Privacy Policy – iMeter Reader

iMeter Reader (mobile app: iOS, Android, macOS, Windows) · Operator: Ahmad Al Alloush, operator of the iMeter Reader mobile app · Last updated: 01 June 2026 · Version 2.3

This privacy policy describes which personal data is processed when you use the iMeter Reader mobile app, and on what legal basis. The controller is the app's operator (see § 1). The policy complies with the information obligations under Articles 13 and 14 GDPR, § 5 DDG (German Digital Services Act, formerly TMG) and § 25 TDDDG (German Telecommunications-Telemedia Data Protection Act, formerly TTDSG).

Product name note: The app is published in the App Stores under bundle ID imeterrecorder for historical reasons. The current brand and in-app name is iMeter Reader.

Table of contents

  1. Controller and contact
  2. Data Protection Officer (DPO)
  3. Definitions
  4. Categories of data we process
  5. Purposes of processing and legal bases
  6. Recipients and sub-processors
  7. International data transfers (Chapter V GDPR)
  8. Retention periods and erasure
  9. Your rights as a data subject
  10. Right to withdraw consent
  11. Right to lodge a complaint with a supervisory authority
  12. Obligation to provide data
  13. Automated decision-making / profiling
  14. Data security (Art. 32 GDPR)
  15. Cookies and similar technologies (§ 25 TDDDG)
  16. AI-powered features (OCR, contract analysis, chat)
  17. Tariff comparison (CHECK24 widget)
  18. Push messages and reminders
  19. Crash and diagnostic data (Sentry)
  20. Anonymous usage statistics (device telemetry)
  21. Children under 16
  22. Changes to this privacy policy
  23. Annex A — List of sub-processors

1. Controller and contact

The controller within the meaning of Art. 4(7) GDPR is:

Ahmad Al Alloush [NOTE: once the Gewerbeanmeldung for "iMeter Reader" has been completed, prepend "– Geschäftsbezeichnung: iMeter Reader –" and add the Gewerbeschein number below.]

Dietmarstraße 4 · 87463 Dietmannsried · Germany

Email: support@imeterreader.app · Web: https://imeterreader.app

Tax status: small-business (Kleinunternehmer) under § 19 UStG — VAT not charged.

Note: codexo.dev is the operator's technical infrastructure domain (hosting, authentication, API), operated under the iMeter Reader brand; the controller is the operator named above.

For data-protection requests please email: support@imeterreader.app

2. Data Protection Officer (DPO)

The operator of iMeter Reader is not obliged to appoint a DPO under Art. 37 GDPR in conjunction with § 38(1) BDSG:

  • iMeter Reader is operated by a single person — well below the 20-person threshold of § 38(1) sentence 1 BDSG.
  • Core activities do not consist of processing operations that, by virtue of their nature, scope and/or purposes, require regular and systematic monitoring of data subjects on a large scale (Art. 37(1)(b) GDPR).
  • Core activities do not consist of large-scale processing of special categories of personal data (Art. 37(1)(c) GDPR).

Direct data-protection enquiries to the controller at support@imeterreader.app. We confirm receipt within 72 hours and respond within the statutory 30-day period (Art. 12(3) GDPR).

3. Definitions

We use the GDPR's terminology. "Personal data" is any information relating to an identified or identifiable person (Art. 4(1) GDPR), including:

  • IP addresses (CJEU case C-582/14 Breyer),
  • device identifiers such as a per-installation UUID,
  • energy-consumption data when combined with a customer or contract identifier.

4. Categories of data we process

4.1 Account data

  • email address
  • first and last name
  • username
  • pseudonymous user ID (UUID, managed by Keycloak)

4.2 Address and contact (optional, stored in Keycloak)

  • street, house number
  • postal code, city, country
  • mobile phone (when entered; SMS verification is prepared but not yet active)

4.3 Energy data

  • energy supplier, contract number (customer number), tariff type
  • supply address (when you enter it)
  • contract start / end / cancellation deadline
  • price structure (per-kWh, base fee, bonuses, price guarantees)
  • energy mix
  • meter readings (value + date + optional note)
  • derived consumption series (daily, monthly, yearly)
  • free-text notes attached to contracts and readings

4.4 Device and usage data

  • per-installation device UUID (per-install UUID, platform, OS/app version, country also used once for the install count — Art. 6(1)(f), see § 5)
  • platform (iOS / Android / macCatalyst / Windows)
  • operating-system version
  • app version
  • language and country setting
  • on each sync operation: IP address (first hop of X-Forwarded-For), user agent, timestamp, action (push / pull / full / status)
  • aggregated daily statistics: contracts count, readings count, app opens, session minutes

4.5 Photo / document data (transient)

  • meter photos you capture (cropped, EXIF stripped)
  • contract documents you upload (PDF or JPEG/PNG)

→ These image data are not persistently stored on our servers. They live only in memory for the duration of the AI processing and are discarded afterwards (see § 16).

