Skip to content

Privacy Policy

Last updated: April 13, 2026

Coureo was built from the ground up to process as little personal data as possible. This page describes what we collect, when, and what we don't.

Developer note

This is a content template. Have it reviewed by a privacy lawyer or generator (iubenda, Termly) before going live.

1. Controller

The controller in the meaning of the GDPR is:
Coureo — Owner: Sascha Böge
Schenkendorfer Str 5
15837 Baruth / Mark, Germany
Email: privacy@coureo.app

2. Principles

  • Privacy by design: we only process data that is technically required to run the app.
  • Local processing: OCR, anonymization, and storage of your letters happen on your device only.
  • No accounts: Coureo requires no sign-up or login.
  • No tracking: we do not set analytics, tracking, or advertising cookies.

3. Data we process

3.1 In the app

  • Letter text and photo: stay on your device, in the encrypted app database.
  • Anonymized text with placeholders: sent to Anthropic (Claude API) for explanations (see 4).
  • Anonymous subscription ID (RevenueCat): identifies your subscription without identifying you personally.

3.2 On the marketing site (coureo.app)

  • Server log files (IP address, user agent, timestamp) are processed by our hosting provider Cloudflare to ensure secure operation (Art. 6 (1)(f) GDPR).
  • No analytics, marketing, or tracking cookies are used.

4. Third parties

  • Anthropic, PBC (USA) — processes anonymized letter text via the Claude API. Transmission is encrypted; personal data is replaced with placeholders before sending.
  • RevenueCat, Inc. (USA) — verifies your in-app subscription. Stores only an anonymous user ID.
  • Apple Inc. / Google LLC — process in-app purchases under their respective platform terms.
  • Cloudflare, Inc. (USA) — hosts the website and API proxy. Data processing per the Cloudflare DPA.

5. Legal basis

Processing is based on Art. 6 (1)(b) GDPR (contract performance) and (1)(f) (legitimate interest in secure operation).

6. Retention

Local data stays on your device until you delete it or uninstall the app. Server log files are deleted automatically after 14 days.

7. Your rights

You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and objection (Art. 21 GDPR). Contact privacy@coureo.app.

You may file complaints with your supervisory authority.

8. Anonymization in detail

Coureo detects and replaces personal data in three layers before anything leaves your device:

8.1 Regex layer (deterministic)

  • IBAN, BIC, account numbers
  • Money amounts (€, $, CHF)
  • Dates in all common formats
  • Phone numbers, email addresses, URLs
  • Tax IDs, case numbers, customer and contract numbers

8.2 NLTagger / Named Entity Recognition

  • Person names (first and last names, salutations)
  • Company and government agency names
  • Postal addresses (street, ZIP, city)

8.3 Manual review

Before sending, Coureo shows a preview of the anonymized text. You can remove, add, or adjust detections. The text is only sent after your explicit confirmation.

Example

Original: "Dear Ms. Müller, the amount of €432.17 is due by May 12, 2026."

Sent to Anthropic: "Dear Ms. [PERSON_1], the amount of [AMOUNT_1] is due by [DATE_1]."

9. Changes

We may update this policy as our service or legal landscape evolves. The current version is always available on this page.