Lessign
Lessign
GDPR Compliant

Privacy Policy

Effective Date: October 18, 2025Last Updated: October 18, 2025Version: 1.1

1. Introduction

Welcome to Lessign.com (“we”, “our”, “us”). We are committed to privacy by design. The AI Detox mobile app processes data fully on-device and does not transmit app data to us. Our website is informational; we set no cookies and run no tracking.

This page provides general information and does not constitute legal advice.

2. Controller (Art. 13(1)(a) GDPR)

Name: Lessign — Elias Anderlohr

Address: Heidestraße 23, 60316 Frankfurt am Main, Deutschland

Email: contact@lessign.com

Impressum: /impressum

EU Representative (Art. 27): Not applicable (established in Germany, EU)

Data Protection Officer: Not appointed (not legally required based on our processing activities)

3. Scope & Summary

  • App (AI Detox): On-device only. No server connection. No analytics. No tracking. No cookies. No data transmitted to us.
  • Website (lessign.com): Hosted by STRATO GmbH in Germany. No cookies. No tracking. Security-only server logs by the host.

4. App: Zero Remote Collection

AI Detox does not transmit personal data to us. The app operates fully offline.

  • No servers, backend, or HTTP(S) requests
  • No analytics, telemetry, crash reporting, or advertising SDKs
  • No accounts, logins, or authentication
  • No access to contacts, location, camera, or sensors

5. App: Local Storage Only

AI Detox stores minimal app state locally via iOS UserDefaults / Android SharedPreferences, never transmitted.

  • App usage state (current app in use to trigger cognitive challenges)
  • Knowledge Points counts for completed challenges
  • Challenge completion timestamps and totals

Deleting the app removes this data from your device.

6. App: Network & Permissions

  • No network communication or cloud sync (no iCloud/Google Drive)
  • No third-party SDKs integrated
  • Minimal, optional usage access permissions to trigger challenges; processing remains on-device. If you deny permissions, related features may not work.

7. App: Legal Bases

We do not receive your app data. To the extent GDPR applies to on-device processing, the legal basis is Art. 6(1)(b) GDPR (performance under the EULA) and/or Art. 6(1)(f) (legitimate interests in providing core functionality).

8. Website Visits: Server Logs (Art. 6(1)(f))

Our host STRATO GmbH processes standard server logs for security and availability. We set no cookies and run no analytics.

  • Data: IP address, date/time, URL, referrer, user-agent, HTTP status, bytes sent
  • Purpose: operate, secure, and troubleshoot the site; detect abuse/attacks
  • Retention: IPs in logfiles stored by STRATO for up to 7 days; extended only to investigate incidents
  • Location: Data centers in Germany (Berlin and Karlsruhe)

9. Contact via Email

If you contact us at contact@lessign.com, we will receive your message and any personal data you include (e.g., name, email address, message content). We process this solely to respond to your inquiry.

  • Legal basis: Art. 6(1)(b) GDPR (pre-contractual/contract communication) or Art. 6(1)(f) GDPR (legitimate interests in communication)
  • Retention: Only as long as necessary to handle your request or as required by law

10. Service Providers (Art. 28, 13(1)(e))

  • Hosting: STRATO GmbH, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany. Region: Germany (EU/EEA). DPA available (latest public version 3.5, 18.03.2024).
  • Domain registrar / DNS: GoDaddy Operating Company, LLC. EU privacy contact: Friesenplatz 4, 50672 Köln, Germany; global HQ: Tempe, AZ, USA. DPA available.
  • Where providers or their sub-processors are outside the EU/EEA, transfers are covered by EU Standard Contractual Clauses and supplementary measures.

11. International Transfers (Art. 44–49)

Hosting is located in Germany. Domain and DNS services from GoDaddy may involve global infrastructure. If a transfer to a non-EEA country occurs, safeguards apply: adequacy decisions or EU SCCs plus technical and organizational measures.

12. Security Measures (Art. 32)

  • TLS (HTTPS) for website transport; encryption at rest at providers where available; STRATO data centers ISO 27001 certified
  • Least-privilege access, authentication controls, updates and patching, hardened configurations
  • Logging and alerting by host; incident handling; backups with access controls
  • Vendor due diligence and DPAs with processors

13. Data Sources & Requirement

App data originates from your device and remains there. Website logs originate from your browser request. You are not required to provide personal data to use the app or read this page.

14. Your Rights (GDPR)

You can request access, rectification, erasure, restriction, portability, and object to processing. We respond within one month and may verify identity. Since we generally do not collect or store personal data via the website or app, these rights will typically be limited in scope; however, you can always contact us.

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)

15. Complaint (Art. 13(2)(d))

You can lodge a complaint with a supervisory authority. Competent authority for our seat:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany, https://datenschutz.hessen.de. You may also contact your local authority.

16. Children & Automated Decisions

  • We do not use automated decision-making or profiling.
  • The app has no age restrictions, but is not directed at children under 16. We do not knowingly collect data from children.

17. Contact

Lessign

Address: Heidestraße 23, 60316 Frankfurt am Main, Deutschland

Email: contact@lessign.com

Website: https://lessign.com

18. Changes

We update this policy when legal or technical changes occur. The current version is published here.

Summary

CategoryStatusDetails
App personal data sent to us❌ NoneOn-device only
App local storage✅ Device onlyCoins, challenges, app state
App analytics/tracking/SDKs❌ NoneNo telemetry, no ads
Website cookies❌ NoneNo banner needed
Website server logs✅ Security onlySTRATO logs IPs ≤ 7 days
International transfersPossible via DNSSCCs/adequacy if used
EU GDPR AlignedGerman BDSGePrivacy (no cookies)Privacy-first • Built with Next.js