carried out by Apple; Apple’s privacy policy additionally applies.
No location access: The App does not request your location and does not process any location data.
7. Loading of additional content
When using the App, additional content is loaded, for example recommended activities and popular destinations. This content is provided by a server operated by the developer.
The following data is transmitted to the developer and stored and processed by the developer in anonymised form — without any link to your person and without storing the IP address:
- device type,
- operating system and operating system version,
- App version used,
- destination as well as travel dates (start and end).
The following data is transmitted to the developer but not stored:
- IP address.
Use of Cloudflare: Cloudflare is used as a content delivery network and proxy in front of the developer’s server to deliver the additional content. In doing so, Cloudflare processes the IP address in order to forward the request, deliver the content and ensure security (e.g. protection against attacks). The provider is Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. The data stored by the developer is processed on servers within the EU/EEA. Processing of connection data by Cloudflare outside the EU cannot be ruled out; any such transfers are safeguarded by appropriate guarantees (standard contractual clauses). Further information: https://www.cloudflare.com/privacypolicy/
Legal basis: The loading of additional content and the associated data transmission take place on the basis of your consent (Art. 6(1)(a) GDPR). You may withdraw this consent at any time with effect for the future.
8. Legal bases of processing
Insofar as the developer processes personal data, this is done on the following legal bases:
- Art. 6(1)(b) GDPR (provision of the App’s contractual functions): for the local storage and management of your travel data and the basic functions of the App.
- Art. 6(1)(a) GDPR (consent): for iCloud synchronisation, the sharing of trips and the loading of additional content including the associated data transmission. You may withdraw any consent given at any time with effect for the future (e.g. by disabling synchronisation, ending sharing or disabling additional content).
- Art. 6(1)(f) GDPR (legitimate interests): for the display of map material and for ensuring the technical security and functionality of the App.
9. Recipients and processors
The developer has no access to your travel content; it remains locally on your device or in your iCloud account. For the loading of additional content, the developer operates a server within the EU/EEA; the data processed in this context is described in Section 7.
The following recipients may be involved in connection with the features described:
- Apple (iCloud, CloudKit, Apple Maps / MapKit): When iCloud synchronisation is enabled and when trips are shared, your data is stored in your iCloud account or in a shared iCloud database; map material is also provided via Apple services. The provider is Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA, or, for users in the European Economic Area, Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland. Privacy policy: https://www.apple.com/legal/privacy/
- Cloudflare (content delivery network / proxy): for delivering the additional content and securing the requests (see Section 7). The provider is Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. Privacy policy: https://www.cloudflare.com/privacypolicy/
Insofar as the provision of App features constitutes processing on behalf of the controller within the meaning of Art. 28 GDPR, such processing takes place on the basis of corresponding agreements.
10. Data transfers to third countries
The data stored by the developer in connection with additional content is processed on servers within the EU/EEA.
When using services provided by Apple (in particular iCloud) and Cloudflare, data may nevertheless be processed in countries outside the European Union, in particular in the USA. According to their own statements, these providers base such transfers on appropriate safeguards within the meaning of Art. 44 et seq. GDPR (e.g. standard contractual clauses). Please refer to the providers’ respective privacy policies for details.
11. Retention period
Your travel content is stored for as long as you keep it in the App or in iCloud. You determine the retention period yourself by deleting data via the App or via the iCloud settings (see Section 4.3). Section 5 applies to any residual data on devices of formerly invited users.
The data stored in anonymised form in connection with additional content (see Section 7) is processed without any personal reference; the IP address is not stored by the developer.
12. Your rights as a data subject
Subject to the statutory requirements, you have the following rights:
- Access (Art. 15 GDPR) to the personal data concerning you that is processed by the controller,
- Rectification of inaccurate data (Art. 16 GDPR),
- Erasure (Art. 17 GDPR),
- Restriction of processing (Art. 18 GDPR),
- Data portability (Art. 20 GDPR),
- Objection to processing (Art. 21 GDPR), and
- Withdrawal of consent with effect for the future (Art. 7(3) GDPR).
Since the developer has no access to your travel content stored locally or in iCloud, you can exercise many of these rights directly yourself — for example by viewing, changing or deleting the data in the App or in the iCloud settings. To exercise your rights vis-à-vis the controller, you may contact the contact details set out in Section 1 at any time.
13. Right to lodge a complaint with a supervisory authority
Without prejudice to any other remedies, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement. The supervisory authority responsible for the controller is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW) Kavalleriestraße 2–4 40213 Düsseldorf, Germany Email: poststelle@ldi.nrw.de Website: https://www.ldi.nrw.de
14. Data security
The developer takes appropriate technical and organisational measures within the App to protect your data. The security of the storage and transmission of data in iCloud is furthermore governed by Apple’s security measures. Please note that the security of your data also depends on how well your device and your Apple Account are protected (e.g. device passcode, two-factor authentication).
15. Target audience of the App
The App is intended exclusively for adults aged 18 and over. It is not intended for use by minors.
16. Changes to this Privacy Policy
The developer reserves the right to amend this Privacy Policy so that it always complies with current legal requirements or to reflect changes to the App’s features. Continued use requires renewed consent within the App.
Last updated: 19 June 2026