Privacy Policy

Last updated: April 7, 2026

1. Introduction

This Privacy Policy explains how Bjoern Olausson ("Provider", "we", "us") collects, uses, and protects personal data in connection with our software products: Android Sync for Proton and Mail Checker for Proton Mail. We are committed to protecting your privacy in compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telemedia and Telecommunications Data Protection Act (TDDDG).

2. Data Controller

Bjoern Olausson
Martha-Brautzsch-Str. 13
06108 Halle (Saale)
Germany
Email: mail+legal@olausson.de
Website: https://olausson.de

3. Data We Collect

3.1 Purchase and Account Data (processed by Paddle)

When you purchase our products, our payment processor Paddle.com Market Limited ("Paddle") collects and processes the following data as an independent data controller:

- Name and email address
- Billing address
- Payment information (credit card, PayPal, etc.)
- Transaction details and invoice data
- IP address and device information for fraud prevention
- VAT/tax identification numbers where applicable

Paddle's privacy policy applies to this data: https://www.paddle.com/legal/privacy

We receive from Paddle: your email address, country, transaction ID, product purchased, and subscription status. We use this data to manage your license and provide customer support. The legal basis is Art. 6(1)(b) GDPR (performance of a contract).

3.2 Android Sync for Proton

This app processes the following data locally on your device:

- Proton Mail account credentials (username, authentication tokens) – stored securely on device using the Android Account Manager
- Contact data (names, phone numbers, email addresses, addresses, photos, organizations, birthdays, notes, and other contact fields) – synced between your device and your Proton Mail account
- Calendar data (event titles, descriptions, locations, dates, times, recurrence rules, reminders, attendees) – synced between your device and your Proton Mail account

Important: All contact and calendar data is transmitted exclusively between your device and Proton's servers using end-to-end encryption (PGP for contacts, calendar-specific keys for events). We do not have access to, collect, store, or process any of your contact, calendar, or authentication data on our servers. The app does not contain any analytics, telemetry, or tracking functionality.

3.3 Mail Checker for Proton Mail

This extension processes the following data locally in your browser:

- Proton Mail account credentials (username, session tokens) – encrypted locally using AES-256-GCM and stored in the browser's extension storage
- Email metadata (subject lines, sender addresses, timestamps, read status, labels, folders)
- Email content (message bodies, decrypted client-side using OpenPGP.js)
- Contact data (for recipient autocomplete when composing)
- Extension settings and preferences (notification preferences, polling intervals, UI settings)

Important: All communication occurs exclusively with Proton's servers (*.proton.me). Authentication uses Proton's Secure Remote Password (SRP-6a) protocol; your password is never transmitted in plaintext. All decryption happens locally in your browser. The extension does not contact any external servers, does not include analytics or telemetry, and does not track your browsing activity.

4. Data We Do NOT Collect

To be explicit, we do NOT:

- Operate any servers that receive, store, or process your personal data (beyond what Paddle provides for license management)
- Collect analytics, telemetry, or usage statistics
- Track your location or browsing behavior
- Share, sell, or transfer personal data to third parties (other than Paddle as described above)
- Use cookies or similar tracking technologies
- Process data for profiling or automated decision-making

5. Purpose and Legal Basis for Processing

We process data for the following purposes:

(a) License management and customer support – We use transaction data received from Paddle to verify your license and provide support. Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

(b) Communication – We may use your email address to send important product notifications (security updates, breaking changes, end-of-life notices). Legal basis: Art. 6(1)(f) GDPR (legitimate interest in keeping customers informed about critical product matters).

(c) Legal compliance – We may process data as required by German tax and commercial law. Legal basis: Art. 6(1)(c) GDPR (legal obligation).

6. Data Retention

- Transaction data received from Paddle: Retained for the duration of your license and for up to 10 years thereafter as required by German tax retention obligations (Section 147 AO, Section 257 HGB).
- Support correspondence: Retained for up to 3 years after the last interaction, unless longer retention is required by law.
- Local app/extension data: Stored on your device only. Deleted when you uninstall the app or extension, or remove your account from the app.

7. Data Sharing

We share personal data only with:

(a) Paddle.com Market Limited – Our Merchant of Record for payment processing. Paddle acts as an independent data controller for payment data. Paddle is based in the UK and complies with GDPR through UK adequacy arrangements.

(b) Law enforcement or regulatory authorities – Only if required by applicable German or EU law.

We do not sell personal data. We do not share personal data with advertisers or marketing companies.

8. International Data Transfers

Your purchase data may be processed by Paddle in the United Kingdom. The European Commission has recognized the UK as providing an adequate level of data protection. No other international data transfers occur, as our products process all user data locally on your device.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

(a) Right of access (Art. 15 GDPR) – You may request information about what personal data we process about you.

(b) Right to rectification (Art. 16 GDPR) – You may request correction of inaccurate data.

(c) Right to erasure (Art. 17 GDPR) – You may request deletion of your data, subject to legal retention obligations.

(d) Right to restriction of processing (Art. 18 GDPR) – You may request that we restrict processing of your data under certain circumstances.

(e) Right to data portability (Art. 20 GDPR) – You may request your data in a structured, commonly used, machine-readable format.

(f) Right to object (Art. 21 GDPR) – You may object to processing based on legitimate interests at any time, for reasons arising from your particular situation.

(g) Right to withdraw consent (Art. 7(3) GDPR) – Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at mail+legal@olausson.de. We will respond within one month as required by law.

10. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. The competent authority is the Landesbeauftragter fuer den Datenschutz Sachsen-Anhalt, Leiterstr. 9, 39104 Magdeburg, Germany (https://datenschutz.sachsen-anhalt.de).

11. Data Security

We implement appropriate technical and organizational measures to protect data:

- All data transmission between our products and Proton's servers uses end-to-end encryption
- Authentication credentials are stored securely on your device using platform-provided security mechanisms (Android Account Manager, browser encrypted storage with AES-256-GCM)
- Our products do not store data on external servers
- We regularly update our products to address security vulnerabilities

12. Children's Privacy

Our products are not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through our product interfaces at least 30 days before taking effect. The date at the top of this policy indicates the most recent revision.

14. Contact

For questions about this Privacy Policy or to exercise your data protection rights:

Bjoern Olausson
Martha-Brautzsch-Str. 13
06108 Halle (Saale)
Germany
Email: mail+legal@olausson.de
Website: https://olausson.de