Bako
Privacy Policy
Last updated: 10 June 2026
We take the protection of your data seriously. This policy explains which personal data we process when you use the "Bako" app and what rights you have.
1. Controller
ESBM Solutions UG (haftungsbeschränkt) i. Gr.
Ditfurthstraße 48
33611 Bielefeld, Germany
Email: support@esbm-solutions.com
2. Hosting
Our servers are operated by Hetzner Online GmbH (Germany) and managed via Coolify. The server location is in Germany (Frankfurt am Main). A data processing agreement is in place.
3. Use without an account, local storage
You can use Bako without an account at first. Until your first paid action (spending Stars or purchasing Bako Plus), your settings are stored exclusively on your device (encrypted device storage). Only when you create an account do we process your email address for authentication (via our processor Supabase).
4. Processing of photos (palm and coffee reading)
For the "Palm Reading" and "Coffee Reading" methods you voluntarily upload a photo. This photo is transmitted to OpenAI (see section 5) to generate the AI reading and is stored on our servers for a maximum of 30 days, after which it is deleted automatically. Please do not upload photos showing more than is needed for the reading.
5. Recipients / Processors
To provide the app we use the following service providers:
| Service | Purpose | Location |
|---|---|---|
| Supabase | Account/authentication, database, photo storage | EU / USA |
| OpenAI | AI-assisted readings (text & image) | USA |
| RevenueCat | Management of in-app purchases / subscriptions | USA |
| Google AdMob | Advertising (only for users without Bako Plus) | USA |
| Sentry | Error and crash diagnostics for stability | USA |
6. Advertising and consent
For users without a Bako Plus subscription we show advertising via Google AdMob. Before displaying personalised ads we obtain your consent through the consent dialog (Google UMP); on iOS additionally through Apple's App Tracking Transparency (ATT). You may choose non-personalised advertising. With Bako Plus, no advertising is shown.
7. Purchases and subscriptions
Purchases of Stars and Bako Plus are handled through the Apple App Store or Google Play; the technical management is provided by RevenueCat. We do not receive payment data (e.g. credit card numbers). The privacy terms of Apple and Google additionally apply.
8. Legal bases
We process data on the basis of Art. 6(1) GDPR: to perform a contract (lit. b, e.g. account, purchases, readings), based on your consent (lit. a, e.g. personalised advertising), and based on our legitimate interest (lit. f, e.g. stability and security of the app).
9. Transfers to third countries
Some providers (including OpenAI) process data in the USA. Such transfers are based on the EU Standard Contractual Clauses (SCC) or an adequacy decision, where applicable.
10. Retention period
Uploaded photos are deleted after 30 days at the latest. We store account and usage data for as long as your account exists or as long as statutory retention obligations require. On request we delete your account.
11. Your rights
You have the rights to access, rectification, erasure, restriction of processing, data portability and objection. You may withdraw consent at any time with effect for the future. You also have the right to lodge a complaint with a data protection supervisory authority.
12. Contact for privacy matters
For questions or to exercise your rights, contact: support@esbm-solutions.com.
Note: This text is a carefully prepared draft and does not constitute legal advice. We recommend having it reviewed by a lawyer before the official app launch.