4.6 Diagnostic and crash data

  • stack traces, breadcrumbs, app state at the time of a crash
  • device info (model, OS version)
  • after the configuration change in § 19: without IP address and without user identifier

4.7 AI chat content

  • the questions you type
  • up to 20 prior turns per session (max 1,000 characters per question)

4.8 Consents

  • per-purpose record of consents (granted/withdrawn, timestamp, policy version)

4.10 Install-count transmission data

On first launch after installation, the app transmits a single, one-time ping containing:

  • a randomly-generated per-installation UUID (created locally at install time, distinct from the sync UUID in § 4.4 once a user account exists, but the same UUID field is reused — see § 5 row on install counting)
  • platform (iOS / Android / macCatalyst / Windows)
  • operating-system version
  • app version
  • 2-letter country code derived from the device locale setting (not from GPS, not from IP geolocation)

This ping fires once per installation, regardless of whether the user has enabled the "Anonymous usage statistics" toggle in § 20. No IP address, no account identifier, and no daily snapshot are included. The UUID is retained on-device in local storage for deduplication purposes; this on-device storage falls under § 25(2) No. 2 TDDDG (technically necessary for the purpose of the transmission, Art. 5(1)(b) GDPR). The legal basis for the transmission itself is Art. 6(1)(f) GDPR (legitimate interest — see § 5).

4.9 Data we do not process

We do not process:

  • advertising identifiers (no IDFA, no Google Advertising ID),
  • tracking pixels or third-party analytics SDKs (no Google Analytics, Firebase Analytics, AppCenter, Mixpanel, Meta SDK, etc.),
  • biometric or health-related special-category data (Art. 9 GDPR),
  • location data (no GPS access; for historical reasons the iOS bundle still declares unused permission strings — these will be removed in the next release),
  • FCM or APN push tokens (all notifications are local),
  • advertising or tracking cookies.

5. Purposes of processing and legal bases

The following table fulfils Art. 13(1)(c) and (d) GDPR.

Purpose Data categories Legal basis
Creating and maintaining your account, authentication 4.1, 4.2 Art. 6(1)(b) GDPR — performance of contract (iMeter Reader user agreement)
Storing your energy contracts and meter readings on-device and (when signed in) syncing to our servers 4.3 Art. 6(1)(b)
Providing historical consumption charts and analytics 4.3 Art. 6(1)(b)
Reminders for meter readings and contract deadlines 4.3, 4.8 Art. 6(1)(b) + explicit per-contract consent
AI meter reading (cloud fallback when local OCR fails) 4.5 (transient), 4.3 Art. 6(1)(a) — consent
AI contract analysis 4.5 (transient), 4.3 Art. 6(1)(a) — consent
AI tariff-comparison chat 4.7 Art. 6(1)(a) — consent
Tariff comparison widget (CHECK24) PLZ, kWh, IP, UA, cookies set by third party Art. 6(1)(a) — consent (before widget loads)
Crash and performance telemetry (Sentry) 4.6 Art. 6(1)(a) — consent (default OFF)
Anonymous usage statistics (device heartbeat + daily snapshot) 4.4 (aggregated) Art. 6(1)(a) GDPR — consent (default OFF), in conjunction with § 25 TDDDG. Withdrawable at any time (Art. 7(3)).
Counting unique app installations (product/operations metric) Per-installation UUID, platform, OS version, app version, 2-letter country code derived from device locale (not GPS) — see § 4.10 Art. 6(1)(f) GDPR — legitimate interest in measuring adoption of a pre-release product. Balancing test: the UUID is randomly generated with no link to a natural person at creation; no IP, no contact data, minimal device metadata; suppressible/erasable on request. Distinction from § 20: this one-time install count is processed independently of the "Anonymous usage statistics" toggle in § 20: it fires once per installation even when usage statistics are disabled, transmits no daily snapshot and no IP, and is based on Art. 6(1)(f) — not on consent. The § 25 TDDDG analysis: the install-count transmission is non-essential analytics and does NOT rely on the § 25(2) No. 2 exemption; the legal basis is the Art. 6(1)(f) legitimate interest above. The separate on-device storage of the installation UUID for sync remains covered by § 25(2) No. 2 for its own purpose (Art. 5(1)(b)).
Audit logging of sync operations (security forensics) userId, deviceId, truncated IP (/24 or /48), UA, action Art. 6(1)(f) — legitimate interest in operational security and abuse prevention. Retention: 90 days.
Compliance with legal obligations (tax / commercial retention when paid features go live) 4.1 plus payment data Art. 6(1)(c)
Handling your access / rectification / erasure requests 4.1 Art. 6(1)(c) in conjunction with Art. 15–22
Email correspondence via support@imeterreader.app email content Art. 6(1)(b) (pre-contract) or (1)(f) (responding to enquiries)

