PRIVACY POLICY

Last updated June 23, 2026

This Privacy Notice for Dumke Ventures UG (haftungsbeschränkt) ("we," "us," or "our"), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

  • Download and use our mobile application (Truvi), or any other application of ours that links to this Privacy Notice
  • Engage with us in other related ways, including any marketing or events

We are the controller responsible for your personal information. Our full legal notice (Impressum) is available at /impressum.

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at [email protected].

SUMMARY OF KEY POINTS

This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.

Do we process any sensitive personal information? We do not intentionally collect special categories of personal data, and we do not collect photographs or biometric data. If you choose to save dietary preferences or restrictions in the app, we process them only to provide the feature to you. Learn more.

Do we collect any information from third parties? We may receive limited information about you from third parties such as the app stores and our payment, analytics, and advertising providers — for example, your subscription status. Learn more.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information.

In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties. Learn more about when and with whom we share your personal information.

Do we offer AI-based products? Yes. Truvi uses automated and AI/algorithmic analysis to assess product ingredients and generate a processing score. Learn more about our AI products.

How do we keep your information safe? We have adequate organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Learn more about how we keep your information safe.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information, including the right to lodge a complaint with a supervisory authority. Learn more about your privacy rights.

How do you exercise your rights? The easiest way to exercise your rights is by managing your account within the App or by contacting us at [email protected]. We will consider and act upon any request in accordance with applicable data protection laws.

Want to learn more about what we do with any information we collect? Review the Privacy Notice in full.

TABLE OF CONTENTS

  1. WHAT INFORMATION DO WE COLLECT?
  2. HOW DO WE PROCESS YOUR INFORMATION?
  3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
  4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
  5. WHAT IS OUR STANCE ON THIRD-PARTY WEBSITES?
  6. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
  7. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?
  8. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
  9. HOW LONG DO WE KEEP YOUR INFORMATION?
  10. HOW DO WE KEEP YOUR INFORMATION SAFE?
  11. WHAT ARE YOUR PRIVACY RIGHTS?
  12. CONTROLS FOR DO-NOT-TRACK FEATURES
  13. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
  14. DO WE MAKE UPDATES TO THIS NOTICE?
  15. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
  16. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, use the app, contact us, or otherwise interact with the Services. The personal information we collect may include the following:

  • email address
  • display name (if you provide one)
  • usernames, passwords, and contact or authentication data
  • the barcode numbers (EAN/UPC) of products you scan and your scan history
  • any dietary preferences or restrictions you choose to save

Sensitive Information. We do not intentionally collect special categories of personal data. If you choose to save dietary preferences or restrictions — which in some cases could reveal health-related information — we process them only with your consent and solely to provide the feature to you.

We do not collect photographs, facial images, or biometric data. Truvi analyzes product barcodes and ingredient data, not your body.

Payment Data. If you make purchases, all payment processing and payment card data are handled and stored by Apple, Google, and RevenueCat; we do not collect or store your full payment card number.

Usage and Device Data. We and our service providers may automatically collect information such as your device type and operating system, app version, language settings, IP address, and aggregated usage and diagnostics information. This is used to maintain the security and operation of the Services, for troubleshooting, and for internal analytics.

Information from third parties. We may receive limited information from the app stores and our payment, analytics, and advertising providers (such as Apple, Google, and RevenueCat) — for example, your subscription or purchase status.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

  • To facilitate account creation and authentication and otherwise manage user accounts.
  • To deliver and facilitate delivery of services to the user, including generating product assessments from the barcodes you scan.
  • To process your purchases and manage your subscriptions.
  • To send you administrative and, where you have consented, marketing communications.
  • To protect our Services, including for fraud prevention, security, and to maintain the safe operation of the App.
  • To improve our Services through analytics and diagnostics.
  • To comply with legal obligations and to establish, exercise, or defend legal claims.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?

In Short: We process your personal information only when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law.

If you are located in the EU or EEA, the General Data Protection Regulation (GDPR) requires us to explain the valid legal bases we rely on to process your personal information. As such, we may rely on the following legal bases:

  • Consent (Art. 6(1)(a) GDPR). We may process your information if you have given us permission to use it for a specific purpose. We will obtain your explicit consent (Art. 9(2)(a) GDPR) where we process any special categories of personal data, and you may withdraw your consent at any time.
  • Performance of a contract (Art. 6(1)(b) GDPR). We process information necessary to provide the Services you have requested, including operating the app’s features and managing your account and subscriptions.
  • Legitimate interests (Art. 6(1)(f) GDPR). We may process your information where necessary for our legitimate interests, such as securing our Services, preventing fraud, and improving our Services, provided those interests are not overridden by your rights and freedoms.
  • Legal obligations (Art. 6(1)(c) GDPR). We may process your information where necessary to comply with our legal obligations, such as retaining transaction records.
  • Vital interests (Art. 6(1)(d) GDPR). We may process your information where necessary to protect your vital interests or those of a third party.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share information with the service providers (processors) listed below to operate the Services. We do not sell your personal information.

