In the following, you will find all information about the processing of your personal data by the keycount app of keycount LLC (hereinafter “keycount” or “keycount app”) and the rights to which you are entitled under data protection law.
Data protection is our highest priority. We build keycount according to the motto “An app for our best friend”. Just as the relationship between friends is based on trust, we care about a trusting relationship with you as a customer. That’s why we promise that we will never sell your personal data or share it with third parties without your consent.
We put our heart and soul into providing you with the most convenient financial assistance ever. At the same time, we are aware that banking data is highly sensitive information. We use this data to make finance magically easy for you. We have built keycount according to the principle of Privacy by Design, so that only as little personal data as necessary can be processed and viewed. Our basic promise is: Only you can see your personal bank data. Without your explicit and separate consent, neither we nor any of our partners will have access to your personal banking data.
You can reach our data protection officer by e-mail at email@example.com
The responsible party for data processing within the meaning of Art. 4 No.7 of the Basic Data Protection Regulation (GDPR) is:
represented by: Arman Öztürk und Luca Mayer
We use your personal data (for example, from your application submitted to us (downloading our application) in connection with the provision of services by keycount). The extent to which we collect, process and use this data depends on the services provided by keycount. This is usually the following data in particular:
When processing your personal data, we distinguish between personal data that we collect directly from you and personal data that we receive from other sources.
Personal data that we collect directly from you
We collect the personal data that you provide to us when downloading our application (keycount) or when using keycount, as well as data that is transmitted via an interface of your bank and, if applicable, data that we request from you for the proper operation of keycount in the further course. Please refrain from transmitting your data if you do not agree to process it. In this case, no further processing will take place.
Personal data we receive from other sources
The transmission of personal data from other sources, in particular your bank and turnover data, information on crypto wallets and exchanges, is carried out by means of authentication by you at your selected bank or provider through your login data (e.g. account log-in and strong authentication by customers) or by querying one of our partner companies (third-party providers). After successful authentication, your account and turnover data will be transferred by your bank and the financial analysis will be triggered.
The personal data, turnover data and financial analysis data are stored in encrypted form in a data center in the European Union. A contract for order processing has also been concluded with the operator of the data center.
For encryption, we use the world’s most secure AES-256 encryption method in combination with a randomly generated key for each customer.
All data is transmitted via an encrypted TLS1.2. connection.
We have built our systems according to the principles of data minimization (need-to-know principle) and privacy by design and ensure that our employees only have access to the personal data that is absolutely necessary for us to provide our services in the best possible way. Our employees do not have access to any of your personal data that is stored in the keycount app (especially your personal data, sales data and financial analysis data). All this data is encrypted and stored in a data center in the EU (operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). And only you and/or our technical systems have the appropriate code to decrypt and process it.
Except for the data minimization and privacy by design principles, your personal data may be accessed by us in the following cases:
We collect your personal data to provide, at your request, our application keycount, which allows you to manage your accounts and crypto wallets and to get an overview and analysis. Art 6 (1) b) GDPR.
The collection of this data takes place:
We process your personal data if this is necessary, at your request, for the performance and/or termination of the contract concluded thereupon or another contract to which you are a party. In particular, for the purposes of providing the contracted service, we create a file for your personal data when you contact us. Furthermore, for the purpose of fulfilling the contract, we will prepare demand analyses, manage and service your contract or improve these processes.
To fulfill our legal obligations, Art 6 (1) c) DSGVO.
We may collect and process your personal data to comply with legal obligations to which we are subject.
To protect our legitimate interests as well as the interests of other data controllers or third parties in the processing of data, Art. 6 (1) f) GDPR.
We also collect and process your personal data to protect our legitimate interests or the legitimate interests of third parties, insofar as the data processing is necessary to protect these legitimate interests.
Furthermore, we have a legitimate interest in informing you about our improved internal processes regarding the handling of the existing contractual relationship as well as similar products and services. In addition, we have a legitimate interest in providing you with promotional information, unless you object to receiving such (promotional) information (such as, in particular: Conducting campaigns to acquire new customers, generating new customers, winning back customers). Furthermore, we may process your data for purposes of market and opinion research or demand analyses and transmit information on contractual relationships with our cooperation partners for proper processing. Furthermore, data processing may take place for the assertion of legal claims or defense against legal claims.
To process your data based on your consent, Art 6 (1) a) GDPR.
If you have given us your explicit consent, we will process your data according to the purposes stated there. These are: • To send you promotional information (such as periodic email updates). • To optimize our financial analytics (such as improved recognition of contracts and transaction types based on your sales data)
Your data will not be shared with third parties unless we have made this clear to you in advance. This may be the case, for example, if you connect your bank accounts or crypto wallets and exchanges via one of our partners. Only the information that is actually required for the execution of the respective order is transmitted. This usually includes name, address, birthday, account information- but no turnover data. During the execution of the service, keycount may cooperate with vicarious agents and partners who receive the necessary order data for the purpose of proper execution of the service.