6. Recipients and sub-processors

We disclose data only to the recipients listed below, and only on the basis of written Data Processing Agreements (DPAs) under Art. 28 GDPR. The current list is in Annex A.

6.1 Hosting infrastructure

Hostinger International Ltd., Jonavos g. 60C, 44192 Kaunas, Lithuania (EU) → Server location: Frankfurt am Main, Germany (we explicitly use the German hosting region) → Data processed: all categories in 4.1–4.4 and 4.7 → International transfer: none — Hostinger is established in Lithuania (an EU member state); physical processing takes place in Germany. → DPA: Hostinger Data Processing Agreement (available in the Hostinger customer portal), signed.

6.2 Identity management

Self-hosted — Keycloak instance running on Hostinger servers in Frankfurt am Main, DE (auth.codexo.dev) → Not an external sub-processor; identity data remains within our own infrastructure on the same German server.

6.3 Artificial intelligence

OpenAI, L.L.C., 1960 Bryant Street, San Francisco, CA 94110, USA → Data processed: when AI features are enabled — your meter photo, contract PDF, or chat conversation (up to 20 prior turns) → Models: gpt-4o, gpt-4o-mini → Transfer to: USA. Legal basis: EU Standard Contractual Clauses (Implementing Decision (EU) 2021/914) and EU–US Data Privacy Framework adequacy decision (Implementing Decision (EU) 2023/1795). Additional safeguards: pseudonymisation (no clear name in the request), no user ID transmitted, image/PDF not stored server-side. → OpenAI retention: API default of 30 days for abuse monitoring. No use of your data to train OpenAI's models (per OpenAI API data-usage policy). → DPA: OpenAI Data Processing Addendum (https://openai.com/policies/data-processing-addendum), signed.

6.4 Tariff comparison (joint controllership under Art. 26 GDPR / affiliate-partner arrangement)

CHECK24 Vergleichsportal GmbH, Erika-Mann-Straße 62-66, 80636 Munich, Germany → Data processed: your postal code, estimated annual consumption (kWh), IP address, user agent, plus anything you enter into the widget (specific tariff enquiry, etc.) → Triggered: only when you open the "Offers" tab AND have consented (see § 17). → International transfer: none (EU/EEA). → DPA / affiliate-partner contract: signed (Partner ID 1148136). → For the immediately related processing, CHECK24's own privacy notice also applies: https://www.check24.de/unternehmen/datenschutz/.

6.5 Crash and performance data

Functional Software, Inc., d/b/a Sentry, 132 Hawthorne St, San Francisco, CA 94107, USA — with European entity Sentry GmbH, Schönhauser Allee 148, 10435 Berlin, Germany → Ingest endpoint: Frankfurt am Main, DE (*.ingest.de.sentry.io) → Data processed: crash stack traces, breadcrumbs, app state, device info. → Important: in the current app version no IP address and no user identifier is transmitted to Sentry (SendDefaultPii = false). → International transfer: primarily EU; intra-group transfers to the US parent cannot be excluded. Legal basis: SCCs and Data Privacy Framework. → DPA: Sentry Data Processing Addendum (https://sentry.io/legal/dpa/), signed.

6.6 Mobile platform provider (on-device OCR model on Android)

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland — Google ML Kit Text Recognition → Text recognition runs entirely on your device; no image data is transmitted to Google. The model binary is delivered via Google Play Services.

