Privacy Policy

Introduction

At Ulysses, we respect your privacy. We believe that the less we know about you, the better; that is why we aim to limit the information we collect to the minimum necessary. The purpose of this privacy policy (“Privacy Policy”) is to inform you in detail what personally identifiable information or personal information we collect from you when you use our application, how we use such information, and the choices you have regarding our use of, and your ability to review and correct, the information.

We reserve the right to change this policy, which we will do through online posting. We use your data solely to provide you with services in which you enroll.

For purposes of this Privacy Policy, the terms “Ulysses”, “we,” “us” and “our” refer to the company Ulysses GmbH & Co. KG; the terms “application“, “service” and “product” refer to the Ulysses software and related services; and “you” refers to you, as a user of the application as applicable.

Who We Are

Ulysses GmbH & Co. KG is a German company located in Peterssteinweg 10, 04107 Leipzig. We comply with the European law for Data Protection (“GDPR”).

What Information We Collect and How We Use It

We collect solely information that is necessary to provide you with our services and to improve our product.

Basic Subscriber Information. To manage and verify your subscription across multiple devices, we collect your digital purchase receipts from Apple together with a unique device identifier. The digital purchase receipts only include information about the type and the time of a purchase. We do not see any contact or payment information. We also do not have access to your Apple ID. We are using a unique, pseudonymized identifier that is stored inside your iCloud account and only accessible to our app. In addition to the basic purchase information, we collect data about redeemed trial and promotional codes. - Legal basis Art. 6(1)(b) GDPR

Purchase Statistics. For statistical reasons and fraud protection, we collect pseudonymized data about the time and type of a purchase or the redeemed trial or promotional code, the unique user identifier, an anonymous device identifier, the version of the app and the language settings. In addition, we collect the App Store promotion campaign for Ulysses (if applicable) as well as the displayed purchase options within the app. - Legal basis Art. 6(1)(b) and 6(1)(f) GDPR

Usage Data (Optional). To improve our services we periodically collect pseudonymized data about the number and types of devices you use, the operating systems installed on those devices (e.g., iOS, macOS), the version of the app, the language setting, used features, performance data, the size of your library and whether iCloud is enabled or not. Your usage data is linked to a pseudonymized customer and device ID. We cannot resolve your name or other personal information from this data. We anonymize this data after two years.

If you do not want us to collect this data, you can disable its collection in the application’s Privacy Policy settings, which can be accessed on macOS from the menu “Help › Privacy Policy…”, and on iOS by tapping the settings button in the library section and selecting “Help & Support › Privacy Policy…”. - Legal basis Art. 6(1)(f) GDPR

Diagnostic Data (Optional). To help identify and solve specific problems with our products and services, we occasionally solicit diagnostic reports and other troubleshooting, bug, and crash reports from customers. - Legal basis Art. 6(1)(a) GDPR

Email Newsletter Subscription (Optional). To inform you about new features, releases and blog posts, we offer a newsletter for which you can subscribe with your email address. We use Mailjet to manage and send our newsletter. Your email address is stored by Mailjet as long as you are subscribed to our newsletter. You can unsubscribe from our newsletter by clicking on the unsubscribe link provided at the end of the newsletter. You can also contact us to unsubscribe or to update your email address. – Legal basis Art. 6(1)(a) GDPR.

Customer satisfaction surveys (Optional). You can participate in surveys on customer satisfaction inside Ulysses. Your answers are only stored when you submit a survey. Your answers are automatically linked with your usage data using a pseudonymized identifier. We cannot resolve your name or other personal information from this data. We delete your answers after two years. – Legal basis Art. 6(1)(f) GDPR.

Student Application. If you apply for a student subscription, we collect your name, your email address and a photo of your student ID for the process of validation. - Legal basis Art. 6(1)(b) GDPR

Email, Social Media and App Store/Setapp Reviews. We offer several channels for contacting us: The contact form on our website, our company mail addresses, our accounts on social media services and reviews on the App Store or on Setapp. When contacting us, your message will be forwarded and stored by our customer support systems. We store your messages for further reference for two years – Legal basis Art. 6(1)(f) GDPR. Additionally, we are legally required to archive all emails for ten years without having direct access to them – Legal basis Art. 6(1)(c) GDPR. Please also refer to the privacy statement of any involved third-party service, such as social media services, the App Store or Setapp.

