Privacy Policy for app.getmika.de
Note: This English translation is provided for convenience only. The German version is the legally binding document. By visiting and using app.getmika.de, you agree to this privacy policy. Access to the app is only possible via our website getmika.de.
1. Responsibility and overview
1.1 Responsible body
Get Mika GmbH
Kolonnenstr. 8
10827 Berlin
Telephone: +4915901880019
email: mika@getmika.de
1.2 Responsibility notice
Using our mika app involves order processing in accordance with Art. 28 GDPR. The following applies:
- The customer (user of the mika app) is “responsible” within the meaning of the GDPR for all data that he enters into the app or reads via interfaces, in particular for accounting data, receipts and bank details of his own customers and suppliers.
- Get Mika GmbH is an “order processor” and processes this data exclusively on behalf of and in accordance with the instructions of the customer.
A corresponding order processing contract (AVV) is concluded with each customer, which regulates the rights and obligations of both parties when handling personal data.
2. Type of data processed
2.1 User data
When using our app, we collect and process the following data:
- Master data: name, email address, company data
- Usage data: Information about your use of the app, including log data, page views, and usage statistics
- Device data: Information about the device you are using, browser type, operating system
- Location data: General location information based on IP addresses
2.2 Accounting and financial data
As part of accounting functions, we process:
- Bank details and transaction data: account numbers, transaction details
- Financial data and accounting data: transactions, chart of accounts, advance sales tax returns
- Document data: invoices, receipts and information contained therein
2.3 Third party data
As a customer of the mika app, you can upload or import data from third parties (your own customers, suppliers and business partners). As the controller within the meaning of the GDPR, you are responsible for this data and must ensure that there is a lawful basis for processing.
3. Purposes of data processing
We process your data for the following purposes:
- Provision and operation of the mika app and its functions
- Accounting and financial management: enabling accounting and financial management functions
- Analyzing user behavior in pseudonymized form to improve the app
- Failure analysis and repair to ensure stability and safety
- Integration of bank data via FinAPI
- Communication with the tax office via Datev
- Using AI models to process data and automate accounting processes
4. Legal basis for processing
Your data is processed on the following legal bases:
- Fulfilment of contract (Art. 6 para. 1 lit. b GDPR): Processing is necessary to fulfill the contract for using the mika app.
- Legitimate interest (Art. 6 para. 1 lit. f DSGVO): We have a legitimate interest in improving and optimizing our app and ensuring its security and functionality.
- Consent (Art. 6 para. 1 lit. a GDPR): In certain cases, in particular when integrating third-party services, processing is based on your consent.
- Legal obligation (Art. 6 para. 1 lit. c GDPR): In part, the processing is carried out to fulfill legal obligations, in particular in the area of accounting and tax.
5. Data transmission and recipients
5.1 Use of service providers (sub-processors)
To operate our app, we use the following service providers, to whom data can be transmitted:
For the mika app:
- Posthog (EU server)
- Purpose: Pseudonymized analysis of user behavior
- Processed data: usage data (pseudonymized)
- Sentry (EU server)
- Purpose: analysis of error data, logging
- Processed data: error logs, potential user data in error logs
- Amazon Web Services (AWS)
- Location: Frankfurt/Main (eu-central-1)
- Purpose: cloud hosting, data storage, business logic
- Processed data: All data stored in the app
- Special features:
- Amazon Bedrock (AI models, especially Claude)
- Amazon Textract (text recognition)
- Google Cloud Platform (GCP)
- Location: Frankfurt/Main (eu-central-1)
- Purpose: Special calculations as a secondary cloud
- Processed data: user data and accounting data (no permanent storage)
- Services used:
- Google Maps API
- Google Drive sync (optional)
- Vertex (AI models, especially Gemini)
- Orq
- Location: The Netherlands
- Purpose: Abstraction between AI models and code, logging AI conversations
- Processed data: user data and accounting data
- FinApi
- Location: Germany
- Purpose: Connecting bank accounts
- Processed data: user data, bank details, transaction data
- Datev
- Location: Germany
- Purpose: Communication with the tax office, accounting
- Processed data: user data, transaction data, receipts
- Stripe
- Location: Stripe, Legal Process, 510, Townsend St., San Francisco, CA 94103, United States
- Purpose: Payment processing and payment data storage
- Processed data: name of the card holder, email address, customer number, order number, bank details, credit card validity period, credit card verification number (CVC), date and time of transaction, transaction amount, name of provider, location
5.2 Data transfer to third countries
Data processing is generally carried out within the European Union or the European Economic Area. A transfer to third countries will only take place if this is necessary to fulfill our contractual obligations, if you have given your consent or if an adequate level of data protection is guaranteed.
When using services based in the USA (AWS, Google Cloud), we ensure that appropriate guarantees are in place in accordance with Article 46 GDPR, in particular by concluding standard contractual clauses and additional technical and organizational measures to protect data.