6.7 Mobile platform provider (on-device OCR on iOS / macOS)

Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA — Vision framework → Processing is fully on-device; no image data is sent to Apple.

6.8 Certificate authority

Internet Security Research Group / Let's Encrypt, USA — issues TLS certificates for *.codexo.dev. No personal data involved.

6.9 SMS and email delivery

Twilio Inc., 101 Spear Street, Suite 500, San Francisco, CA 94105, USA — SMS delivery for mobile-number verification → Data processed: your mobile number, one-time verification code (OTP), timestamp, IP of the request → International transfer: USA. Legal basis: EU Standard Contractual Clauses (Implementing Decision (EU) 2021/914) and EU–US Data Privacy Framework (Implementing Decision (EU) 2023/1795). → Retention at Twilio: 30 days by default (delivery proofs + abuse monitoring), then deletion. → DPA: Twilio Data Processing Addendum (https://www.twilio.com/legal/data-protection-addendum), signed.

Twilio SendGrid (a Twilio business unit), 1801 California Street, Denver, CO 80202, USA — transactional email delivery (e.g. account confirmations, security notifications) → Data processed: your email address, content of the email (e.g. confirmation link), send timestamp, optional open/click metadata → International transfer: USA — same legal basis as Twilio (SCCs + DPF). → Retention at SendGrid: activity logs up to 30 days for deliverability analysis, then deletion; content held only briefly in the send buffer. → DPA: SendGrid Data Processing Addendum (folded into the Twilio DPA), signed.

6.10 Public authorities

We disclose data to authorities only when legally required.

7. International data transfers (Chapter V GDPR)

International transfers occur only to the recipients in § 6.3 and § 6.5. Legal basis: EU Standard Contractual Clauses (Implementing Decision (EU) 2021/914) and the EU–US Data Privacy Framework adequacy decision (Implementing Decision (EU) 2023/1795), where applicable.

Additional safeguards:

  • pseudonymisation of requests (no clear name, no user identifier transmitted unless functionally necessary),
  • TLS 1.3 + certificate pinning in the mobile app,
  • contractual prohibition of using transmitted data for AI training (OpenAI),
  • storage limits at the recipient (30 days OpenAI, 30 days Twilio/SendGrid, 90 days Sentry),
  • prior-notification obligation regarding sub-processors (SCC Clause 9 / Art. 28(2) GDPR): OpenAI, Sentry and Twilio/SendGrid are each contractually required to inform us in advance of any addition or replacement of their own downstream sub-processors. We may object — and where appropriate terminate the contract — before new sub-processors gain access to your data.

A copy of the relevant SCCs is available on request at support@imeterreader.app.

8. Retention periods and erasure

We retain personal data only as long as needed for the purposes in § 5, or until you withdraw consent / object to legitimate-interest processing.

8.1 Offline-first — the default is no data transmission

iMeter Reader is an offline-first app: as long as you do NOT sign in to an account, no contracts, meter readings, or settings are transmitted to our servers. All data lives only on your device in the local SQLite database in the app-sandbox directory.

Concretely:

  • No account + no AI use: if you neither create an account NOR use any AI feature (cloud OCR, contract analysis, AI chat), your data never leaves your device. Uninstalling the app removes everything immediately and completely — no copy exists with us or any third party.
  • With account (cloud sync): if you create an account and use sync, contracts, meter readings and settings are replicated to our servers (see table below). "Delete account" wipes those server-side copies.
  • With AI use: if you used an AI feature, the corresponding image / PDF / chat message may stay at OpenAI for up to 30 days (API default retention for abuse monitoring); the extracted structured data is saved only on your device.
  • Sentry diagnostics: if you consented to telemetry and an app crash occurred, the anonymous diagnostic data stays at Sentry for up to 90 days, then is deleted.