We may share your personal information with the following categories of third parties, who act as our processors or independent controllers and are bound to protect your information:

  • App stores and payment/subscription providers: Apple, Google, and RevenueCat — to deliver the App, process purchases, and manage subscriptions.
  • Cloud hosting and infrastructure providers: to host the App, our websites, and the backend that generates your readings and visualizations (our website is served via Cloudflare).
  • AI service providers: to look up product information and to generate product assessments (see Section 7).
  • Product information providers: third-party product and ingredient databases used to look up the items you scan.
  • Analytics and advertising providers: such as Google, to measure and improve our Services and marketing.
  • Professional advisers and authorities: where required to comply with law, enforce our terms, or protect rights, property, or safety.
  • Business transfers: in connection with any merger, sale of company assets, financing, or acquisition.

5. WHAT IS OUR STANCE ON THIRD-PARTY WEBSITES?

In Short: We are not responsible for the safety of any information that you share with third parties that we may link to or who advertise on our Services, but are not affiliated with, our Services.

The Services may link to third-party websites, online services, or mobile applications. We cannot guarantee the safety and privacy of data you provide to any third parties. Any data collected by third parties is not covered by this Privacy Notice. We are not responsible for the content or privacy and security practices and policies of any third parties. You should review the policies of such third parties and contact them directly with any questions.

6. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may use cookies and other tracking technologies to collect and store your information.

On our websites we use cookies and similar technologies (such as pixels and SDKs), including Google advertising and conversion-measurement tags, to operate and secure the site, to remember your preferences, and to measure the performance of our marketing. Where required by applicable law (including § 25 of the German Telecommunications-Digital-Services Data Protection Act, TDDDG), we store or read non-essential information on your device only with your consent, which you can give or withdraw through our cookie banner.

Within the App, our service providers may use device identifiers and similar technologies for analytics, security, and subscription management. You can manage certain device-level tracking permissions through your device settings.

7. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?

In Short: Yes. We use automated and AI-based processing to assess products, and we are transparent about it.

Truvi uses automated processing, including artificial intelligence and algorithmic analysis, to interpret the ingredients of products you scan and to generate a processing/health assessment or score. This may be performed using third-party AI and cloud service providers, who process the relevant inputs on our behalf solely to produce the output you request.

These assessments are generated automatically and are provided for general information only. They can be inaccurate or incomplete and are not medical, nutritional, or dietary advice. We do not use your personal information to train third-party foundation models, and we do not collect or process your photograph or biometric data.

8. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

In Short: We may transfer, store, and process your information in countries other than your own.

Some of our service providers — including Apple, Google, RevenueCat, and certain cloud and AI providers — are located in or may process your information in the United States or other countries outside the EEA. These countries may not have data protection laws equivalent to those in your jurisdiction. Where we transfer personal information outside the EEA, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses and/or the recipient's certification under the EU–U.S. Data Privacy Framework (and its UK and Swiss extensions), to ensure your information receives an adequate level of protection. You may request a copy of the relevant safeguards by contacting us at [email protected].

9. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.

We keep your account information and the birth details associated with your account for as long as your account is active. When you delete your account, we delete or anonymize your personal information within a reasonable period, except where we are required to retain it to comply with legal obligations — for example, transaction and invoice records, which we retain for the statutory retention periods under German tax and commercial law (generally up to 10 years pursuant to § 147 AO and § 257 HGB). When we have no ongoing legitimate business need or legal obligation to process your personal information, we will delete or anonymize it.

10. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. You should only access the Services within a secure environment.

11. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: Depending on your location, you have rights that allow you greater access to and control over your personal information.

If you are located in the EEA or UK, you have the following rights under applicable data protection law: the right to request access to and a copy of your personal information (Art. 15 GDPR); to request rectification (Art. 16) or erasure (Art. 17); to restrict processing (Art. 18); to data portability (Art. 20); and to object to processing (Art. 21). Where we process your information based on consent, you have the right to withdraw your consent at any time (Art. 7(3)); withdrawal does not affect the lawfulness of processing before the withdrawal.

Right to complain. You also have the right to lodge a complaint with a data protection supervisory authority. Our competent authority is Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg (LDA Brandenburg) (website: lda.brandenburg.de). You may also contact the supervisory authority in your country of habitual residence.

To exercise any of these rights, manage your account within the App or contact us at [email protected]. We may need to verify your identity before responding to a request.

12. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.

13. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: If you are a resident of certain US states, you may have additional rights regarding your personal information.

Depending on your state of residence, you may have the right to request access to the personal information we collect, to request deletion or correction of that information, and to opt out of certain processing. We collect the categories of personal information described in Section 1 for the business purposes described in this notice. We do not "sell" your personal information and we do not share it for cross-context behavioral advertising in exchange for money. To exercise your rights, contact us at [email protected]. We will not discriminate against you for exercising your rights.

14. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last updated" date and the updated version will be effective as soon as it is accessible. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

15. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at [email protected] or contact us by post at:

Dumke Ventures UG (haftungsbeschränkt)
Ebersprung 2
16321 Bernau
Germany

Managing Director (Geschäftsführer): Tom Dumke. Our full legal notice is available in our Impressum.

16. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

You have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To review, update, or delete your personal information — including deleting your account and its associated data — please use your account settings within the App, or email us at [email protected].