Skip to content

PerfectDay – Privacy Policy

– for the Perfect Day app and platform deinperfectday.de –

As of May 14, 2026 (Last technical change: Plugin 1.24.32)

This privacy policy informs you about the processing of your personal data within the framework of the Perfect-Day app and the associated platform at plattform.deinperfectday.de.

1. Responsible person

DigElite Digital Agency

Owner: Philip Herrmann

Kreuzstr. 16a

49492 Westerkappeln

Germany

E-mail: herrmann@digelite.de

2. Processing in detail

2.1 Anonymous use of the app

The app can generally be used without logging in — simply opening the app is sufficient for browsing and redeeming vouchers. In this mode, we only process the data mentioned in sections 2.7 (Location, local), 2.8 (Camera, local) and 2.10 (Device identifier).

2.2 Member Account (Customer Registration and Login)

When you register as an app member, we collect:

  • Required fieldsEmail address, display name, password (stored encrypted), agreement to the privacy policy, agreement to the terms of use
  • OptionalTelephone number, street, postal code, city, year of birth

When you log in, your email address and password are transmitted to our server via an encrypted HTTPS connection. Your login data is stored encrypted on your device (iOS: Keychain, Android: Keystore) so you don't have to log in again every time you start the app.

  • PurposeAccount management, cross-device storage of your voucher codes, personal communication.
  • Legal basisArticle 6 paragraph 1 letter b GDPR (performance of a contract).
  • Storage duration: until account deletion (possible at any time, see section 5).

2.3 Provider Account (Provider Login)

Providers log in with their username or email address and a personal application password. Login data is stored encrypted locally on the end device.

  • PurposeManaging your own vouchers, scanning redemption codes from providers, creating new promotions.
  • Legal basisArticle 6 paragraph 1 letter b GDPR (performance of a contract).
  • Storage duration: until the account is deleted or as long as the business relationship as a provider exists.

2.4 Password Reset

If you have forgotten your password, you can reset it via the app:

  • MemberYou will receive a 6-digit code via email (valid for 30 minutes), which you enter in the app. You can then set a new password.
  • ProviderYou will receive a newly generated password via email, which you can use to log in again immediately.

For providers with administrator role, the app password reset is intentionally disabled — they use the standard WordPress reset flow.

  • PurposeRestore access to your own account.
  • Legal basisArticle 6 paragraph 1 letter b GDPR (performance of a contract).
  • Storage durationReset codes are deleted after 30 minutes. A technical entry (timestamp, user ID, status) is saved in the server audit log for each reset operation. A maximum of the last 50 requests are retained.

2.5 Obtaining and redeeming vouchers

As soon as you redeem a voucher in a store — i.e., scan the provider's QR code with your device's camera — the app transmits the following information to our platform:

  • the unique device identifier of your app installation (see section 2.10)
  • the redeemed voucher code (activation code)
  • Redemption timestamp

What the provider can see about the redemption in their back office:

  • the device identifier of your app installation (technical UUID)
  • Timestamp and, if applicable, remaining balance of the redemption
  • For logged-in app members: Your display name (NOT your email, address, phone number or other profile data)

What the provider explicitly DOES NOT see:

  • Your email address
  • Your postal address or telephone number
  • Your current location
  • other vouchers you have redeemed

This information is made available to the provider so that they can detect and, if necessary, prevent further redemption attempts via the same device, manage the remaining balance for value-based vouchers, and statistically evaluate their sales.

  • Purpose: Contract processing and protection against misuse (multiple redemptions).
  • Legal basis: Art. 6 para. 1 lit. b GDPR (performance of a contract) and Art. 6 para. 1 lit. f GDPR (legitimate interests: protection against misuse, accounting).
  • Storage duration: as long as the contractual relationship exists, but at least until the expiry of the statutory retention periods (tax-relevant documents: up to 10 years according to § 147 AO).

2.6 Profile data and avatar

Within your member or provider profile, you can voluntarily add and change data: avatar image, display name, company name (if applicable), address, telephone number, industry, website, and description. Provider address data is converted into coordinates server-side by our geocoding partner (see section 4) so that members can sort providers by distance.

  • PurposePersonalization, distance search, provider branding.
  • Legal basis: Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. a GDPR (consent for optional fields).
  • Storage duration: until deleted by the user or until the account is deleted.

2.7 Location data

If you grant location permission, the app will determine your current location to display nearby coupons first in the list view. The location data is used exclusively locally on your device for sorting purposes., not transmitted to our server and not permanently stored.

  • Purpose: Comfort function (distance sorting).
  • Legal basisArticle 6 paragraph 1 letter a GDPR (consent).
  • Cancellation: at any time via your operating system's permission settings.

2.8 Camera Access

The camera is used exclusively for scanning QR codes when redeeming vouchers. Recordings are neither saved nor transmitted – only the recognized QR code content is evaluated.

  • PurposeVoucher redemption.
  • Legal basisArticle 6 paragraph 1 letter b GDPR (performance of a contract).