8.2 Retention per data category

Data category Retention
Account & master data (4.1, 4.2) Until account deletion + 30-day grace period
Energy contracts and meter readings (4.3) Locally on your device: while the app is installed. On our servers: only when signed-in and cloud sync is on; on account deletion, cascade delete within the 30-day grace period. You can remove individual records from the app at any time.
Meter photos / contract PDFs (4.5) Not persistently stored on our servers. At OpenAI: up to 30 days, then automatic deletion.
Install-count record (§ 4.10) — device has telemetry consent OFF and record has never been linked to a user account Maximum 18 months from first install, then deleted.
Device telemetry — raw daily (4.4 snapshots) 90 days
Device telemetry — monthly aggregates 24 months
Sync audit log (truncated IP + UA) 90 days
Sync operations queue (internal replay) 30 days
AI chat content (4.7) Local: until you close the app. Server: not persistent.
Sentry diagnostics 90 days
Consent log (4.8) Business relationship + 3 years (to prove consent under Art. 7(1))
Tax / commercial records (when paid features go live) 10 years (§§ 257 HGB, 147 AO)

Local data on the device (SQLite database) is held in the app sandbox until you uninstall the app or use the "Delete account" function, which also wipes the local DB before the server call.

9. Your rights as a data subject

Right Scope How to exercise
Access (Art. 15) Receive a full copy of data we hold about you Email support@imeterreader.app; a copy is provided within 30 days.
Rectification (Art. 16) Correct inaccurate or incomplete data Profile screen in the app, or written request.
Erasure / right to be forgotten (Art. 17) We delete your data unless there is a legal retention obligation In-app: Settings → Account → "Delete account". Full cascade within the 30-day grace period.
Restriction (Art. 18) Suspend processing Email support@imeterreader.app.
Portability (Art. 20) Receive your data in a structured, commonly used, machine-readable format On request to support@imeterreader.app, data is provided in a structured, commonly used, machine-readable format.
Objection (Art. 21) Object to processing based on legitimate interest (audit log; install count — § 4.10 / § 5). You may object to the install-count processing under Art. 21 GDPR; we will then suppress any further processing of that record and delete it ahead of the 18-month retention period. Email support@imeterreader.app.
No automated decision-making (Art. 22) We do not take automated decisions with legal effect Not applicable.

Handling your request is free of charge. We may require a one-time email confirmation to verify your identity.

10. Right to withdraw consent

Where processing is based on consent (AI features, Sentry, CHECK24 widget, anonymous usage statistics), you may withdraw it at any time with effect for the future. Withdrawal is as easy as giving consent:

  • In-app: Settings → Privacy → per-purpose toggles (AI meter reading, AI contract analysis, AI chat, tariff comparison, diagnostic data, anonymous usage statistics).
  • Email to support@imeterreader.app.

The lawfulness of processing carried out before the withdrawal remains unaffected.

11. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data-protection supervisory authority. The operator is based in Bavaria, so the competent authority is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) · Promenade 18 · 91522 Ansbach, Germany · Phone: +49 (0) 981 180093-0 · Email: poststelle@lda.bayern.de · Web: https://www.lda.bayern.de

A list of German DPAs: https://www.bfdi.bund.de/EN/Home/home_node.html

12. Obligation to provide data

You must provide your email address and name to create an account. Without an account, cloud sync is not available — but all core features (meter reading capture, contract management, reminders) work fully offline without sending any data to our servers.

Other data is optional. Not providing it simply means the related feature is unavailable (e.g. no postal code → no tariff comparison).

13. Automated decision-making / profiling

We make no decisions based solely on automated processing that produce legal or similarly significant effects (Art. 22 GDPR). AI features are assistive (OCR and structured-extraction suggestions); you always review and confirm.

No profiling within the meaning of Art. 4(4) GDPR is performed.

14. Data security (Art. 32 GDPR)

We use up-to-date security standards:

  • Transport encryption: TLS 1.3, HSTS, OCSP stapling. The mobile apps additionally enforce Subject Public Key Info pinning (SPKI pinning) for auth.codexo.dev and imeterreader.codexo.dev — even a compromised CA cannot man-in-the-middle.
  • Secure token storage: auth tokens live exclusively in iOS Keychain / Android Keystore, never in Preferences / NSUserDefaults.
  • RBAC: backend endpoints are protected by JWT validation and resource-owner checks; admin endpoints additionally require the Keycloak role imeterreader_admin.
  • Input validation & hardening: strict JSON schemas; MIME allow-list + magic-byte check for uploads; 7 MB cap; correlation-ID sanitisation; CORS fail-closed in production.
  • Audit log: every synced write is logged with userId, deviceId, truncated IP, user agent, action, timestamp (90-day retention).
  • At-rest encryption: database + backup encryption at Hostinger; local SQLite protected by OS data-protection class (iOS) / File-Based Encryption (Android). SQLCipher on-device is on the roadmap.
  • Backups: daily encrypted, stored on a separate storage box.
  • Patch management: all container images version-pinned; CVE monitoring via Dependabot.
  • Incident response: documented 72-hour breach-notification procedure (Art. 33).

