top of page

Privacy Policy 


Privacy at Gruups
Status: January, 1st 2021

Gruups, and the (native) Gruups App are trademarks of Brandslisten GmbH.

The protection of your personal data is very important to us. In the following we would like to inform you about the handling of your personal data. Gruups observes the legal regulations of the Federal Data Protection Act (BDSG), the Telemedia Act (TMG), the Basic Data Protection Ordinance (DS-GVO) as well as other data protection regulations.

Names and contact details of the person responsible and, if applicable, his representative:
Brandslisten Gmb
Winterstrasse 2
22765 Hamburg and

Phone: +49/40/609415850


Represented by managing director: Mark Pohlmann

You can reach our data protection officer at



Registered users End users who have registered and logged in with their e-mail address / telephone number

Channel Owner Channel

Owner (also Creator) means the direct owners of the individual channels and not the end users of the platform. 

Channel Database

Each channel has its own physical database. Each channel database is separate from all others, so that a channel (-owner) cannot access the data of another channel.
Personal Data Personal Data is "any information relating to an identified or identifiable natural person.

Channel / Channel

A channel is a customer instance which is logically separated from all others. All contributions and contribution contents posted in the channel belong only to this instance and no others. A user can use several instances with the same user data. 
The following personal data is processed by Gruups: 
user agent (website)


  • Phone manufacturer and OS (App)

  • E-mail or telephone number

  • Username

  • Uuid

  • Anonymous IP

  • session ID

Storage location and duration by data type
The storage location and duration differ depending on the type of data. Session dependent data such as user agent and URL are kept in the logs for 7 days. The data is automatically and continuously deleted irrevocably. Personal data such as e-mail address, telephone number, posts, uuid, user name etc. are stored in the corresponding customer database until the user profile is deleted. Except in the customer database, this data is kept in the backups for 30 days. 
Purposes for which the personal data is to be processed
We process your data for the following purposes:

  • Quality assurance

  • Statistics

  • Provision of the Service Gruup as such

  • Legal basis for the processing


The processing of your data is carried out on the following legal basis:
- for the performance of a contract, Art. 6 para. 1 letter b) DSGVO
- legitimate interests, Art. 6 para. 1 lit. f) DSGVO (see below)

Legitimate interests
When processing your data, we pursue the following legitimate interests:
- Improvement of our offer
- Protection against misuse
- Statistics
Recipients or categories of recipients of the personal data
When processing your data, we work together with the following service providers who have access to your data:
- Image recognition provider - Amazon Recognition;
- Speech recognition provider - Amazon Comprehend;
- Mood recognition provider - Amazon Comprehend;
- Text recognition provider - WebPurify.

Image and text recognition software checks posts for inappropriate content, ensuring the integrity of the Gruups platform. In order to realize the full potential of text recognition software, a voice and speech recognition software is used to recognize the language used.

Duration for which personal data is stored:
We store your data,

  •  if you have consented to the processing of your personal data at most until you revoke your consent,

  • if we use the data on the basis of a legitimate interest, at most for as long as your interest in deletion or anonymization does not outweigh the data's use.

Data sources
We receive the data from you (including about the devices you use).
Data transfer to third countries
Data is transferred to third countries outside the European Union to the service provider "WebPurify" (WebFurther, LLC). This takes place on the basis of contractual regulations provided by law, which are intended to ensure adequate protection of your data and which you can view on request. 

For the examination of the contributions for unreliable contents the services of WebFurther, LLC with seat 19200 Von Karman Avenue, Irvine, CA 92612 are used

Right of access and rectification (DS-GVO Art. 16) or deletion (DS-GVO Art. 17) or restriction of processing (DS-GVO Art. 18) or a right to object to processing (DS-GVO Art. 21) as well as the right to data transferability (DS-GVO Art. 20)

You have - in some cases under certain conditions - the right 

  • to correct your data,

  • to have your data deleted or blocked,

  • to have the processing restricted,

  • to object to the processing of your data,

  • To receive your data in a transferable format and to transmit it to a third party,

  • to revoke your consent to the processing of your data for the future and

  • complain to the competent supervisory authority about unauthorised data processing. The competent supervisory authority is the Hamburg Commissioner for Data Protection and Information Security.

Requirement or obligation to provide data
Unless expressly stated at the time of collection, the provision of data is not necessary or obligatory.
Further information on data protection 

Automatic storage of access data
Each time a user accesses the internet pages of Brandslisten, the access data of the process are automatically stored in a log file. This is general information, such as the page from which the file was requested, the name of the file called up, the date and time of the call, the amount of data transferred, the protocol used and the own descriptions sent along by the Internet browser as well as, if applicable, the description of the operating system.

This general information is anonymised, i.e. it is not stored together with your personal data, which may be available on fire lists, nor is it merged with this data in any other way. It is only used for statistical purposes and to improve the content and functionality of the website. This data will not be passed on to third parties for other non-commercial or commercial purposes. The access data will be stored in the log file for a maximum of 4 weeks.

This website ( also uses so-called cookies. A cookie is a text file which, when the website is used, is transmitted to the user's computer / Internet-capable device together with the other data actually requested and stored there. The file is kept there for later access and serves to authenticate the user. 

