Apps by Patrick Schöbel

Onoma (iOS) Privacy Policy

Last Updated: December 8, 2025
This privacy policy applies to the Onoma iOS app and the Onoma server infrastructure that is operated in Germany.

Data Controller

Patrick Schöbel
Rahlstedter Straße 79
22149 Hamburg
Germany
Email: onoma@patrickschoebel.app

The data controller is responsible for the processing of your personal data in connection with the Onoma app and related services.

Introduction

Onoma is a baby name collaboration app that helps you explore, evaluate, and agree on names with a circle of Onoma users (such as your partner). This Privacy Policy explains how we collect, use, and protect your information when you use the Onoma iOS app ("the App") and associated services.

We are committed to protecting your privacy through transparency. This policy describes what data we collect, how we use it, where it is stored, and the choices available to you. The Onoma server infrastructure is operated in Germany and subject to German and European data protection law (GDPR).

Contact Information:
For privacy-related questions, contact: onoma@patrickschoebel.app

Summary

  • We do not use advertising or third‑party analytics; data is used only to provide the app.
  • Onoma’s servers and database are centrally operated in Germany.
  • We use passkeys for authentication and store only public credentials. If you use a password, it is stored only as a salted, hashed value (never in plain text).
  • AI name search sends your query text and filters to Google Gemini via the Onoma server; you can opt out by not using AI search.
  • Circle activity (swipes, matches, suggestions) is shared with members of your circle by design.
  • Push notifications and nearby invite sharing are optional and can be disabled at any time.
  • You can export your data and delete your account from Settings; we respond to privacy requests within 30 days.

Information We Collect

Account and profile

  • Display name and optional email address.
  • Optional profile avatar (stored as an image blob on the server).
  • Passkey metadata: credential ID, public key, user handle (no private key storage).
  • Optional first/last name if you provide them in your profile.

App usage and preferences

  • Name swipes (like/dislike), matches, filters, smart pairing settings, and unseen counts.
  • Circle membership, invites, invite codes, and whether a circle is open/closed.
  • Name suggestions/contributions you submit (including gender, origin, meaning) and issue reports about names.
  • AI name queries: the text you enter plus optional filters or custom first-name data you provide for compatibility scoring.
  • Package selections (which name sets you enable) and premium status.

Purchases and entitlements

  • App Store product IDs, transaction IDs/JWS provided by Apple, purchase/expiration/revocation status, and entitlement flags.
  • We do not store full payment card data; purchases are processed by Apple.

Communications and notifications

  • Email verification data (email address, verification status, timestamps).
  • Push notification device tokens (APNs) when you enable notifications.
  • Support or privacy communications you send to us.

Device and technical data

  • IP address, timestamps, user agent, and request metadata in server and audit logs (for security, fraud prevention, and rate limiting).
  • Local device settings used in the app (e.g., speech languages, current filters) stored on your device.
  • WebSocket connection events for circle updates.

Peer-to-peer invite sharing

  • When you use “Nearby” invites, your device advertises your display name, invite code, premium flag, and optional avatar URL via Apple’s Multipeer Connectivity to nearby devices. This is local, encrypted, and ephemeral.

How We Use Your Information

We use the collected information to:

  • Provide and secure the core experience: authentication with passkeys, loading name feeds, recording swipes, building matches, and managing circles.
  • Deliver optional features: AI name search, nearby invite sharing, speech output, and push notifications.
  • Process purchases and validate premium entitlements with Apple’s App Store Server API.
  • Send account and verification emails (via Resend).
  • Prevent fraud/abuse (rate limiting, audit logging, IP-based abuse detection).
  • Comply with legal obligations (tax and accounting for purchases, responding to lawful requests).

Legal Bases (GDPR)

  • Contract/performance: Operating the app, maintaining your account, processing swipes/matches, and delivering purchases.
  • Consent: Push notifications, AI name queries, nearby invite sharing, avatars, and optional emails.
  • Legitimate interests: Security, fraud prevention, service reliability, and product improvement without profiling.
  • Legal obligation: Keeping purchase records and responding to lawful requests.

Data Sharing and Disclosure

  • Circle members: Your display name, swipes, matches, suggestions, and invite status are visible to others in your circle.
  • Nearby invite sharing: Broadcasts to nearby devices only when you enable browsing/advertising.
  • Service providers:
    • Hosting/database on centrally operated servers in Germany.
    • Resend (email delivery) – receives your email and display name for verification/export emails.
    • Apple (App Store and APNs) – receives purchase transaction data and device tokens.
    • Google Gemini (AI queries) – receives your AI query text and filters; no account token is sent.
  • Legal/compliance: If required by law, to protect rights, or to investigate abuse.
  • We do not sell or rent personal data and do not use third‑party analytics or advertising SDKs.

Data Storage and Security

  • Data is stored on the centrally operated Onoma server in Germany; access is restricted to the operator.
  • All client–server traffic uses TLS. Authentication tokens are stored in the iOS Keychain; caches and preferences use iOS secure storage/UserDefaults.
  • Passkeys use WebAuthn; only public credentials are stored server-side.
  • Rate limiting, audit logging, and role-based checks protect sensitive endpoints.
  • Avatars and other uploads are validated for size/type before storage.

Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy or as required by law:

  • Account, swipes, matches, contributions, invites, and circle data: Retained while your account is active; deleted within 30 days when you delete your account.
  • Avatars: Retained until you replace or delete them, or until account deletion.
  • Passkey credentials: Retained until account deletion.
  • Push notification device tokens: Retained until you disable notifications or delete your account.
  • Email verification records: Automatically deleted after 15 minutes.
  • Session tokens: Valid for up to 1 year or until you sign out/revoke; expired tokens are purged within 30 days.
  • Server and audit logs (including IP addresses): Retained for approximately 90 days for security, fraud prevention, and system stability purposes.
  • Purchase records (product ID, transaction ID, status): Retained for up to 7 years to comply with tax, accounting, and commercial law obligations (German HGB/AO).
  • Backups: Deleted as part of routine rotation cycles (typically 30-90 days); deleted account data is removed from live systems immediately but may persist in backups until the backup retention period expires.

After the retention period expires, personal data is securely deleted or anonymized such that it can no longer be attributed to you.

Your Rights

Under the GDPR and applicable data protection laws, you have the following rights:

  • Access/Portability (Art. 15, 20 GDPR): Export your data in Settings (JSON format) or by contacting onoma@patrickschoebel.app. You will receive a copy of your personal data in a structured, commonly used, and machine-readable format.
  • Rectification (Art. 16 GDPR): Update your profile and preferences in-app, or contact us to correct inaccurate personal data.
  • Erasure/Right to be Forgotten (Art. 17 GDPR): Delete your account in Settings; this cascades to swipes, matches, invites, contributions, avatars, device tokens, and sessions. Note that some data may be retained for legal obligations (e.g., purchase records for tax purposes).
  • Restriction of Processing (Art. 18 GDPR): You may request we restrict processing in certain circumstances (e.g., while we verify accuracy of contested data).
  • Objection (Art. 21 GDPR): You can object to processing based on legitimate interests; we will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
  • Withdraw Consent (Art. 7(3) GDPR): Where processing is based on consent, you may withdraw it at any time by: turning off notifications, disabling AI search, stopping nearby invite sharing, or removing avatars. Withdrawal does not affect the lawfulness of processing before withdrawal.
  • Automated Decision-Making (Art. 22 GDPR): We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you.
  • CCPA/CPRA (California residents): You may request access to or deletion of your personal information. We do not "sell" or "share" personal information as defined by the CCPA, and we do not use it for cross-context behavioral advertising. To exercise these rights, contact onoma@patrickschoebel.app.
  • Lodge a Complaint: If you are in the EU/EEA, you have the right to lodge a complaint with your local data protection supervisory authority. For users in Germany, the relevant authority is the data protection authority of your state (Landesdatenschutzbehörde) or the Federal Commissioner for Data Protection and Freedom of Information (BfDI). A list of EU supervisory authorities is available at https://edpb.europa.eu/about-edpb/board/members_en. We welcome the opportunity to resolve concerns directly before escalating to an authority.

International Transfers

Primary data storage and processing occurs in Germany (within the EEA). Some service providers may process data outside the EEA:

  • Resend (email delivery): May process data in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission and additional technical and organizational measures to ensure adequate protection.
  • Apple (App Store, APNs): May process transaction data and push tokens globally. Apple has implemented appropriate safeguards including SCCs and additional security measures.
  • Google Gemini (AI queries): May process query text outside the EEA. Google provides safeguards including SCCs and security certifications. You can opt out by not using the AI search feature.

All international transfers comply with Chapter V of the GDPR and applicable data protection laws. Where transfers occur to countries without an adequacy decision, we implement appropriate safeguards as required by Art. 46 GDPR.

Children's Privacy

Onoma is designed for adults planning to have or raise children and is not intended for use by minors under the age of 18. We do not knowingly collect personal information from children under 18. If you believe a minor under 18 has provided information, please contact onoma@patrickschoebel.app and we will promptly delete such information.

Data Security and Breach Notification

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration:

  • All client-server communications use TLS encryption.
  • Authentication tokens are stored in the iOS Keychain with hardware-backed security where available.
  • Passkeys use WebAuthn standards with public-key cryptography; private keys never leave your device.
  • Passwords (if used) are stored only as salted, hashed values using industry-standard algorithms (never in plain text).
  • Server access is restricted and logged; rate limiting and abuse detection protect against unauthorized access.
  • Regular security reviews and updates are performed.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours as required by Art. 33 GDPR. If the breach is likely to result in high risk to you, we will also notify you directly without undue delay (Art. 34 GDPR).

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. When changes are made:

  • The "Last Updated" date at the top will be revised.
  • For material changes that significantly affect your rights or how we process data, we will provide prominent notice in-app or by email (if you have provided an email address) at least 30 days before the changes take effect.
  • For minor changes (e.g., clarifications, contact information updates), continued use of the app after the updated policy is posted constitutes acceptance.
  • We encourage you to review this policy periodically.

You may always access the current version of this policy at https://www.patrickschoebel.app/onoma/privacy

Contact Us

For questions about this Privacy Policy, to exercise your rights, or to raise privacy concerns, please contact the Data Controller (see Data Controller section above for contact details.)

We will respond to all requests within 30 days (or one month under GDPR) as required by applicable law. If your request is complex or we receive multiple requests, we may extend this period by an additional two months and will inform you of the extension and reasons.

To help us process your request efficiently, please:

  • Clearly identify yourself and the right you wish to exercise.
  • Provide sufficient information to locate your account (e.g., email address, display name).
  • Specify what data or action you are requesting.

We may request additional information to verify your identity before responding to rights requests, to ensure we do not disclose personal data to unauthorized parties.

Imprint