Privacy Policy - Sealva

With the following privacy policy, we would like to inform you about what types of your personal data (hereinafter also referred to as "data") we process for what purposes and to what extent in the context of providing our application.

Last updated: January 17, 2026

Table of Contents

Contact person

Tobias Senger
Email: sealva@tsenger.de

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Data Processed

  • VDS barcode data (scanned via camera, processed and stored locally on device only)
  • Scan history (stored locally on device, user-deletable at any time)
  • Contact data (only when contacting support)
  • Content data (only when contacting support)
  • Meta, communication and process data (IP addresses temporarily logged when downloading verification certificates from server)
  • Log data (server logs during certificate and reference data downloads)

Categories of Data Subjects

  • App users
  • Communication partners (support inquiries)

Purposes of Processing

  • VDS barcode scanning and verification (local processing only)
  • Certificate download for signature verification
  • Reference data download (municipal directories, postal codes) for improved data presentation
  • Communication and support
  • Organizational and administrative procedures
  • Feedback
  • Server security and operational stability

Relevant legal basis according to GDPR: Below you will find an overview of the legal basis of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.

  • Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes in particular the Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG). The BDSG contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access to, input of, disclosure of, ensuring availability of and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data and responses to data threats. In addition, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures in accordance with the principle of data protection through technology design and through privacy-friendly default settings.

Local Data Processing

Sealva is designed with privacy as a core principle. The app uses your device's camera permission exclusively to scan barcodes containing Visible Digital Seals (VDS). All barcode data is decoded and processed entirely on your device. No scanned barcode information or personal data from the scans is transmitted to external servers or third parties.

User Control and Data Deletion

You have full control over your data stored in the app. All scanned information can be accessed through the "Scan History" menu within Sealva. You can delete any individual scan or all stored scan data at any time through the app interface without affecting the app's functionality. The app does not include any tracking, analytics, or advertising mechanisms.

Certificate and Reference Data Downloads

To verify the digital signatures contained in VDS barcodes, Sealva retrieves current verification certificates from a self-hosted server. This download happens automatically on first startup and whenever you explicitly request a certificate update via the app settings.

Additionally, the app downloads current municipal directories and postal code databases to provide improved display and interpretation of location information contained in the seals. These reference data help present the information in a more user-friendly format.

When your device connects to our server for these downloads, standard server logs may temporarily record your device's IP address. This technical information is collected exclusively for maintaining server security and operational stability and is not used for tracking or profiling purposes.

TLS/SSL Encryption (HTTPS)

To protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.

Contact and Inquiry Management

When contacting us (e.g. by mail, contact form, email, telephone or via social media) and in the context of existing user and business relationships, the information provided by the inquiring persons is processed to the extent necessary to respond to contact inquiries and any requested measures.

Processed Data Types

  • Contact data (e.g. postal and email addresses or telephone numbers)
  • Content data (e.g. text or image messages and posts and information relating to them, such as author information or time of creation)
  • Meta, communication and process data (e.g. IP addresses, time information, identification numbers, persons involved)

Data Subjects

Communication partners

Purposes of Processing

  • Communication
  • Organizational and administrative procedures
  • Feedback (e.g. collecting feedback via online form)
  • Provision of our online services and user-friendliness

Storage and Deletion

Deletion according to the information in the section "General information on data storage and deletion".

Legal Basis

  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)
  • Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR)

Contact Form

When contacting us via our contact form, by email or other means of communication, we process the personal data transmitted to us to answer and process the respective request. This usually includes information such as name, contact information and, if applicable, other information that is communicated to us and is necessary for appropriate processing. We use this data exclusively for the stated purpose of contacting and communicating.

Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

© tsenger 2019-2026