A detailed TOMs catalogue is available to business partners on request (support@imeterreader.app).

15. Cookies and similar technologies (§ 25 TDDDG)

The iMeter Reader mobile app uses no advertising or tracking cookies.

We only use data types that are strictly necessary for the app to function and are exempt under § 25(2) TDDDG:

  • authentication tokens (Keycloak access/refresh/ID tokens) in OS-secure storage,
  • the per-installation device UUID for sync,
  • language and UI preferences.

Consent-required items (CHECK24 widget, Sentry, AI features) are gated by an explicit in-app dialog before activation; see §§ 16, 17, 19.

The associated back-office (imeterreader-admin.codexo.dev) is used only by the operator and is not consumer-facing.

16. AI-powered features (OCR, contract analysis, chat)

iMeter Reader offers three optional, individually enabled AI features:

16.1 AI meter reading (OCR)

  • Local-first: by default, OCR runs on-device (Apple Vision on iOS; Google ML Kit on Android). No image is sent to our servers.
  • Cloud fallback (optional, consent-required): if local OCR fails, you may switch to cloud OCR. The image (~ 960 × 300 px, JPEG q90, EXIF stripped) is sent to our backend and from there to OpenAI (§ 6.3). Response: the extracted numeric reading.
  • Limit: maximum 3 cloud OCR calls per week.

16.2 AI contract analysis

  • You may upload a contract PDF or multi-page photo PDF. The document is sent to our backend (memory only) and from there to OpenAI.
  • Response: a structured contract record that you review and optionally correct before saving.
  • Note: contract documents often contain sensitive data (name, address, customer number, IBAN/SEPA). We recommend redacting fields you do not want AI-processed before uploading.
  • Limit: 2 electricity and 2 gas contracts per month.

16.3 AI chat (tariff assistant)

  • Ask questions about energy tariffs, provider differences, cancellation periods, etc.
  • Your input and the last 20 turns of conversation are sent to OpenAI.
  • Please do not enter sensitive personal data of third parties in the chat.
  • Per-question input limit: 1,000 characters — deliberately kept low so that no large volume of personal data is inadvertently sent to OpenAI (data minimisation, Art. 5(1)(c) GDPR).
  • Daily limit: 20 requests per day.

16.4 Consent-based

All three AI features ship disabled. They activate only after your explicit, per-feature consent. You can review and revoke at any time in Settings → Privacy.

16.5 No training of AI models

We do not use your meter images, contract documents, AI-chat messages or any other content you submit to train, fine-tune or improve any AI model — neither our own models nor those of our sub-processors. OpenAI is contractually prohibited from using API inputs and outputs to train its models (OpenAI API Data Usage Policy, as of 23 May 2026); inputs and outputs may be retained by OpenAI for up to 30 days for abuse-monitoring only and are then automatically deleted. On-device OCR (Apple Vision on iOS/macOS, Google ML Kit on Android) processes images entirely locally and transmits nothing to Apple or Google.

There is currently no opt-in that would allow your content to be used for model training. If we ever introduce such an option in a future version, it would require a separate, explicit, freely-given consent under Art. 6(1)(a) GDPR — silence, continued use of the app, or pre-ticked boxes would never count as consent (Art. 4(11), Art. 7 GDPR; EDPB Guidelines 05/2020 on consent).

17. Tariff comparison (CHECK24 widget)

In the "Offers" tab you can run a tariff comparison for electricity or gas. An embedded widget from CHECK24 Vergleichsportal GmbH is loaded (see § 6.4). Loading the widget transmits to CHECK24:

  • your postal code (5 digits),
  • your estimated annual consumption in kWh,
  • your IP address, user agent, language setting,
  • cookies and similar identifiers set by the widget in the in-app browser.

We ask for your consent before the widget loads for the first time. You can disable the widget at any time (Settings → Privacy → "Allow tariff comparison widget"). CHECK24's own privacy notice: https://www.check24.de/unternehmen/datenschutz/.

