Privacy Policy

Ntropy is intended for use only in the DACH region (Germany, Austria, and Switzerland).

The Service may be technically accessible from other regions, but it is not actively offered or targeted outside the DACH region.

This Policy is written with EU data protection law (GDPR) and Swiss data protection law (FADP) in mind.

Depending on how you use the Service, we process the following categories of data:

Account and identity data

• Contact information you provide, such as an email address.
• Display name or similar profile information, if provided.
• Authentication information needed to sign you in, including information from third-party sign-in providers where you choose to use them.
• Internal identifiers used to associate your activity within the Service.

User content and social data

• Content you create or submit within the Service.
• Information about the groups or communities you participate in within the Service and your role in them.
• Preference and personalization settings you configure within the Service.

Diagnostics and support data

• Crash, error, and stability information.
• Information you submit when contacting support or reporting an issue.

Technical and usage data

• Aggregate product-usage and reliability signals.
• Information used to verify the integrity of the app and apply runtime configuration.
• Technical information processed by Google services to provide authentication, app integrity checks, diagnostics, analytics, hosting, backend compute, data storage, and AI-assisted features.

AI-related data

• User generated content may be processed by Google AI services where needed.
• AI usage metadata, such as token counts, may be used for debugging and operational measurement.

Data visibility in the product

• Contact information is only made visible to other users in limited contexts that you control or that are transparently surfaced in the product.
• Actions that contribute to collective outcomes are surfaced in aggregated form rather than as individually identifying events.
• Personalization settings are private to your account.

We process personal data to:

• Provide and operate the Service.
• Apply the personalization settings you configure.
• Protect the Service and its users (including abuse prevention, fraud prevention, and access control).
• Operate support and debugging workflows.
• Improve stability, reliability, and product quality.
• Provide AI-assisted features offered within the Service.
• Comply with legal obligations and enforce our terms.

We do not sell personal data.

Where GDPR applies, our legal bases are:

• Contract performance (Art. 6(1)(b) GDPR): to provide the Service you requested.
• Legitimate interests (Art. 6(1)(f) GDPR): service security, abuse prevention, troubleshooting, product reliability, product quality, and preservation of shared group discussions after account deletion in a dissociated form.
• Legal obligation (Art. 6(1)(c) GDPR): where we must comply with applicable law.

For Switzerland, processing is carried out in accordance with the Swiss FADP on equivalent grounds.

To run the Service we rely on established cloud infrastructure and platform providers. Depending on the feature in use, this can include:

• Google Ireland Limited / Google LLC for Google Cloud services.
• Google, Apple, and Microsoft sign-in providers, where you choose to use those providers for authentication. These providers may process data under their own privacy terms in addition to processing needed for sign-in.
• Apple App Store and Google Play, where the app is distributed through those platforms.

Where these providers act as processors, they process personal data on our behalf under their data-processing commitments. Where they act as independent controllers, their own privacy notices also apply.

Data storage and processing is mostly located in the EU. Some Google data processing may still involve infrastructure, support access, or subprocessors located outside your country or outside the European Economic Area.

Where required, we rely on appropriate safeguards for international data transfers, such as contractual protections, EU Standard Contractual Clauses, adequacy decisions, or other safeguards provided by the relevant providers.

We retain data only as long as needed for the purposes described above.

Account-linked data

• Account profile data is kept for the lifetime of your account, unless longer retention is legally required.
• Transient, security-sensitive data (such as verification material) is retained only as long as needed for its purpose.
• Authentication, reset, and verification tokens are short-lived and are deleted or expire after they are no longer needed.

Content data

• Some content that contributes to collective outcomes in the Service may remain after account deletion, dissociated from your identity, to preserve the integrity of shared discussions.
• Other account-linked content is removed as part of the account deletion workflow.
• Content that exists inside a shared space remains until that shared space is removed by its owner.

Diagnostics and bug reports

• Diagnostic data and support correspondence are retained only as long as needed to investigate and resolve issues, and are then removed or minimized.

If you delete your account:

• Sign-in access is removed.
• Your personal account data, memberships, and preference settings are removed.
• Some content you created may remain, dissociated from your identity, where it contributes to shared discussions.
• Shared spaces you own are removed together with your account, including their content.

Subject to applicable law, you may request:

• Access to your personal data.
• Correction of inaccurate data.
• Deletion of your data.
• Restriction of processing.
• Objection to certain processing.
• Data portability.

You may also have the right to lodge a complaint with your local supervisory authority (EU) or the competent Swiss authority.

To exercise rights, contact us at support AT ntropy DOT at and include:

• Your registered email address.
• The type of request.
• Any details needed to identify the relevant data.

We may request additional information to verify identity before acting on a request.

Ntropy is not intended for children under 18.

We do not knowingly collect personal data from children under 18. If we become aware of such data, we will take appropriate action.

We apply appropriate technical and organizational measures designed to protect personal data, including access controls, industry-standard cloud security tooling, and server-side enforcement of access rules.

No method of transmission or storage is completely secure, so absolute security cannot be guaranteed.

We may update this Privacy Policy from time to time.

Material updates will be published in-app or through other appropriate user-facing notice.

For privacy questions or data requests:

support AT ntropy DOT at