Privacy Policy

Last updated: April 2026

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws as well as other data protection provisions is:

2. Overview

FrankKi is an iOS app that lets you write real letters and send them by post. You can write letters yourself or have an AI help you phrase them. FrankKi prints, encloses and franks your letter and hands it over to the postal service. It sends real physical letters worldwide straight from your iPhone, with no printer and no post office.

We follow the principle of data minimisation (Art. 5(1)(c) GDPR). We only process the personal data that is technically necessary to provide our service. We do not use any tracking services, advertising networks or social media plugins.

3. Data processing in detail

3.1 Apple sign-in ("Sign in with Apple")

To use the app, you sign in with your Apple ID. In doing so, we receive the following data from Apple:

• Your Apple user ID (a unique, anonymous identifier)
• Your email address (or a private relay address from Apple if you choose "Hide My Email")
• Whether your email address has been verified by Apple

On this basis we create a user account and a session (JWT token, valid for 30 days). Verification is carried out via Apple's public keys (JWKS). We do not store any password.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract)

3.2 Addresses

You can save sender and recipient addresses in the app. These include: name, company if applicable, street, postal code, city and country. The addresses are needed to address your letter correctly and to transmit it to the print service provider for delivery.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract)

3.3 Letter creation and AI assistance

You can write letters yourself or have an artificial intelligence (AI) help you phrase them. When you use the AI feature, you describe your request in your own words. Based on this description, a language model from OpenAI, LLC (USA) generates a letter draft.

What is transmitted to OpenAI: only your description of the request and the follow-up questions you have answered. No personal data such as name, address, email or Apple ID is transmitted to OpenAI. Before transmission, a security filter checks the content for harmful patterns (threats, fraud, hate speech).

You review and edit the AI-generated text before it is sent. There is no automated decision-making within the meaning of Art. 22 GDPR (see section 10).

A Data Processing Addendum (DPA) is in place with OpenAI. The transfer to the USA takes place on the basis of the EU-US Data Privacy Framework (see section 5).

Special categories of personal data (Art. 9 GDPR): FrankKi is not designed for the processing of special categories of personal data (e.g. health, religious, trade union or employee data). Please do not enter any such data in the AI-assisted request description. Should special categories of personal data nevertheless be processed, this is done exclusively on the basis of your explicit consent (Art. 9(2)(a) GDPR), which you can withdraw at any time with effect for the future.

No legal services: the AI feature is a tool for drafting text in your own matter. FrankKi does not provide any legal services within the meaning of the German Legal Services Act (RDG) and no legal advice. For legal assessments we recommend consulting a lawyer.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract); information obligation pursuant to Art. 13(2)(f) GDPR; additionally Art. 9(2)(a) GDPR for special categories of personal data

3.4 PDF creation and storage

Your letter is generated on your device as a PDF in the DIN 5008 format (client-side). For dispatch, the PDF is uploaded to our server and stored there temporarily until printing is complete. After successful processing by the print service provider, the PDF is deleted.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract)

3.5 Letter dispatch via Pingen

The physical printing, enclosing and handover to the postal service is handled by our print service provider Pingen AG (Switzerland). For this purpose we transmit:

• The PDF of your letter
• The recipient address (name, company if applicable, street, postal code, city, country)
• The chosen shipping method (e.g. standard letter, registered letter by deposit, registered letter with handover)
• Print options (colour/black and white, letter format)

Pingen AG processes this data exclusively on our behalf. A data processing agreement (DPA) pursuant to Art. 28 GDPR is in place. The transfer to Switzerland takes place on the basis of the EU Commission's adequacy decision for Switzerland (Art. 45 GDPR).

After printing, we receive status updates (printed, sent, delivered) via webhook, which we display to you in the app.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract); Art. 28 GDPR (processing on behalf); Art. 45 GDPR (adequacy decision for Switzerland)

3.6 Payment processing (Stripe)

Each letter is paid for directly. Per letter, without tokens or a subscription. Payment processing is handled by Stripe, Inc. (USA). Stripe provides the payment form and processes your payment data (credit card, Apple Pay). We receive from Stripe:

• A Stripe customer ID (created once for your account)
• The PaymentIntent ID and charge ID of each transaction
• The payment status and timestamp

We do not receive any card data (credit card number, security code, bank details). This remains exclusively with Stripe. The transfer to the USA takes place on the basis of the EU-US Data Privacy Framework as well as additional standard contractual clauses (Art. 46(2)(c) GDPR). You can find Stripe's privacy policy at stripe.com/privacy.

After a successful payment we automatically create an invoice as a PDF (§19 UStG, small-business scheme) with a sequential invoice number (FK-YYYY-NNNN). The invoice is stored on our servers and made available to you on request. Statutory retention obligation: 10 years (§147 AO).

