D DearConcierge Back to home ↗

Legal information

Privacy Policy

This policy explains how DearConcierge processes personal data, including when you choose to connect an account or use the optional WHOOP integration. Last updated: 14 July 2026.

1. Controller and contact

Christian Louis IT Beratung
Christian Krakau-Louis
Alter Steinweg 3
20459 Hamburg
Germany

Email: [email protected]
Fax: +49 40 97074609

2. What DearConcierge does

DearConcierge is currently a single-user personal planning service. It turns task, calendar and voluntary conversational inputs into daily briefs, planning proposals, bounded replans, weekly reviews and decision support. It can process task status and history; calendar events and confirmed work blocks; messages sent through its connected channels; durable cases, goals and planning context; and records of suggestions, approvals, external changes and receipts.

It uses deterministic planning rules for facts such as calendar conflicts, deadlines, buffers and capacity. An AI-assisted planner may interpret messages, summarise relevant context and propose options, but broad external changes remain proposals unless an explicit safety policy or your approval permits the action. DearConcierge is not a medical device, does not provide medical advice, and is not intended for diagnosis, treatment or emergency use.

3. Data we process

Depending on the features you use, we process account and contact information, the planning information you provide, integration connection details and encrypted OAuth credentials, technical security data such as login, device and audit-log information, and the history of planning decisions and verified external changes.

DearConcierge can connect, with your authorisation, to Google Calendar, Donetick, Telegram and other user-selected sources. Calendar data is used for availability, fixed commitments and confirmed DearConcierge work blocks. Donetick provides task titles, priority, due dates, recurrence and completion history. Messages sent to DearConcierge through its web workspace, configured email intake or Telegram may contain the text, attachments or media you choose to send. Corporate Outlook is used only as a read-only mirrored calendar for capacity assessment; DearConcierge does not access corporate mail, modify corporate meetings, change RSVP status or contact attendees.

For specific user-facing operations, the planner may send the minimum relevant context to its AI gateway and configured model provider in order to understand an instruction, summarise content, propose trade-offs or explain a plan. DearConcierge does not use connected data to train general or personalised AI models. We minimise and redact information before such requests when the full source content is not necessary.

Where you voluntarily connect WHOOP using the WHOOP OAuth authorisation flow, we process only the WHOOP data for which you grant permission. This may include your WHOOP member identifier and profile details, physiological cycles, recovery metrics, sleep records and metrics, workouts or activities, and body-measurement data where you have authorised the relevant WHOOP scopes. We do not receive your WHOOP password. WHOOP API responses are not made into permanent copies; they are handled only within the caching and retention limits supplied by WHOOP.

4. Why we use WHOOP data

We use connected WHOOP data solely to provide the DearConcierge features you request: to present your own wellbeing and recovery context, help tailor planning suggestions to energy and recovery, and operate, secure and improve the integration for you. We do not sell, rent, license, use for advertising, or disclose WHOOP data to other users or unrelated third parties. We do not use WHOOP data to make decisions producing legal or similarly significant effects about you.

Connecting WHOOP is optional. Before DearConcierge requests any WHOOP data, you must explicitly authorise the requested scopes in WHOOP’s OAuth flow. You can see that the integration is connected and disconnect it in DearConcierge; you may also revoke authorisation through WHOOP. Disconnecting stops future retrieval of WHOOP data.

5. Legal bases

We process data needed to provide DearConcierge and an integration you choose to enable under Art. 6(1)(b) GDPR. Because WHOOP data may concern health or physiological information, we process that data only with your explicit consent under Art. 9(2)(a) GDPR, given through the integration consent and authorisation flow. You may withdraw that consent at any time by disconnecting WHOOP or contacting us; this does not affect processing already carried out before withdrawal.

We process limited technical and security data under Art. 6(1)(f) GDPR, based on our legitimate interest in secure, reliable and abuse-resistant operation. Where a legal obligation applies, Art. 6(1)(c) GDPR may also be the legal basis.

6. Hosting, security and location

DearConcierge is operated primarily on infrastructure hosted by Hetzner Online GmbH in the European Union. Its authenticated workspace is protected by Authentik; the planner, workflow service and PostgreSQL database are not publicly exposed. We use appropriate technical and organisational safeguards, including encrypted transmission (HTTPS/TLS), encryption at rest for protected data, access controls, least-privilege administration and logging. Service providers that process data on our behalf are bound by data-processing agreements where required.

WHOOP, Google, Donetick and Telegram remain independent controllers for their respective platforms. Cloudflare is used for public email ingress only. When you connect an integration, DearConcierge communicates with that provider over encrypted connections to retrieve or write only the data and actions you authorise. The provider’s own privacy policy applies to its service. Use of an AI model provider or an integration may involve processing outside the European Union; where required, we use an appropriate transfer mechanism under Chapter V GDPR.

7. Sharing and third parties

We do not sell personal data, Google data or WHOOP data. We share data only with processors necessary to run DearConcierge, such as EU infrastructure providers and the AI gateway/model provider for the narrowly scoped operation you request, and with an integration provider when you explicitly connect that integration. We do not expose your WHOOP data to other DearConcierge users. We may disclose data where legally required or necessary to establish, exercise or defend legal claims.

8. Retention, access and deletion

We retain personal data only for as long as needed to provide DearConcierge, meet legal obligations or resolve disputes. The service retains planning history, cases and auditable change receipts while your account is active because they make planning decisions understandable and reversible. Raw source content is retained only as required for the applicable feature; derived planning facts are kept only where needed to operate the personal planning history. Raw WHOOP API responses are never retained as permanent copies and are cached only for the period permitted by the applicable WHOOP response headers.

When you disconnect an integration, DearConcierge stops retrieving new data and removes the stored OAuth credentials or API connection secret. When you disconnect WHOOP, this also applies to the WHOOP OAuth credentials and permitted cached WHOOP data. You can request access to connected data, correction where applicable, export, or deletion by contacting us. On account deletion, we delete connected-source data and derived planning data unless a legal retention obligation requires a limited retention period.

9. Website and contact requests

When you visit the public website, the hosting provider processes technical log data such as IP address, time of access, requested page, referring page, browser and operating-system information. This is necessary to deliver and secure the website under Art. 6(1)(f) GDPR. The website does not use advertising cookies, analytics tags, marketing pixels or comparable visitor tracking.

If you contact us by email, we process your email address and message to respond to the enquiry, based on Art. 6(1)(b) or Art. 6(1)(f) GDPR as applicable.

10. Your rights and complaints

Subject to the statutory requirements, you have the right to access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and objection (Art. 21) to processing based on Art. 6(1)(e) or (f) GDPR. You may withdraw consent at any time with effect for the future. Contact us using the details above to exercise these rights.

You also have the right to lodge a complaint with a data-protection supervisory authority. Our competent authority is generally the Hamburg Commissioner for Data Protection and Freedom of Information.

11. Changes to this policy

We may update this policy when DearConcierge, its integrations or applicable legal requirements change. The version published on this page applies.