Privacy Policy

Last updated: February 19, 2026

1. Controller Information

The data controller responsible for the processing of your personal data is:

Digital App Group GmbH
Ferdinand-Koch-Str. 31
26133 Oldenburg, Germany
Phone: +49 441 3793132
Email: digitalappgroupde@gmail.com
Website: https://finddiamonds.net

Managing Director (Geschäftsführer): Joshua van Vliet

Given the nature and scale of our data processing activities, we are not required to appoint a Data Protection Officer pursuant to Article 37 GDPR. For all data protection inquiries, please contact us at the address above.

2. Overview

This Privacy Policy describes how Digital App Group GmbH ("we", "us", or "our") collects, uses, stores, and protects personal data when you access or use Diamond Finder, available at finddiamonds.net and through our iOS and Android applications (collectively, the "Service").

We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG), and the German Telecommunications and Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetz, TTDSG).

3. Legal Bases for Processing

We process personal data based on the following legal grounds under Article 6(1) GDPR:

  • Consent (Art. 6(1)(a) GDPR): For analytics cookies, advertising cookies, and optional sign-in with Google or Apple. You may withdraw your consent at any time.
  • Contract Performance (Art. 6(1)(b) GDPR): For processing necessary to provide the Service, including search queries, user account management, and premium purchase fulfillment.
  • Legitimate Interest (Art. 6(1)(f) GDPR): For service security, fraud prevention, basic analytics for service improvement, and technical logging. Our legitimate interest is to ensure the secure and efficient operation of our Service.

4. Types of Data Collected

4.1 Account Data (Firebase Authentication)

We use Firebase Authentication provided by Google LLC to manage user accounts. Depending on how you use the Service, the following data may be collected:

  • Anonymous users: A Firebase anonymous UID is automatically generated. No personal information is collected.
  • Google sign-in: Name, email address, profile picture, and Google UID.
  • Apple sign-in: Name (if provided), email address (may be an Apple relay address), and Apple UID.
  • Authentication tokens and session data.

Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest).

4.2 Usage Data

  • World seeds submitted for searches (processed temporarily and not permanently stored).
  • Search parameters such as item type, Minecraft version, and coordinates.
  • Search results viewed and features used.

Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

4.3 Technical Data

  • IP address (anonymized for analytics purposes).
  • Browser type and version.
  • Operating system and device type.
  • Screen resolution and referral URL.
  • Date and time of access.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in security and service optimization).

4.4 Payment Data

Payment processing is handled entirely by Stripe, Inc. We do not store credit card numbers, bank account details, or other sensitive payment information on our servers. We receive from Stripe only the transaction ID, payment status, currency, and amount paid. Your Firebase UID is associated with your premium status.

Legal basis: Art. 6(1)(b) GDPR (contract performance).

4.5 Advertising Data

For free-tier users, we display advertisements through Google AdSense. Google AdSense may collect data such as cookies, device identifiers, and browsing behavior for the purpose of personalized advertising. This data is only collected with your consent.

Legal basis: Art. 6(1)(a) GDPR (consent).

5. Third-Party Services and Data Processors

5.1 Firebase Authentication (Google LLC)

  • Purpose: User authentication and account management.
  • Data processed: UID, email, name, authentication tokens.
  • Privacy policy: firebase.google.com/support/privacy
  • Data location: USA (see Section 8).

5.2 Google Analytics (Google LLC)

  • Purpose: Understanding user behavior and improving the Service.
  • Data processed: Page views, session duration, device info, anonymized IP address.
  • IP anonymization: Enabled.
  • Privacy policy: policies.google.com/privacy
  • Opt-out: You can opt out by installing the Google Analytics Opt-out Browser Add-on.
  • Data location: USA (see Section 8).

5.3 Google AdSense (Google LLC)

  • Purpose: Displaying advertisements to free-tier users.
  • Data processed: Cookies, device identifiers, browsing behavior for ad personalization.
  • Privacy policy: policies.google.com/technologies/ads
  • Ad preferences: Manage your ad settings at adssettings.google.com.
  • Data location: USA (see Section 8).

5.4 Google Funding Choices

  • Purpose: Consent management for advertising.
  • Data processed: Consent preferences via cookies.
  • Privacy policy: policies.google.com/privacy

5.5 Stripe, Inc.

  • Purpose: Payment processing for premium purchases.
  • Data processed: Payment method details, billing address, transaction data. We never receive or store full payment card details.
  • Privacy policy: stripe.com/privacy
  • Data location: USA (see Section 8).

5.6 Vercel Inc.

  • Purpose: Website hosting and analytics.
  • Data processed: Server logs, basic analytics (page views, geographic region).
  • Privacy policy: vercel.com/legal/privacy-policy
  • Data location: USA (see Section 8).

