Privacy Policy

Introduction

This translation is provided for convenience only. In case of any discrepancies or inconsistencies, the German version shall prevail.

Mousebouncer GmbH or affiliated companies ("we" or "us") take the protection of your personal data very seriously. With this privacy policy, we comply with our information obligations under 
Art. 12 ff. of the General Data Protection Regulation (hereinafter referred to as "GDPR"). This privacy policy informs you about how we process your personal data, for what purposes this is done, what rights you have as a data subject, and how you can contact us if you have any questions or concerns. This privacy policy applies to the use of our website, our mobile app "ZeroMOUSE," and the use of our products. It informs you about how we process your personal data in connection with the use of these services. 

It goes without saying that we process personal data exclusively in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

Information about the responsible party

The entity responsible for data processing within the meaning of Article 4 No. 7 GDPR is:

Mousebouncer GmbH

Ismaninger Straße 6

85716 Unterschleißheim,

represented by the management

Email: info@mousebouncer.com

Please note that this is NOT our postal address. You can find the return address under 'Return Policy' or obtain it directly from our support team.

Our data protection officer can be reached at:

Email: dataprotection@zeromouse.ai 

or by mail to the address given above with the addition "Data Protection Officer".

Which personal data we process:

We collect and process personal data when you:

  • Visit our website,
  • use our app “ZeroMOUSE”,
  • operate our products,
  • Contact us via email or social networks,
  • communicate with us.

The data processed may include, in particular:

  • Name, email address, phone number, user ID,
  • Device information (IP address, operating system, browser type, etc.),
  • Usage data (e.g.  Time and duration of access or usage, clicked links, crash reports),
  • Images, to the extent as this is necessary for the function of the app or the use of our products (e.g.  Detection of movement at the cat flap)
  • Push tokens or similar identifiers, if you have enabled push notifications.

This data is either provided directly by you or collected automatically when you visit the website, or use the app or our products.

Purposes and legal bases of processing:

We only process your personal data if this is legally permitted. Processing is based on:

  • Article 6 paragraph 1 letter b GDPR for the performance of a contract (e.g.  if you create a user account with us),
  • Article 6 paragraph 1 letter f GDPR for the protection of our legitimate interests (e.g.  to ensure the technical security of our website or app),
  • Article 6 paragraph 1 letter a GDPR, provided you have given us your consent (e.g.  for marketing or cookies).

Our legitimate interests include, in particular:

  • Improvement of our app, including AI-based image analysis,
  • Pseudonymized analysis of user behavior to optimize our services,
  • Securing our IT systems,
  • Fraud prevention and abuse detection.

Recipients of your data

Data will only be shared to the minimum extent required by law. Recipients may include, but are not limited to:

  • Service providers acting on our behalf (e.g.  Hosting, maintenance, shipping),
  • Shopify Inc. (Hosting),
  • Google Ireland Ltd. (Google Ads, Analytics, YouTube, Firebase, Google Play Services),
  • Meta Platforms Ireland Ltd. (Meta Pixel) (Marketing)
  • Solute GmbH (price comparison),
  • Bug snag (error monitoring)
  • Amazon Web Services (AWS, storage and evaluation of images)
  • Authorities, insofar as we are legally obligated to do so.

All data processors have GDPR-compliant contracts in place.

 

Notice

To ensure the functionality and safety of our cat flap, a camera is used that is focused exclusively on the immediate area in front of the flap. The camera serves solely to document and, if necessary, control the animals' entry and exit.

Although the camera does not have depth of field in the classical sense and therefore does not allow targeted capture of more distant areas, it cannot be completely ruled out technically that adjacent areas or unintentionally people may also be captured in the image frame.

Recordings that are unintentionally made outside the intended monitoring purpose will be deleted immediately upon discovery in compliance with data protection regulations.

 

Transfer to third countries

We may use service providers as data processors who are based in a third country or are part of an international organization that is based in a third country. In the context of the GDPR, a third country is understood to be a country that is not a member of the European Union (EU) or the European Economic Area (EEA) and is therefore not subject to the GDPR. These third countries have in common that they may have their own data protection laws, which, however, may offer a lower level of protection than the GDPR.

The transfer of data to third countries is only permitted under certain legal conditions according to Article 44 GDPR:

Adequacy decision: The existence of an adequacy decision indicates that the data protection law applicable in the third country in question provides a level of protection for your personal data comparable to the GDPR. In this case, the data transfer is permitted without further authorization; this includes

EU-US Privacy Framework: For companies in the USA that are certified under this framework, an adequate level of protection for personal data is assumed.

Standard contractual clauses: If no adequacy decision exists, data transfers can take place on the basis of standard contractual clauses issued by the EU Commission (Art. 46 para. 2 letter c GDPR). These contractual clauses provide sufficient guarantees on the part of the respective service provider, also with regard to the enforceability of the data subject rights provided for by the GDPR.

A list of specific providers and their guarantees can be found in our Cookie Policy. By giving your consent, you agree that your personal data will be transferred to such a company.