2.9 Push notifications

When you activate push notifications, the app registers a technical push token with Apple (iOS, "APNS") or Google (Android, "FCM"). We transmit this token to our server so that we can send you notifications (e.g., new coupons in your area, expiring codes).

  • PurposeNotifications about app-related events.
  • Legal basisArticle 6 paragraph 1 letter a GDPR (consent).
  • Cancellation: anytime via the app's push settings or via the operating system settings.

2.10 Device identifier (App installation ID)

The first time you launch the app, a random, unique identifier (UUID) is generated on your device and stored locally within the app. This identifier is sent with API requests to our server and identifies your app installation. But not you as a person.

The device identifier is required to detect repeated redemption attempts of a voucher from the same device and to assign redeemable codes to your device. You:

  • contains No device hardware identifiers (no IMEI, no MAC address, no Apple/Google Advertising identifier)
  • becomes deleted upon uninstallation of the app and regenerated on the next start
  • PurposeDevice assignment for voucher redemptions and protection against misuse.
  • Legal basisArticle 6 paragraph 1 letter f GDPR (legitimate interests).

2.11 Email notifications (for providers only)

Providers can voluntarily activate two optional email reports in their back office:

  • Weekly DigestA summary of the previous week is provided on Monday mornings.
  • Expiration warningDaily reminder about vouchers expiring in the next 30 days

Both are disabled by default — shipping only occurs if the provider has actively checked a box.

  • PurposeService convenience for active providers.
  • Legal basisArticle 6 paragraph 1 letter a GDPR (consent).
  • Cancellation: anytime in the provider's back office.

2.12 Server Logs

Each time our API is called, technical logs are generated: IP address, timestamp of the request, API endpoint called, HTTP status code of the response.

  • PurposeServer security (brute-force detection, error diagnosis, abuse protection).
  • Legal basisArticle 6 paragraph 1 letter f GDPR (legitimate interests in server security and stability).
  • Storage duration: maximum 30 days, then automatic deletion.

2.13 Support requests and app feedback

When you send us a request via the support form on our website or submit a bug report or feature request via the app's feedback section, we process the data you voluntarily provide: name (or "App Feedback" for app requests), email address, subject, message, and request category. To prevent abuse (spam/bot protection), we also store your IP address and the user agent of the browser used, as well as the URL of the page or the app context (app version, operating system, device model, app installation ID, language) from which the request was sent. The app context is collected solely for error analysis and bug reproducibility.

Before submitting, you must actively confirm by clicking a checkbox that you have read this privacy policy and agree to the processing of your data. We document this consent in accordance with Article 7 Paragraph 1 GDPR in a traceable manner (timestamp, IP address, user agent, source URL or app context) in our internal audit trail.

Inquiries received via the website You will receive an automatic confirmation email with your ticket ID. App feedback is purely an input channel. — You will not receive an automatic confirmation or a personal reply. The app form explicitly states that the submission is a drop-in process.

All requests are stored in our internal support system and are only viewed by authorized employees.

  • PurposeProcessing your request, answering your questions (web support only), improving our service (bug fixes, feature roadmap).
  • Legal basis: Art. 6 para. 1 lit. a GDPR (consent, by checkbox confirmation) and Art. 6 para. 1 lit. b GDPR (performance of pre-contractual or contractual measures).
  • Storage durationRegular inquiries are automatically deleted 12 months after receipt. Inquiries marked as spam are automatically deleted after 30 days.
  • CancellationYou can withdraw your consent at any time by contacting us via email — the withdrawal will apply to the future.

2.14 Transactional System Emails

As part of the contract processing, we automatically send system emails to the address you provided, for example, to confirm password resets, email address changes, invitations to become a redemption partner, or to acknowledge receipt of support requests. These emails are necessary to ensure you can use the app and the provider back office securely. You can deactivate optional notifications, such as the weekly provider digest or expiration warnings, at any time in the provider back office.

Each of our system emails contains in the footer a reference to the responsible body, links to the privacy policy and the legal notice, as well as an explanation of why you received this email (GDPR Art. 13).

  • PurposeSecurity-relevant confirmations, contract processing, optional service notifications.
  • Legal basis: Art. 6 para. 1 lit. b GDPR (security-relevant emails) or Art. 6 para. 1 lit. a GDPR (optional digest/warning emails — revocation possible at any time in the back office).
  • RecipientYou yourself (to the registered email address). Emails leave our mail server with a `noreply@` sender address.
  • Mail body storage duration: We do not store the email body itself — only the fact of sending is documented in the server log for error diagnosis (max. 30 days).

2.15 Shop orders from external providers

If a vendor registered with us sells Perfect-Day coupons through their own webshop (e.g., Shopify, Shopware, Magento, PrestaShop, WooCommerce, or a custom shop), your order will be transmitted to our platform via an encrypted webhook. We process the following data: your email address, optionally your name, the order number and order details from the shop (which coupons and in what quantity), the order value (in cents), the currency, the shop domain name, and technical metadata (IP address of the webhook request, timestamp).

We will then generate the corresponding activation codes and send you an automated email with the codes plus brief instructions on how to use them in the app.