5.7 ip-api.com

  • Purpose: IP-based geolocation for currency detection (localized pricing).
  • Data processed: Your IP address, used only during the payment flow.
  • Privacy policy: ip-api.com/docs/legal

6. Cookies and Local Storage

6.1 Essential Cookies and Storage

Firebase authentication session data is stored in your browser's local storage. This is required for the Service to function and cannot be disabled without breaking core functionality. Premium status is also cached locally.

6.2 Analytics Cookies

Google Analytics sets the following cookies:

  • _ga: Used to distinguish users. Duration: 2 years.
  • _gid: Used to distinguish users. Duration: 24 hours.
  • _gat: Used to throttle request rate. Duration: 1 minute.

These cookies require your consent.

6.3 Advertising Cookies

Google AdSense sets various cookies for the purpose of ad personalization. These cookies are set by Google and its advertising partners. The specific cookies and their durations vary. These cookies require your consent.

6.4 Managing Cookies

You can manage or delete cookies through your browser settings. Please note that disabling essential cookies may impair the functionality of the Service. You can withdraw your consent for analytics and advertising cookies at any time.

7. Data Retention

  • Firebase anonymous accounts: Retained until you clear your browser data or the account is automatically cleaned up by Firebase.
  • Firebase authenticated accounts: Retained until you request deletion.
  • Search data (world seeds): Processed in real-time and not permanently stored on our servers.
  • Google Analytics data: Retained for 26 months (default retention period).
  • Payment records: Retained as required by German tax law (10 years pursuant to Section 147 of the German Fiscal Code, Abgabenordnung).
  • Server logs: Retained for 30 days.

8. International Data Transfers

Several of our third-party service providers — including Firebase, Google Analytics, Google AdSense, Stripe, and Vercel — are based in the United States. Personal data may therefore be transferred to and processed in the United States.

These transfers are safeguarded by the following mechanisms:

  • EU-US Data Privacy Framework: Google LLC and Stripe, Inc. are certified under the EU-US Data Privacy Framework, providing an adequate level of data protection as recognized by the European Commission.
  • Standard Contractual Clauses (SCCs): Where the Data Privacy Framework does not apply, transfers are safeguarded by EU Standard Contractual Clauses pursuant to Article 46(2)(c) GDPR.

9. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR:

9.1 Right of Access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether your personal data is being processed and, if so, to access that data along with supplementary information.

9.2 Right to Rectification (Art. 16 GDPR)

You have the right to have inaccurate personal data corrected without undue delay.

9.3 Right to Erasure (Art. 17 GDPR)

You have the right to request the deletion of your personal data. Please note that certain data may need to be retained to comply with legal obligations (e.g., tax records).

9.4 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of processing of your personal data under certain conditions.

9.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

9.6 Right to Object (Art. 21 GDPR)

You have the right to object to the processing of your personal data based on legitimate interest at any time. You also have the right to object to processing for direct marketing purposes at any time.

9.7 Right to Withdraw Consent (Art. 7(3) GDPR)

Where processing is based on your consent, you may withdraw that consent at any time. The withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.

9.8 How to Exercise Your Rights

To exercise any of the rights described above, please contact us at digitalappgroupde@gmail.com or at our postal address listed in Section 1. We may need to verify your identity before processing your request. We will respond within one month as required by the GDPR.

10. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR. The competent supervisory authority for Lower Saxony (Niedersachsen) is:

Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5
30159 Hannover, Germany
Website: www.lfd.niedersachsen.de

You may also lodge a complaint with the supervisory authority in your place of residence or place of work.

11. Children's Privacy

Our Service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. In Germany, the age of digital consent is 16 years pursuant to Article 8 GDPR in conjunction with national law.

If we become aware that we have inadvertently collected personal data from a child under 16 without appropriate parental consent, we will take steps to delete that data as soon as possible. Parents or guardians who believe their child has provided personal data to us should contact us immediately.

12. Data Security

We implement appropriate technical and organizational measures pursuant to Article 32 GDPR to ensure a level of security appropriate to the risk, including:

  • HTTPS/TLS encryption for all data transmitted between your browser and our servers.
  • Firebase Authentication with secure token management.
  • Stripe PCI-DSS compliant payment processing (we never handle raw payment card data).
  • Access controls and authentication for backend systems.
  • Regular security reviews of our infrastructure.

Despite these measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

13. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you within the meaning of Article 22 GDPR. Google AdSense may use automated profiling for ad targeting purposes, which is based on your consent.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. Material changes will be indicated by updating the "Last updated" date at the top of this page. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this page periodically.

15. Contact Information

For privacy-related questions or to exercise your data protection rights, please contact:

Digital App Group GmbH
Ferdinand-Koch-Str. 31
26133 Oldenburg, Germany
Phone: +49 441 3793132
Email: digitalappgroupde@gmail.com