Privacy Policy — BankingDesk

Effective date: 26 March 2026

1. Data Controller

D. Stengel-Dori, Ostendstr. 88, 60314 Frankfurt am Main, Germany. Contact: support@medienkommission.de

2. Data Processed

BankingDesk processes the following categories of data:

• Username and profile information
• Learning progress and test results
• Monthly usage metrics and token budget consumption
• Clause texts from Tell Me analysis
• Questions submitted to the Teacher (AI mentor)
• Subscription and billing data managed by Apple StoreKit
• Local settings in UserDefaults
• Local diagnostic logs (os.Logger) that remain on your device

3. Purposes and Legal Bases

• Art. 6(1)(b) GDPR: Contract performance (providing learning modules, tests, Tell Me analysis, Teacher guidance)
• Art. 6(1)(f) GDPR: Legitimate interest for diagnostic logs and Anthropic's abuse prevention

4. Recipients

Anthropic, PBC (USA): When you use Tell Me analysis or ask the Teacher, content is transmitted to Anthropic's API. Anthropic processes content for response generation and retains it for abuse prevention (up to 30 days by default, longer for policy violations).

Apple Inc.: Profile and usage data stored in your private iCloud via CloudKit. Subscription managed by Apple. Apple transfers certain data to the USA under EU Standard Contractual Clauses.

5. International Transfers

Anthropic processes data in the USA under EU Standard Contractual Clauses (Implementing Decision (EU) 2021/914). Additional safeguards under Art. 46 GDPR apply.

6. Retention

• Clause and question content are not persistently stored by BankingDesk; they remain transiently in memory during API calls
• Anthropic retains API inputs/outputs up to 30 days by default; up to 2 years for policy violations
• Profile, learning progress, and usage data in your iCloud remain for 24 months or longer if required by law
• Local settings remain on device until uninstallation or manual removal
• Diagnostic logs are managed by the OS and do not leave your device

7. Your Rights

You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection (Art. 21 GDPR). You may withdraw consent at any time (Art. 7(3) GDPR). Contact support@medienkommission.de.

8. No Automated Decision-Making

No automated decision-making or profiling under Art. 22 GDPR occurs. AI-generated suggestions are proposals; you decide whether to use them.

9. IONOS WebAnalytics

This website uses IONOS WebAnalytics, a server-side, cookieless analytics tool. IP addresses are anonymized before analysis. No cookies are set. No personal profiles are created. No consent is required because no personal data within the meaning of GDPR Article 4(1) is processed.

10. Changes

We reserve the right to amend this Privacy Policy if changes to the app or applicable law require it. The current version is available at this link.