Our service providers with a third-country connection are data processors within the meaning of Art. 4 No. 8 GDPR and are contractually obligated to comply with data protection regulations.

Disclosure of data to third parties

We and the processors we use will only disclose your data to third parties within the meaning of Art. 4 No. 10 GDPR if

  • you have given your explicit consent to the transfer in accordance with Art. 6 para. 1 letter a) GDPR;
  • the transfer is necessary in accordance with Art. 6 para. 1 letter b) GDPR for the initiation or execution of a contractual relationship with you and us;
  • we are legally obliged to disclose the data in accordance with Article 6(1)(c) GDPR, or
  • the transfer of your data is necessary in accordance with Article 6(1)(f) GDPR on the basis of our legitimate interest in establishing, exercising and defending legal claims, and there is no reason to assume that you have an overriding legitimate interest in not having your data transferred.
  • it may be necessary to transfer your personal data to other ZeroMOUSE offices in countries outside your country of residence in order to provide our services. In such cases, we ensure that appropriate safeguards are in place to protect your personal data in accordance with applicable data protection laws.

Furthermore, it may be necessary to disclose certain personal data to other parties, for example, to potential buyers of our company or parts thereof, or as part of a restructuring. Where possible, we will anonymize your information before disclosing it. If this is not possible, we will require the recipient to maintain confidentiality.

Storage duration

We only store your data for as long as it is necessary for the respective purpose. For example:

  • Access data is deleted or anonymized directly after 24 hours.
  • Log files are stored for a maximum of 4 weeks.
  • Contract data for the duration of statutory retention periods (6 or 10 years),
  • App usage data is only stored for as long as your account is active.

Data protection for children

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from individuals under 16. If you, as a parent or guardian, become aware that a child under 16 has submitted data to us, please contact us immediately. Our contact details can be found in the section "Data Controller Information".

Cookies

Our website uses cookies. Technically necessary cookies are essential for the operation of the site. We only use other cookies with your explicit consent in accordance with Section 25 Paragraph 1 of the German Telemedia Act (TTDSG), in conjunction with Art. 6 para. 1 lit. a GDPR. Further details on the use of cookies and the possibility to adjust your settings can be found in our cookie banner.

Information on data security

To ensure the best possible protection of your data, it is secured during transmission using Secure Socket Layer (SSL) encryption in conjunction with Transport Layer Security (TLS) encryption. This form of encryption ensures that the data cannot be read, redirected, or altered by unauthorized third parties during transmission.

To the extent that we store your data, this storage takes place exclusively in appropriately security-certified data centers within the European Union (EU) and in accordance with the GDPR. We expressly reserve the right to engage external service providers for the storage and processing of your data, who, however, act exclusively on our behalf and in accordance with our instructions (data processors). The data processors we engage are contractually obligated to implement state-of-the-art technical and organizational measures (TOMs) to ensure the processing of your data in compliance with data protection regulations.

Under no circumstances will your data be passed on or sold to third parties by us or any commissioned processor without a legal basis.

Your rights

As a “data subject” within the meaning of Article 4 No. 1 GDPR, you have certain inalienable rights (data subject rights). We are obligated to guarantee these data subject rights and must also contractually obligate any processors we engage to support us in implementing these rights to the best of our ability. In this respect, you have the following data subject rights:

  • Right of access (Article 15 GDPR): You have the right to obtain information from us about whether we process personal data concerning you and, if so, what data this is and for what purpose the processing is carried out.
  • Right to rectification (Article 16 GDPR): You have the right to have inaccurate or incomplete personal data that we have stored about you corrected.
  • Right to erasure (Article 17 GDPR): Under certain circumstances, you have the right to request that we erase your personal data. This right exists, for example, if the data is no longer necessary for the purposes for which it was collected or if you have withdrawn your consent.
  • Right to restriction of processing (Article 18 GDPR): Under certain circumstances, you have the right to restrict the further processing of your personal data. This right exists, for example, if you contest the accuracy of the data or if the processing is unlawful.
  • Right to data portability (Article 20 GDPR): You have the right to receive a copy of your personal data from us in a structured, commonly used and machine-readable format. You can also have this data transmitted to another controller, provided this is technically feasible.
  • Right to object (Article 21 GDPR): You have the right to object, on grounds relating to your particular situation, to the processing of your personal data. We will then no longer process your data unless there are compelling legitimate grounds for the processing.
  • Right to withdraw consent (Article 7(3) GDPR): If we process your personal data based on your consent, you can withdraw this consent at any time. The lawfulness of the processing up to the point of withdrawal remains unaffected.
  • Right to lodge a complaint with a supervisory authority (Article 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes data protection regulations.

To exercise your rights, please contact: dataprotection@zeromouse.ai 

In this context, we reserve the right to verify your identity through an appropriate procedure.

Update to this privacy policy

We reserve the right to update this privacy policy with future effect in order to respond appropriately to changes in legislation, case law, or economic circumstances. We will inform you of any significant changes to this privacy policy in an appropriate manner, if required by law. Your rights as a data subject under the GDPR will never be restricted by any changes to this privacy policy.

 

This privacy policy was published on January 29, 2026