Important: Payment details (credit card numbers, bank account or PayPal details) are provided to us by the shop. not transmitted — these remain exclusively with the provider and its payment provider.

  • PurposeProvision of the activation codes you purchased; order audit trail for any complaints.
  • Legal basisArticle 6 paragraph 1 letter b GDPR (fulfillment of the purchase contract between you and the provider, whose contractual fulfillment agent we are for the code delivery).
  • RecipientYour email address will receive the automatic code email from our system. The provider can see your order in their platform's back office (order overview), including the data necessary for code delivery.
  • Storage durationOrder data is stored for up to 24 months (for complaints, consumption statistics, and tax record-keeping requirements). The generated codes themselves remain available at least until they are redeemed; unused codes expire after the coupon's validity period.

3. App permissions at a glance

The app requests the following permissions from your device:

  • camera — Scan QR code when redeeming (section 2.8)
  • Location — Distance sorting of the voucher list, optional (item 2.7)
  • Push notifications — Information on new vouchers / expiry warnings, optional (section 2.9)
  • Local app storage — Device identifier, login cache, configuration (section 2.10)

4. Recipients of your data and third-party providers

4.1 Voucher providers (within Germany / EU)

When you redeem a voucher, the respective providers see the information listed under section 2.5 in their back office (device identifier, timestamp, remaining balance, and, if applicable, the display name of a logged-in member). Providers do not have access to your other profile data.

4.2 MapQuest (Verizon Communications Inc., USA) — Geocoding

Server-side only: Provider addresses (street, postal code, city) are transmitted to MapQuest during a provider update in order to calculate coordinates. Member data or device locations are not transferred to MapQuest.

  • Legal basisArticle 6 paragraph 1 letter f GDPR.
  • USA transfer: based on the standard contractual clauses of the EU Commission pursuant to Art. 46 para. 2 lit. c GDPR and supplementary security measures.

4.3 Apple Inc. / Google LLC (USA) — Push notifications

When you enable push notifications, your push token is assigned and managed by Apple (iOS) or Google (Android). These tokens do not contain plaintext, but rather a cryptographic identifier.

  • Legal basisArticle 6 paragraph 1 letter a GDPR (consent).
  • USA transfer: based on the standard contractual clauses.

4.4 Email sending providers

For transactional emails (password reset, provider notifications), we use an email delivery provider that delivers the content to your registered email address.

4.5 Hosting / Platform Server

Our platform servers are located in Germany. No routine data transfers to third countries take place — exceptions are the cases described in sections 4.2 and 4.3.

5. Account deletion and automatic anonymization

5.1 Self-deletion possible at any time

You can delete your member account yourself at any time via the app: Profile → Account settings → Delete account. Deleting your account will permanently remove your account data. However, the redemption data associated with the account (see section 2.5) will be retained in accordance with statutory retention periods, but will be anonymized (the link to your account will be severed).

5.2 Automatic anonymization after 4 years of inactivity

Member accounts with the role "PerfectDay Member (App)" that have not been actively used for more than 4 years will be automatically anonymized:

  • Personal data (name, email address, phone number, address, year of birth, avatar, login password, saved app passwords) will be deleted.
  • Redemption dates and redemption events remain unchanged. — they must be retained for accounting and tax law reasons (§ 147 AO, § 257 HGB).

The reason for the 4-year period: According to the provider's terms and conditions, vouchers can often be valid for three years or longer—we want to prevent your active codes from being lost due to an overly strict inactivity period. Each authenticated app access or login resets the period to 4 years.

Automatic anonymization applies exclusively to member accounts. (Role „PerfectDay Member (App)"). Provider accounts and administrative accounts are explicitly excluded.

5.3 Provider Accounts

Provider accounts will be deleted by us upon request — please contact us. herrmann@digelite.de.

6. Rights of data subjects

According to the General Data Protection Regulation (GDPR), you have the following rights:

  • Information (Art. 15 GDPR) — about the processing of your data
  • Correction (Art. 16 GDPR) — inaccurate data
  • deletion (Art. 17 GDPR) — provided one of the reasons listed therein applies
  • Restriction of processing (Article 18 GDPR)
  • Data portability (Art. 20 GDPR) — structured export of your data
  • Contradiction (Art. 21 GDPR) against processing based on legitimate interests
  • Revocation of granted consent (Article 7 paragraph 3 GDPR) with effect for the future

To exercise these rights, a simple message to herrmann@digelite.de.

7. Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with the competent data protection supervisory authority. The authority responsible for our company headquarters in North Rhine-Westphalia is:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW)

Cavalry Street 2–4

40213 Düsseldorf

Telephone: 0211 / 38424-0

Fax: 0211 / 38424-999

E-mail: poststelle@ldi.nrw.de

Website: www.ldi.nrw.de

8. Changes to this Privacy Policy

We may amend this privacy policy if there are technical changes to the app or legal requirements. The current version is available in the app at [link to app]. Profile → Privacy as under https://plattform.deinperfectday.de/datenschutz Available for review. The version valid at the time of your use is authoritative.