Privacy Policy

Last updated: 6 May 2026

This Privacy Policy explains how AuPairGo processes your personal data when you use our community platform for au pairs and host families. We take the protection of your data seriously and comply with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1. Data Controller

The data controller responsible for processing your personal data under the GDPR is: Jessica Jung Hermesweg 14 60316 Frankfurt, Germany Email: hello@aupairgo.app

Full contact details are available in the Imprint.

2. Data We Collect

We collect and process only the data necessary to operate the platform or that you voluntarily provide:

Account data: Email address, chosen role (au pair or host family), registration timestamp, and your marketing-communications consent.
Profile data: Name, date of birth, country of origin and destination, languages, profile photo, and — for host families — household details. Providing this data is voluntary and you can modify or delete it at any time.
Communication data: Content and metadata (timestamp, sender, recipient) of messages and community posts you create on the platform.
Activity data: To show host families which au pairs have viewed their profile (“This au pair viewed your profile X×”), we log when an au pair visits a host family profile. These activity records are automatically deleted after 90 days. The reverse direction (who viewed an au pair profile) is not collected.
Household and invitation data: For host families: household name, members, and email addresses of people you invite.
Technical data: IP address, browser type, device category (desktop/mobile), language, and your last activity timestamp (used, among other things, to display online status).
Cookies: Strictly necessary cookies for authentication (session), language detection, perspective selection, and device rendering. We do not use tracking or advertising cookies.

3. Purposes and Legal Bases

We process your data on the following legal bases under the GDPR:

Performance of a contract (Art. 6(1)(b) GDPR): Providing your account, profile, messaging, household management, and matching features.
Legitimate interests (Art. 6(1)(f) GDPR): Technical operation, IT security, abuse prevention, and analysis to improve the platform.
Consent (Art. 6(1)(a) GDPR): Sending marketing or product communications. You can withdraw consent at any time with effect for the future — e.g. via the unsubscribe link in each email or by contacting hello@aupairgo.app.
Legal obligation (Art. 6(1)(c) GDPR): Complying with statutory retention and record-keeping requirements.

4. Recipients and Processors

We use carefully selected service providers who process your data only on our instructions. We have entered into data processing agreements under Art. 28 GDPR with all processors.

Supabase Inc. (USA): Database, authentication, and file storage. The server location for AuPairGo is in the EU (Frankfurt am Main, Germany).
Resend, Inc. (USA): Sending transactional emails (magic-link sign-in, invitations, security notifications).
Google Ireland Ltd. / Google LLC (Ireland/USA): Optional “Sign in with Google” OAuth login. Activated only if you choose this sign-in method.
Apple Inc. (USA): Optional “Sign in with Apple” OAuth login. Activated only if you choose this sign-in method. Apple typically provides an anonymized relay email address for this flow.
Hetzner Online GmbH (Germany): Application and reverse-proxy hosting in a German data center.
OpenRouter, Inc. + Anthropic, PBC (USA): Processing of requests to our AI features (e.g. the in-app assistant “Pia”, translations, match explanations). The contents of messages you send to the AI are forwarded via OpenRouter to Anthropic and are not used for model training. We only send what you actively submit to the AI.

5. International Data Transfers

To the extent US-based processors (Supabase, Resend, Google, Apple, OpenRouter, Anthropic) may process data, an adequate level of data protection is ensured by the EU Standard Contractual Clauses under Art. 46(2) GDPR and — where certified — by these companies' participation in the EU-US Data Privacy Framework (European Commission adequacy decision of 10 July 2023). The primary database holding your profile and communication data remains located in the EU.

6. Retention

We retain your data only as long as necessary for the respective purpose:

Profile and account data: Until you delete your account, or we delete it at your request.
After account deletion: We apply a soft-delete period of up to 30 days (to protect against accidental deletion). After that, data is permanently deleted, unless statutory retention requirements apply.
Messages and posts: Until you delete them, or at the latest upon permanent account deletion.
Technical logs: No longer than 90 days; after that they are automatically deleted or anonymised.
Invitations: Invitation tokens expire after 7 days and are then pseudonymised.
Activity data: Profile-view records are automatically deleted after 90 days.

7. Your Rights

Under the GDPR, you have the following rights:

Access (Art. 15): You may request confirmation of the data we hold about you.
Rectification (Art. 16): You may request correction of inaccurate or incomplete data.
Erasure (Art. 17): You may request deletion of your data, unless statutory obligations require us to keep it.
Restriction (Art. 18): You may request restriction of processing under certain conditions.
Data portability (Art. 20): You may receive your data in a structured, commonly used, machine-readable format.
Objection (Art. 21): You may object at any time to processing based on legitimate interests.
Withdrawal of consent (Art. 7(3)): You may withdraw any consent you have given, with effect for the future.
Complaint (Art. 77): You may lodge a complaint with a data-protection supervisory authority, typically the authority of your place of residence.