Legal basis: Art. 6(1)(b) GDPR (performance of a contract); Art. 46(2)(c) GDPR (SCCs for Stripe/USA)

3.7 Push notifications

With your explicit consent we send you push notifications via the Apple Push Notification service (APNs). For this purpose we store:

• Your APNs device token (an anonymous, device-specific identifier)
• The app version and the environment (production/sandbox)

We send you notifications about: status updates of your letters (printed, sent, delivered), completion of the AI letter creation and confirmation of payments. You can disable push notifications at any time in the iOS settings.

Legal basis: Art. 6(1)(a) GDPR (consent)

3.8 Usage statistics

We collect anonymous usage statistics in order to improve the app. For this we use our own analytics function (no Google Analytics, no Firebase, no third-party SDKs). We record:

• Event name (e.g. "letter created", "dispatch triggered")
• App version, iOS version, device model
• A session-based ID (newly generated on each app start)

No cross-app tracking takes place. The data is not linked to your Apple ID or your user account. You can disable usage statistics at any time in the app settings.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in improving the app)

3.9 Feedback

You can voluntarily send us feedback through the app. In doing so, your message is stored together with your user ID so that we can get back to you with any follow-up questions. Providing this is voluntary.

Legal basis: Art. 6(1)(a) GDPR (consent)

3.10 Website

Our website (frankki.de) serves to provide information about the app and contains a blog. We do not use any tracking cookies, analytics services or social media plugins. No external fonts (e.g. Google Fonts) are loaded.

For the internal administration area we use a technically necessary session cookie ("admin_session", valid for 7 days, HttpOnly, SameSite=Lax). This cookie is exempt from the consent requirement pursuant to § 25(2) TDDDG, as it is technically strictly required for the operation of the service.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest); § 25(2) TDDDG

3.11 Server log data

Each time our servers are accessed, the following data is automatically stored in log files:

• IP address of the requesting device
• Date and time of access
• Endpoint accessed and HTTP method
• User agent (browser/app identifier)
• HTTP status code and request ID

This data is used to ensure operation, to detect misuse and for rate limiting (max. 60 requests/minute). It is not combined with other data sources.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operational security)

4. Recipients and processors

Your personal data is transmitted to the following recipients:

Apple acts as an independent controller within the meaning of the GDPR for authentication, not as our processor.

5. Transfers to third countries

Data is transmitted to recipients in Switzerland and in the USA:

• Switzerland (Pingen AG): the transfer takes place on the basis of the EU Commission's adequacy decision for Switzerland pursuant to Art. 45 GDPR. Separate safeguards are not required.
• USA (OpenAI, Stripe, Apple): the transfer takes place on the basis of the EU Commission's adequacy decision for the EU-US Data Privacy Framework (DPF) pursuant to Art. 45 GDPR. OpenAI, Stripe and Apple are certified under the DPF. In addition, standard contractual clauses (SCCs) pursuant to Art. 46(2)(c) GDPR are in place with OpenAI and Stripe as an additional safeguard.

6. Retention period

We store your data only for as long as is necessary for the respective purpose:

7. Your rights

Under the GDPR you have the following rights regarding your personal data:

• Access (Art. 15 GDPR): you have the right to find out which data we have stored about you.
• Rectification (Art. 16 GDPR): you can request the correction of inaccurate data.
• Erasure (Art. 17 GDPR): you can request the deletion of your data, provided no statutory retention obligations stand in the way.
• Restriction of processing (Art. 18 GDPR): under certain conditions you can request the restriction of processing.
• Data portability (Art. 20 GDPR): you have the right to receive your data in a structured, commonly used and machine-readable format.
• Objection (Art. 21 GDPR): you can object at any time to processing based on legitimate interests.
• Withdrawal of consent (Art. 7(3) GDPR): insofar as processing is based on your consent (e.g. push notifications), you can withdraw it at any time. The lawfulness of processing carried out up to the withdrawal remains unaffected.

To exercise your rights, write to datenschutz@frankki.app.

8. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is:

9. Account deletion

You can delete your user account at any time:

• In the app under Profile → Delete account
• By email to datenschutz@frankki.app

When you delete your account, all of your data is irreversibly deleted: user account, addresses, letters, orders, tracking, Stripe payment data, device token and stored feedback. Your letter PDFs are also removed from storage. Invoices are subject to the statutory retention obligation (§147 AO, 10 years) and therefore cannot be deleted immediately.

10. Automated decision-making

FrankKi uses AI (OpenAI) to assist with letter creation. The AI creates a text draft based on your description. You review, edit and approve the text before a letter is sent. This is not a decision based solely on automated processing within the meaning of Art. 22(1) GDPR, as a substantive review by you always takes place.

11. Changes to this privacy policy

We reserve the right to adapt this privacy policy in order to align it with changes in the legal situation or changes to our service. The current version is always available at frankki.de/app/privacy (German, legally binding). In the event of material changes, we will inform you by push notification or in the app.