Privacy Policy
Last updated: April 2026
1. Controller and Contact
The controller responsible for data processing is:
Manuel Loistl
Bornholmer Straße 92, 10439 Berlin, Germany
Email: manuelloistl [at] gmail [dot] com
2. Overview
This Privacy Policy explains what personal data the Radiant app (“App”) collects, why, and how it is processed. We process as little personal data as possible and do not use your data for advertising, profiling, or sale to third parties.
3. What Data We Collect and Why
3.1 Account Data
| Data | Purpose | Legal Basis |
|---|---|---|
| Google account email address | Account identification and login | Art. 6(1)(b) GDPR |
| Google display name | Display in the app | Art. 6(1)(b) GDPR |
3.2 Profile Data (optional, user-provided)
| Data | Purpose | Legal Basis |
|---|---|---|
| Name, birthday, weight, height, gender | Personalizing AI-generated insights | Art. 6(1)(a) GDPR — consent |
| Lifestyle, dietary preferences | Contextualizing AI-generated insights | Art. 6(1)(a) GDPR — consent |
All profile data is optional. The App functions without it.
3.3 Check-In Data (user-provided)
| Data | Purpose | Legal Basis |
|---|---|---|
| Daily habit completions, ratings, journal entries, gratitude entries, bedtime logs | Core app functionality | Art. 6(1)(b) GDPR |
| Goals | Tracking progress and AI analysis | Art. 6(1)(b) GDPR |
3.4 Technical Data
| Data | Purpose | Legal Basis |
|---|---|---|
| FCM device token | Delivering push notifications | Art. 6(1)(b) GDPR |
4. AI Processing
The App generates weekly and monthly insights by sending your check-in data, profile, and goals to the Claude API, operated by Anthropic (anthropic.com). Specifically:
- Your entries, profile data, and goals for the relevant period are sent to the Claude API for analysis.
- Anthropic processes this data to generate analytical insights.
- Anthropic’s data retention policies apply to API calls — refer to Anthropic’s privacy policy at anthropic.com/privacy for details.
- AI-generated insights are stored in your account and are only accessible to you.
- We do not send your email address or Google account data to Anthropic.
5. Data Processors
5.1 Google Firebase (Database, Authentication, Notifications)
- Provider: Google Ireland Limited / Google LLC
- Purpose: User authentication (Google Sign-In), database hosting (Cloud Firestore), push notifications (Firebase Cloud Messaging), serverless functions (Cloud Functions)
- Data processed: Account data, profile data, check-in data, goals, insights, device tokens
- Server location: EU (europe-west1)
- Safeguards: EU-US Data Privacy Framework adequacy decision; Google’s Data Processing Addendum
5.2 Anthropic (AI Processing)
- Provider: Anthropic PBC, USA
- Purpose: Generating weekly and monthly insights via the Claude API
- Data processed: Check-in entries, profile data, and goals for the analysis period
- Safeguards: Standard Contractual Clauses; Anthropic’s data processing terms
6. Cookies and Local Storage
The App uses only technically necessary local storage for authentication tokens and user preferences. No cookies are used for tracking or analytics.
7. International Data Transfers
Your data is stored on Firebase servers in the EU. When insights are generated, check-in data is transferred to Anthropic (USA). This transfer is protected by Standard Contractual Clauses (Art. 46(2)(c) GDPR).
8. Data Retention
| Data | Retention Period |
|---|---|
| Account and profile data | Until you delete your account |
| Check-in entries and goals | Until you delete your account |
| AI-generated insights | Until you delete your account |
When you delete your account, all associated data is permanently removed without undue delay.
9. Your Rights
Under the GDPR, you have the right to:
- Access your personal data (Art. 15 GDPR)
- Rectify inaccurate data (Art. 16 GDPR)
- Erase your data (Art. 17 GDPR)
- Restrict processing (Art. 18 GDPR)
- Data portability — receive your data in a common format (Art. 20 GDPR)
- Object to processing based on legitimate interests (Art. 21 GDPR)
- Withdraw consent at any time where processing is consent-based
To exercise any of these rights, contact us at: manuelloistl [at] gmail [dot] com
10. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority. The competent authority is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59–61, 10555 Berlin, Germany
https://www.datenschutz-berlin.de
11. Data Security
We use SSL/TLS encryption for all data transmission. Data is encrypted at rest in Firebase. We implement appropriate technical and organisational measures to protect your personal data.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top indicates the most recent revision.