Privacy Policy

Privacy policy

We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the OK.de Services GmbH “OK.de”. The use of the Internet pages of the OK.de Services GmbH (here especially www.ok.de, oksecure.net, oksecure.app incl. subdomains) is possible without any indication of personal data. However, if a data subject wishes to make use of special services of our company (e.g. e-mail service) via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the “OK.de”. By means of this data protection declaration, our company would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this privacy policy.

As the controller, the “OK.de” has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed.

Table of contents

  1. Introduction
  2. Data We Process
  3. Technical and Security Measures
  4. AI and Third-Party Services
  5. Crypto-Related Services
  6. Cookies and Web Use
  7. Your Rights
  8. Data Retention
  9. Changes to This Policy
  10. Contact

1. Introduction

OK.secure Messenger is operated by OK.de Services GmbH, Uhlandstr. 165/166, 10719 Berlin, Germany (“we”, “us”). We are committed to protecting your privacy and securing your personal data in compliance with the General Data Protection Regulation (GDPR) and applicable national laws.

Unlike many communication services, OK.secure Messenger:

  • Is not connected to Google or similar analytics/advertising ecosystems.
  • Does not display advertising or use your data for marketing purposes.
  • Uses end-to-end encryption and blockchain-based key management to ensure only you and your intended recipients can access your communications.

Available for:

  • iOS via Apple’s App Store
  • Android via Google Play Store
  • Web browsers at oksecure.app

2. Data We Process

We aim to minimise personal data processing. Depending on your use, we may process:

  • Account information: username, email address (for registration, login, and account recovery), optionally: real name, phone number (for improved contact synchronization)
  • Encryption keys: generated and stored client-side; private keys never leave your device unencrypted.
  • Message metadata: minimal technical data (e.g., timestamps, recipient IDs) required for delivery.
  • Support requests: information you provide when contacting support.
  • AI feature prompts: if you use the optional AI feature, the text or content you input (“prompts”) will be processed as described in Section 4. Prompts may contain personal data if you choose to include it.

We do not scan, store in plaintext, or sell your messages, files, or call content.

3. Technical and Security Measures

  • End-to-end encryption for all communications.
  • Zero-knowledge architecture — we cannot decrypt your content.
  • TLS 1.2+ for all client-server connections.
  • Trusted Execution Environment (TEE) on supported devices.
  • Regular security audits and penetration testing.

4. AI and Third-Party Services

4.1 General

Certain optional features may use AI or other third-party services to enhance your experience (for example, spam detection, language tools, secure communication APIs). These are integrated to preserve encryption and privacy, with any third-party processing governed by GDPR-compliant agreements.

4.2 AI Features – Purpose and Operation

When you use the AI feature, OK.secure Messenger automatically processes the content you enter (“prompts”) to generate responses or suggestions. This processing is performed using cloud-based AI services while maintaining privacy wherever technically feasible.

4.3 Services Used

For AI processing, we use Amazon Web Services (AWS), which acts as a data processor under the GDPR. AWS processes data only on our documented instructions, with appropriate technical and organisational safeguards. Processing occurs within the EU, in countries recognised by the European Commission as providing an adequate level of data protection, or under GDPR-approved safeguards. AWS privacy information: https://aws.amazon.com/privacy/

4.4 Data Processed

  • Only the content you provide in your prompts is processed.
  • Prompts may contain personal data if you choose to include it.
  • No additional personal data is shared with AWS.
  • Temporary caching of prompts may occur within AWS infrastructure, beyond our direct control.

4.5 Legal Basis

  • Consent – Art. 6(1)(a) GDPR, when you voluntarily use the AI feature.
  • Contract performance – Art. 6(1)(b) GDPR, when AI processing is necessary to deliver a service you have requested.

4.6 Data Retention

Prompts are used solely to generate the requested response and are deleted immediately afterwards, unless longer storage is required by law or you have explicitly consented to it.

4.7 User Responsibility

You are responsible for the content of your prompts. Please avoid entering sensitive personal data unless it is strictly necessary for the purpose you require.

5. Crypto-Related Services

OK.secure Messenger may offer optional features for cryptocurrency transactions, exchange, and digital goods purchases through integrations with trusted third-party providers. Each operates as an independent data controller for the personal data it processes, with its own GDPR-compliant privacy practices.

5.1 Coinify (Coinify ApS, Denmark)

  • Services: Buy, sell, and exchange cryptocurrencies; make payments in crypto.
  • Data processed: identity verification/KYC, transaction processing, compliance checks.
  • Privacy: Subject to Coinify Privacy Policy.
  • We do not access your payment credentials or private keys.

5.2 Onramper (Onramper B.V., Netherlands)

  • Services: Fiat-to-crypto purchase and exchange via aggregated onramp partners.
  • Data processed: payment details, identity verification/KYC, transaction execution, anti-fraud, compliance.
  • Privacy: Subject to Onramper Privacy Policy.
  • We do not access your payment credentials or private keys.

5.3 Bitrefill (Bitrefill AB, Sweden)

  • Services: Purchase digital goods (gift cards, eSIMs, mobile top-ups) using cryptocurrencies.
  • Data processed: payment details, wallet information, transaction execution, compliance checks.
  • Privacy: Subject to Bitrefill Privacy Policy.
  • We do not access your payment credentials, private keys, or delivery codes prior to receipt from Bitrefill.

For all three providers:
Data shared is limited to what is strictly necessary to complete your chosen transaction and is transmitted securely. By using these services, you acknowledge that your personal data will be processed by the respective provider in accordance with its own privacy policy and regulatory obligations.

6. Cookies and Web Use

The web version of OK.secure Messenger uses only essential cookies for secure login sessions and functionality. No tracking or advertising cookies are used.

7. Your Rights

Under GDPR, you have the right to:

  • Access, rectify, or erase your personal data.
  • Restrict or object to processing.
  • Data portability.
  • Lodge a complaint with a supervisory authority.

Contact our Data Protection Officer:

Dr. Sebastian Kraska
IITR Datenschutz GmbH, Marienplatz 2, 80331 München, Germany
Email: email @ iitr . de

8. Data Retention

We retain personal data only as long as necessary to provide the service or comply with legal obligations. Encrypted content is deleted upon your request or account closure.

9. Changes to This Policy

We may update this Privacy Policy to reflect changes in technology, law, or our services. Updates will be posted in-app and on our website.

10. Contact

OK.de Services GmbH
Uhlandstr. 165/166, 10719 Berlin, Germany
Email: [email protected]

 

As of: 29.08.2025

Need help? Get Support
To top