The operator earns an affiliate commission if you sign a contract through the widget. This has no effect on the result list, which CHECK24 calculates independently.

18. Push messages and reminders

All reminders (meter readings, contract end dates, cancellation deadlines) are local notifications triggered by your device OS. We do not use FCM or APNs. No push tokens are transmitted to our servers or third parties.

Android requires POST_NOTIFICATIONS, SCHEDULE_EXACT_ALARM and RECEIVE_BOOT_COMPLETED (the last so that reminders survive a device restart).

19. Crash and diagnostic data (Sentry)

If you consent to telemetry, on a crash we send to Sentry (§ 6.5):

  • stack trace and error message,
  • breadcrumbs (in-app navigation in the minutes before the crash),
  • device info (model, OS version),
  • app version.

Not sent to Sentry:

  • your IP address,
  • your email, name or username,
  • contents of meter readings, contracts, chat messages or notes.

No advertising or tracking identifiers. Sentry retains diagnostics 90 days and then deletes them.

You may disable diagnostic transmission at any time (Settings → Privacy → "Crash & diagnostic reports").

20. Anonymous usage statistics (device telemetry)

To improve quality, detect stability issues and guide product development, we collect aggregated device-level usage statistics (see § 4.4). Each day we transmit:

  • contracts count (cumulative),
  • meter readings count (cumulative),
  • app opens since last snapshot,
  • active session minutes since last snapshot,
  • app version.

These data are not tied to your account, only to an anonymous per-installation UUID. If you sign in later, the UUID is linked to your account — you can sever this link at any time (Settings → Account → "My devices").

Legal basis: your consent (Art. 6(1)(a) GDPR) in conjunction with § 25 TDDDG (storing/accessing information on your device for non-essential analytics). You may withdraw your consent at any time with effect for the future (Art. 7(3) GDPR); withdrawal is as easy as giving consent (Settings → Privacy → "Anonymous usage statistics"). The lawfulness of processing carried out before withdrawal remains unaffected.

Default state: telemetry is disabled by default. You enable it explicitly at first launch or later in Settings.

Note: this default-OFF toggle does not cover the one-time install count described in § 5 / § 4.10; that count is based on Art. 6(1)(f) and runs independently of this setting (you may object under Art. 21).

21. Children under 16

iMeter Reader is intended for adult energy customers. It is not intended for children or adolescents under 16. We do not knowingly process data of persons under 16. If we learn that such data has been provided without valid parental consent, we delete it without delay.

22. Changes to this privacy policy

We update this privacy policy whenever our processing or applicable law changes. We give at least 30 days' notice of material changes — via an in-app notice and (if you have an account) by email. The current version is always at:

https://imeterreader.app/en/privacy

Annex A — List of sub-processors (as of 2026-06-01)

Name Location Role Data location Third-country transfer DPA
Hostinger International Ltd. Kaunas, LT (EU) Hosting (compute, DB) Frankfurt am Main, DE none Hostinger DPA
OpenAI, L.L.C. San Francisco, USA AI model inference (OCR, contract analysis, chat) USA yes OpenAI DPA + SCCs + DPF
Functional Software Inc. / Sentry GmbH San Francisco, USA / Berlin, DE Crash and performance telemetry Frankfurt am Main, DE (ingest); intra-group US possible partly Sentry DPA + SCCs + DPF
CHECK24 Vergleichsportal GmbH Munich, DE Tariff comparison widget Germany none CHECK24 affiliate-partner contract
Twilio Inc. San Francisco, USA SMS delivery (mobile-number verification) USA yes Twilio DPA + SCCs + DPF
Twilio SendGrid Denver, USA Transactional email delivery USA yes Twilio/SendGrid DPA + SCCs + DPF
Google Ireland Ltd. (ML Kit + Play Services) Dublin, IE Local OCR model on Android on device intra-group US possible Google Cloud Customer Mobile Services DPA
Apple Inc. (Vision framework) Cupertino, USA Local OCR framework on iOS / macOS on device none (no data transfer) Apple Developer Program License Agreement

We update this list as our infrastructure evolves. The current version is at https://imeterreader.app/en/subprocessors. We notify users of new sub-processors at least 30 days before introduction.

iMeter Reader privacy policy · Version 2.3 · 01 June 2026 · Privacy questions: support@imeterreader.app

Privacy | Terms | Sub-processors | Imprint | support@imeterreader.app