6. Storage period
We only store your data for as long as is necessary to fulfill the purposes set out in this privacy policy or as required by law. The specific storage periods are as follows:
- User account data: For the duration of the contractual relationship and beyond in accordance with legal storage requirements (usually 6-10 years for accounting-related data)
- Accounting data and receipts: In accordance with legal storage requirements (usually 10 years)
- Usage data and analyses: Maximum 14 months in pseudonymized form
- Error logs: 90 days
After termination of the contractual relationship, your data will be deleted or anonymized after the legal retention periods have expired, unless there are legitimate reasons for longer storage.
7. Technical and organizational measures
We have implemented extensive technical and organizational measures to protect your data:
- Pseudonymization of data in analysis tools
- Hosting of data exclusively in the EU
- Use of EU-compatible cloud services (AWS eu-central-1, GCP with EU compliance)
- Ensuring the confidentiality, integrity and availability of systems
- Encrypted data transfer using SSL/TLS technology
- Ensuring data recoverability in the event of technical incidents
- Regular review and evaluation of the effectiveness of security measures
- Access restrictions and strict authentication procedures
- Regular security audits and penetration tests
8. Cookies and similar technologies
Our app uses cookies and similar technologies to ensure functionality and improve user experience:
8.1 Session cookies and local storage
- Session cookies: Temporary cookies that are stored for the duration of your session and are essential for the functionality of the app, in particular to maintain your login.
- Local Storage/IndexedDB: We use local storage technologies to store temporary data on your device and improve app performance.
8.2 Analytical cookies
We use PostHog cookies for analysis purposes. These cookies help us understand and improve the use of our app. The data collected is processed pseudonymized.
8.3 Cookie settings
You can configure your browser to reject cookies or to notify you when cookies are being set. Please note that if you disable cookies, some features of our app may not work or may not work completely.
9. Automated decision making
As part of our app, we use AI models and automated processes. These are mainly used for data extraction, text recognition and assistance with accounting processes.
We would like to inform you that:
- Processing is carried out by AI systems (based on Amazon Bedrock and Google Vertex, among others)
- No automated decisions are made that have legal effect or significantly affect you in a similar way
- All suggestions and results of automated processing are provided as recommendations and are always subject to human review and final decision
- The systems analyze patterns in documents and data to extract relevant information and generate suggestions
The ultimate responsibility for all decisions remains with you as a user of the app.
10. Login authentication and security
10.1 Registration process
We use secure authentication procedures to access the mika app:
- Token-based authentication: After a successful login, a secure token is created that is valid for the duration of your session.
- Secure Cookies: Cookies with the “Secure” and “SameSite” attributes are used to maintain your login.
- Two-factor authentication (2FA): Optionally, an additional level of security can be activated.
10.2 Safety measures
We implement the following security measures to protect your account:
- Automatic session termination after a long period of inactivity
- Encrypted transmission of all login data via HTTPS
- Password guidelines to ensure secure passwords
- Brute force protection by limiting login attempts
- Continuous monitoring for suspicious login activity
11. Your rights as a data subject
11.1 Rights of data subjects
As a data subject, you have the following rights:
- Right to information (Art. 15 GDPR): You can request information as to whether and which data about you is stored by us.
- Right to correction (Art. 16 GDPR): If the data concerning you is not (anymore) accurate, you can request that it be corrected.
- Right to deletion (Art. 17 GDPR): You can request that your data be deleted.
- Right to restrict processing (Art. 18 GDPR): You can request that the processing of your data be restricted.
- Right to data portability (Art. 20 GDPR): You can request that the data concerning you or a third party be transmitted in a structured, common and machine-readable format.
- Right to object (Art. 21 GDPR): You can object to the processing of your data.
11.2 Exercising your rights
To exercise your rights, please contact us using the contact details above. Please note that we only act as an order processor for the data that you enter in our app as the person responsible (in particular data from your own customers and suppliers). Requests to exercise data subject rights regarding this data must be addressed to you as the person responsible.
11.3 Right to lodge a complaint with the supervisory authority
You have the right to complain to a data protection supervisory authority about the processing of your personal data by us. The supervisory authority in the Member State of your habitual residence, place of work or the place of the alleged infringement is responsible.
12. Changes to the privacy policy
We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.
13. Order processing contract (AVV)
When using our mika app, we automatically conclude an order processing contract (AVV) with you as a customer in accordance with Art. 28 GDPR. This AVV regulates the rights and obligations associated with the processing of personal data.
The AVV is concluded with your consent to our general terms and conditions and this privacy policy. The full text of the AVV can be viewed in your customer account or sent to you upon request.
With the AVV, we ensure that we:
- Only process your data in accordance with your instructions
- have taken appropriate technical and organizational measures to protect the data
- Transparently disclose sub-processors and protect your rights
- Helping you to fulfill the rights of data subjects
- Delete or return all data after termination of the contractual relationship
14. contact
If you have any questions about the collection, processing or use of your personal data, or if you would like to provide information, correct, block or delete data, please contact:
Get Mika GmbH
Kolonnenstr. 8
10827 Berlin
Telephone: +4915901880019
email: mika@getmika.de
Status: April 11, 2025