Explicitly, keycount cooperates with the following vicarious agents:
Tink Germany GmbH
A licensed Payment Initiation Service Provider (PISP) and Account Information Service Provider (AISP) under the supervision of the German Federal Financial Supervisory Authority (BaFin), Tink Germany GmbH Gottfried-Keller-Str. 33 81245 Munich, which provides aggregation of bank account data the acceptance of payment data and, based on this, the initiation of transactions and performs transaction data categorization.
Vezgo Crypto API
An application to provide an API to access all crypto balances, tokens and trading history for retail customers of Wealthica Financial Technology (“Welthica”), Inc. 1100 René-Lévesque Blvd W 25th floor, Montreal, Canada, which performs the aggregation of crypto data.
In order to further improve the keycount app for you, we use third-party vendors to help us understand which features you use and how. This allows us to better plan new features and improve existing features for you.
We may also transfer your personal data to anyone to whom we assign rights arising from our contractual relationship with you. Your data may also be transferred to other third parties for other purposes permitted under the General Data Protection Regulation, such as legal or tax service providers or supervisory authorities.
We use the following third-party service providers to improve the keycount app:
An analytics tool from, Amplitude (“Amplitude”), Inc, 201 Third Street, Suite 200, San Francisco, CA 94103, USA, which allows us to analyze how you use the App. This allows us to see where things are not running smoothly and where we can improve the app.
An analytics tool from Google Firebase (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which allows us to analyze how you use the App. This allows us to see where things are not yet running smoothly and where we can improve the app.
An analytics tool from Functional Software, Inc. dba Sentry (“Sentry”), 45 Fremont Street, 8th Floor, San Francisco, CA 94105, which allows us to analyze what errors are occurring in the keycount app. Based on this, we can specifically fix those bugs for you.
An analytics tool from AppsFlyer Germany LLC (“AppsFlyer”), c/o WeWork, Kurfürstendamm 11, 10719 Berlin, Germany, that allows us to analyze how you found keycount. On this basis, we can better control our marketing measures and channels.
We perform pseudonymized and/or anonymized analyses, which may be shared with third parties on a project-by-project basis. For example, we conduct scientific studies with universities in order to provide private customers with the best possible support in improving their financial situation. A reference to personal data is not possible at any time.
Data transfer to third countries takes place for the following purposes:
Notifications (push notifications)
To best assist you with managing your accounts and contracts, we send helpful push notifications to your smartphone. To provide this feature, we use technology from Amazon Simple Notification Service (Amazon SNS), P.O. Box 81226, Seattle, WA 98108, U.S.A and technologies from Azure by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Push notifications are sent to your smartphone by Apple Inc (“Apple”), One Infinite Loop, Cupertino, California 95014, U.S. and Google Firebase (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S., respectively.
To make login as easy as possible, we offer you Facebook Login from Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, and Google Login from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Analysis of app usage data
We use Amplitude’s analytics tool, Firebase and Sentry to analyze how the App is used. If Amplitude makes an international transfer of Personal Data in providing the Amplitude Services, Customer authorizes such transfer and the transfer mechanisms contained in the Amplitude Data Processing Agreement (DPA) apply, as applicable.
Provision of the service by vicarious agents
Wealthica and Genify, our vicarious agents, assist us in providing the Service. In particular, “Hosted Services” under the Transaction Classification are hosted on a cloud-based server in the European Union operated by Genify
Support for Customers
To organize and process our support for customers in the best possible way, we use the web-based software Aidaform by Alexander Grigorev, Im Uckerfeld 14, Bonn, 53127, Germany. As a customer:in you have the possibility to contact us via different channels like email, Facebook, Twitter, Telegram or Slack.
We process the personal data only as long as this is necessary for the fulfillment of our contractual and legal obligations. For example, data processing is necessary, among other things, for the performance and processing of contracts, including the defense and enforcement of civil law claims within the relevant limitation periods. The limitation periods can be up to three years because of §§ 195 Bürgerliches Gesetzbuch (German Civil Code) can be up to thirty years; the regular limitation period is three years. In addition, tax law, commercial law, tax law and other statutory retention obligations must be observed. The retention/documentation periods stipulated there are six to ten years plus the statute of limitations of a further four years. In order not to violate legal regulations or to lose the opportunity to enforce a claim or defend ourselves against one, we reserve the right to delete the data only after the expiration of the last period that legitimizes the data storage.
What are my rights as a data subject?
You have that right:
If we process your data to protect legitimate interests, you may object to this processing on grounds relating to your particular situation. You have the right to object to the processing of your personal data for direct marketing purposes without stating reasons; this also applies to profiling, insofar as it is related to such direct marketing. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.
To object to the processing of your data, you can permanently and irrevocably delete your account at any time within the keycount app.
If you are of the opinion that the processing of your personal data by us is unlawful or, if applicable, that we are violating data protection law for other reasons, you can lodge a complaint with the supervisory authority responsible for us:
Data Protection Officer of the Canton of Zurich Beckenhofstrasse 23 8006 Zürich Switzerland
In the course of downloading our application and using our services, you must provide such personal data as is necessary for the establishment, execution and termination of the contract and the fulfillment of the related obligations, or which we are required to collect by law. Without this data, we will not be able to provide you with our service.
Update: January 2023