To exercise your rights, an informal message to hello@aupairgo.app is sufficient. We handle requests without delay, within one month at the latest.

8. Data Security

Communication between your device and our servers uses encrypted TLS (HTTPS) only. We do not store passwords — sign-in is exclusively via magic link or OAuth. Database access is protected by role-based access controls.

9. Changes to This Policy

We may update this Privacy Policy if our data processing changes or new legal requirements apply. We will inform you of material changes by email or via a notice on the platform before they take effect.

10. Contact

For questions about data protection or to exercise your rights, contact us at: Email: hello@aupairgo.app

Back to homepage

2. Data We Collect

We collect and process only the data necessary to operate the platform or that you voluntarily provide:

Account data: Email address, chosen role (au pair or host family), registration timestamp, and your marketing-communications consent.

Profile data: Name, date of birth, country of origin and destination, languages, profile photo, and — for host families — household details. Providing this data is voluntary and you can modify or delete it at any time.

Communication data: Content and metadata (timestamp, sender, recipient) of messages and community posts you create on the platform.

Activity data: To show host families which au pairs have viewed their profile (“This au pair viewed your profile X×”), we log when an au pair visits a host family profile. These activity records are automatically deleted after 90 days. The reverse direction (who viewed an au pair profile) is not collected.

Household and invitation data: For host families: household name, members, and email addresses of people you invite.

Technical data: IP address, browser type, device category (desktop/mobile), language, and your last activity timestamp (used, among other things, to display online status).

Cookies: Strictly necessary cookies for authentication (session), language detection, perspective selection, and device rendering. We do not use tracking or advertising cookies.

3. Purposes and Legal Bases

We process your data on the following legal bases under the GDPR:

Performance of a contract (Art. 6(1)(b) GDPR): Providing your account, profile, messaging, household management, and matching features.

Legitimate interests (Art. 6(1)(f) GDPR): Technical operation, IT security, abuse prevention, and analysis to improve the platform.

Consent (Art. 6(1)(a) GDPR): Sending marketing or product communications. You can withdraw consent at any time with effect for the future — e.g. via the unsubscribe link in each email or by contacting hello@aupairgo.app.

Legal obligation (Art. 6(1)(c) GDPR): Complying with statutory retention and record-keeping requirements.

4. Recipients and Processors

We use carefully selected service providers who process your data only on our instructions. We have entered into data processing agreements under Art. 28 GDPR with all processors.

Supabase Inc. (USA): Database, authentication, and file storage. The server location for AuPairGo is in the EU (Frankfurt am Main, Germany).

Resend, Inc. (USA): Sending transactional emails (magic-link sign-in, invitations, security notifications).

Google Ireland Ltd. / Google LLC (Ireland/USA): Optional “Sign in with Google” OAuth login. Activated only if you choose this sign-in method.

Apple Inc. (USA): Optional “Sign in with Apple” OAuth login. Activated only if you choose this sign-in method. Apple typically provides an anonymized relay email address for this flow.

Hetzner Online GmbH (Germany): Application and reverse-proxy hosting in a German data center.

OpenRouter, Inc. + Anthropic, PBC (USA): Processing of requests to our AI features (e.g. the in-app assistant “Pia”, translations, match explanations). The contents of messages you send to the AI are forwarded via OpenRouter to Anthropic and are not used for model training. We only send what you actively submit to the AI.

5. International Data Transfers

6. Retention

We retain your data only as long as necessary for the respective purpose:

Profile and account data: Until you delete your account, or we delete it at your request.

After account deletion: We apply a soft-delete period of up to 30 days (to protect against accidental deletion). After that, data is permanently deleted, unless statutory retention requirements apply.

Messages and posts: Until you delete them, or at the latest upon permanent account deletion.

Technical logs: No longer than 90 days; after that they are automatically deleted or anonymised.

Invitations: Invitation tokens expire after 7 days and are then pseudonymised.

Activity data: Profile-view records are automatically deleted after 90 days.

7. Your Rights

Under the GDPR, you have the following rights:

Access (Art. 15): You may request confirmation of the data we hold about you.

Rectification (Art. 16): You may request correction of inaccurate or incomplete data.

Erasure (Art. 17): You may request deletion of your data, unless statutory obligations require us to keep it.

Restriction (Art. 18): You may request restriction of processing under certain conditions.

Data portability (Art. 20): You may receive your data in a structured, commonly used, machine-readable format.

Objection (Art. 21): You may object at any time to processing based on legitimate interests.

Withdrawal of consent (Art. 7(3)): You may withdraw any consent you have given, with effect for the future.

Complaint (Art. 77): You may lodge a complaint with a data-protection supervisory authority, typically the authority of your place of residence.

To exercise your rights, an informal message to hello@aupairgo.app is sufficient. We handle requests without delay, within one month at the latest.