The website of Brandslisten uses temporary (so-called "session") cookies, i.e. cookies that are only valid for the duration of a so-called "session" and are automatically deleted when the browser is closed. Gruups may link to other websites where cookies may also be used. 
If you do not wish your access device to be recognized by the storage of cookies, you can set the browser you use to block cookies, delete them from the hard drive or warn you before a cookie is stored. Most browsers have an option that restricts or completely prevents the storage of cookies. We would like to point out, however, that in this case not all functions of our website may be used to their full extent.

This website uses JSON Web Token (JWT) to identify users. A JSON Web Token is a JSON based access token standardized according to RFC 7519. The JWT enables the exchange of verifiable claims. Similar to cookies, the token is transmitted to the user's computer when the website is used, together with the other data actually requested, and stored there. By means of the stored token, the user is identified by the server and automatically logged on to the site. The token is encrypted asynchronously.
Use of Matomo (on
On this website, data is collected and stored using the web analysis service software on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes in accordance with Art. 6 Para. 1 letter f DSGVO. Pseudonymised user profiles can be created and evaluated from this data for the same purpose. No profiling takes place. Cookies may be used for this purpose. The data collected with open-source technology is processed on our servers. 

The open source software Matomo is used.

If you do not agree with the storage and evaluation of this data from your visit, you can object to the storage and use of this data at any time by clicking on the mouse. In this case a so-called opt-out cookie is stored in your browser, which means that Matomo does not collect any session data. Please note that the complete deletion of your cookies means that the opt-out cookie will also be deleted and may have to be reactivated by you.

Opt-Out iFrame:

Transparency Initiative:


Flutter is an open source UI software development system from Google LLC. 
For the development of the iOS and Android Gruups applications, Flutter software and its libraries were used. 
As a subsidiary of Google, Flutter complies with the privacy policy of Google LLC. Google LLC, with headquarters in 
1600 Amphitheatre Parkway, Mountain View, California 94043, is certified under the EU-US Privacy Shield Agreement and recognized as a DS GMO compliant company.


AdMob is a mobile advertising platform that offers advertising solutions on Android and iOS applications. AdMob is used within Gruups for generating and managing ad content.
As a subsidiary of Google, AdMob complies with the privacy policy of Google LLC. Google LLC, with headquarters in 
1600 Amphitheatre Parkway, Mountain View, California 94043, is certified under the EU-US Privacy Shield Agreement and recognized as a DS GMO compliant company.


AWS Services 
In the context of Gruups, several services are provided by AWS. The selected AWS region is either Dublin, Ireland or Frankfurt, Germany, depending on the availability of services. All AWS services used by Gruups are listed below. 

Gruups uses cloud computing capacity from the Amazon Elastic Compute Cloud (Amazon EC2) web service. EC2 provides secure, scalable computing capacity in the cloud. The selected AWS region for EC2 is Frankfurt, Germany. This ensures that all data remains within the EU and DS GMO jurisdiction.    

S3 is an object memory for storing and retrieving any amount of data from any location on the Internet. Gruups uses AWS's Simple Storage Service (S3) for storing content, images, video, and general data storage. The AWS region selected for S3 is Dublin, Ireland. This ensures that all data remains within the EU and the DS GMO legal area.

CloudFront (CF) is a content delivery network. CF enables fast and secure delivery of data to customers around the world. Gruups uses CloudFront's services for caching, and accordingly for fast loading of all data (videos, images, content). 
Amazon Relational Database Service (Amazon RDS) is a managed service for setting up, operating and scaling a relational database in the cloud. Gruups uses AWS RDS in conjunction with MySQL. The selected AWS region for RDS is Frankfurt. This ensures that all data remains within the EU and the DS-GVO legal area.

AWS Comprehend 
Amazon Comprehend is an NLP (Natural Language Processing) service that uses machine learning to find insights and connections in text. In the spirit of Gruups, AWS Comprehend is used to recognize the language of and mood in user posts. These features, along with the swearword filter of WebFurther, LLC, will be used to prevent the posting of inappropriate and offensive content in all languages in the Gruups channels. This creates a secure space in the Gruups channels and maintains integrity.

AWS Recognition 
Amazon Recognition is based on the same proven, highly scalable deep learning technologies developed by Amazon's Computer Vision Scientists to analyze billions of images and videos every day. In this way, images and videos posted in the Gruups channels are checked against illegal and/or profane content. This creates a secure space in the Gruups channels and maintains their integrity. The selected AWS region for RDS is Dublin, Ireland. This ensures that all data remains within the EU and the DS-GVO legal area.  


WebPurify, a brand of WebFurther, LLC, offers swearword filters and other moderation services. Gruups uses WebPurify's so-called "Profanity Filter" to check post content for unreliable and offensive content. For this purpose, we provide WebPurify with the content of public content.  
WebFurther LLC, with headquarters in 19200 From Karman Ave., 6th Floor
Irvine, California 92612, is certified under the EU-US Privacy Shield Agreement and is recognized as a DS GMO compliant company.

bottom of page