Back to app

Privacy Policy

Last updated: 1 June 2026

1. Controller

The controller within the meaning of the GDPR is:

Abed Al Muhsen Alkarim

Abed Al Muhsen Alkarim, Mittelseestr. 6a, 63065 Offenbach am Main, Germany

Email: alive@surviveprotocol.com · Phone: +49 176 87460492

2. General

Protecting your personal data is important to us. We process your data exclusively on the basis of statutory provisions (GDPR, German TDDDG, BDSG). This privacy policy informs you about the most important aspects of data processing on our website.

You can use the website and generate a survival plan without creating an account. We deliberately collect as little data as possible.

3. Hosting (Vercel)

This website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. When the website is accessed, technically necessary data (e.g. IP address, date and time of access, page requested) are processed in server logs. The legal basis is our legitimate interest in providing the website securely and reliably (Art. 6 (1) (f) GDPR).

Processing may also take place in the USA. The transfer is safeguarded by appropriate measures (EU-US Data Privacy Framework or Standard Contractual Clauses under Art. 46 GDPR).

4. The selections you make

To build your plan you select details about your situation (scenario, group size, whether children or elderly or pets are present, living situation, budget, fitness level, climate, and any special needs). These selections are held in your browser during your session and are sent to our server only in order to generate your plan. We do not require your name, and we do not store your selections after your plan has been generated.

The legal basis is the performance of the service you requested (Art. 6 (1) (b) GDPR); for special-category selections additionally your consent (see section 6).

5. AI plan generation (Anthropic)

To generate your personalized plan, your selections are transmitted to our processor Anthropic PBC, 548 Market Street, PMB 90375, San Francisco, CA 94104, USA, which operates the Claude AI model. Anthropic processes the data on our behalf solely to generate the requested plan and, under its commercial terms, does not use inputs or outputs to train its models. The data is not linked to your name or to a user account.

The legal basis is contract performance (Art. 6 (1) (b) GDPR); for any special-category (health-related) selections additionally your explicit consent (Art. 9 (2) (a) GDPR). The transfer to the USA is safeguarded by Standard Contractual Clauses (Art. 46 GDPR). More: https://www.anthropic.com/legal/privacy.

If no AI service is configured, your plan is generated locally from a built-in rule set on our own server and your selections are not shared with any third party for this purpose.

6. Health-related information (Art. 9 GDPR)

Under the "special needs" question you may select information that constitutes a special category of personal data within the meaning of Art. 9 GDPR (for example: an infant in the group, diabetes, allergies, prescription medication, mobility needs, or being immunocompromised).

Providing this information is entirely optional; you can skip that question. Where you do select it, processing (including transmission to the AI processor described in section 5) is based on your explicit consent pursuant to Art. 9 (2) (a) GDPR, which you give by selecting these options in order to receive a tailored plan. You can avoid this processing by not selecting any special need, and you may withdraw consent for the future at any time; the lawfulness of processing already carried out remains unaffected.

7. Payment processing (Stripe)

Paid purchases are processed by the payment provider Stripe (Stripe Payments Europe, Ltd., Dublin, Ireland; Stripe, Inc., USA). When you buy a plan, the data required for the payment (e.g. email address and payment data) is processed by Stripe. The legal basis is contract performance (Art. 6 (1) (b) GDPR).

We do not store payment data such as card numbers; it is processed directly by Stripe. Any transfer to the USA is safeguarded by appropriate measures (DPF / Standard Contractual Clauses). More: https://stripe.com/privacy.

8. Cookies and analytics

We do not use any tracking, analytics or marketing cookies. The website uses only technically necessary storage required to operate it. During payment, the provider Stripe may set technically necessary cookies on its own checkout pages for fraud prevention and to process the payment. See our separate Cookie Policy for details.

9. Storage period

Your plan selections are not stored after your plan has been generated. Data related to purchases is stored for as long as necessary to perform the contract or as required by statutory retention periods (in particular commercial and tax-law periods of up to 10 years).

10. Your rights

You generally have the rights to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection (Art. 21 GDPR). You may withdraw any consent given at any time (Art. 7 (3) GDPR).

An informal message to the contact details above is sufficient to exercise your rights.

11. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit, https://datenschutz.hessen.de

12. Changes to this privacy policy

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services.