Volume Licensing (Seat Users). If you are using Ulysses through our Volume Licensing, we collect your email address as well as the type and identifiers of the devices you are using, to validate your license status. This data is validated regularly by contacting our servers. – Legal basis Art. 6(1)(b) GDPR. If you are a volume license holder, please refer to the Web Privacy Policy for details.

Advanced Check (Optional). For Advanced Check, the contents of the checked text are sent to our servers hosted by Hetzner Online, from which they are forwarded to the LanguageTool service for analysis. Your written text is kept on our servers and the servers of LanguageTool while the text is being processed. It will be deleted shortly after the text checking has been completed. - Legal basis Art. 6(1)(b) GDPR

To improve the quality and stability of Advanced Check, we collect pseudonymized data about the duration and frequency of text checks, as well as the language and length of a checked text. For information on how to disable analytics, please refer to the Usage Data section. In addition to the usage data we collect, anonymously, error messages returned by the LanguageTool service and errors that occur on our server. - Legal basis Art. 6(1)(f) GDPR

Where We Store Your Data

Personal Content. Your content, e.g., your written words, keywords, daily goals, etc., is not saved on our servers nor do we have access to this data. This data is saved as human-readable text files locally on your Mac or iOS device and, in case you are using the iCloud function of the application, synchronized with your personal iCloud Drive storage (Apple service). iCloud Drive creates backups of your data and syncs it between your devices automatically. You always have the option to disable iCloud from the system settings.

In case you use the Dropbox integration, your content is stored on Dropbox, and we do not have access to this data.

If you make use of the WordPress, Ghost, Micro.blog or Medium integration, your selected content is uploaded to the respective websites. These services have their own privacy policy which you should agree with before sending content.

Basic Subscriber Information. The digital purchase receipts, as well as the redeemed trial or promotional codes, are stored in Apple’s CloudKit to sync your subscription data between your Apple devices. We do not have direct access to any data stored in your iCloud account.

Purchase Statistics. The purchase statistics are stored on servers of Heroku.

Usage Data and Customer Surveys (Optional). The usage data and your answers from customer satisfaction surveys are stored on our own servers hosted by Hetzner Online.

Diagnostic Data (Optional). Crash reports of the application are collected and sent to App Center by users who explicitly opt into our beta software programs or who explicitly choose to provide diagnostic data to us.

Student Applications. For the process of validation, the student application data is stored at Heroku. After the application is processed, we store your data for another week before we delete the copy of your student ID and, in case of a denial, your whole student application. If your student application was accepted we solely store your name and email address for the duration of your license plus six months.

The server hosting company Melting Mind creates regular backups of our email traffic which includes all emails sent to you during the application process.

Email, Social Media and App Store/Setapp Reviews. All messages sent to us are stored by Melting Mind and Front. Additionally, we are legally required to archive all emails for ten years without having direct access to them. This archive is stored by Melting Mind.

Advanced Check Diagnostics. Error messages returned by the LanguageTool as well as errors on our proxy server are sent anonymized to Sentry. – Legal basis Art. 6(1)(f) GDPR

How Long We Store Your Data For

We store your data for as long as German law requires, or as is necessary for the fulfillment or the initiation of a contract, or as long as we claim legitimate interests. After the expiration of that period, the corresponding data is routinely deleted or completely anonymized. We have detailed some of the deletion periods under “Where We Store Your Data” and “What Information We Collect and How We Use It”. When not stated otherwise, statistical and diagnostic data is generally never deleted.

We clarify that the provision of personal data is partly required by law (e.g., tax regulations) or can result from contractual provisions (e.g., information on the contractual partner).

Data Processors

Depending on the usage of our services your personal data might be processed by the following services:

Apple

CloudKit database service and iCloud Drive file storage service provided by Apple, Inc.

Personal Data: Digital purchase receipts, usage of promotions and trials, pseudonymized user identifier
Location of Data Processing: Europe or USA

Mailjet

Newsletter service provided by Mailjet, France.

Personal Data: Email address of newsletter subscribers
Location of Data Processing: EU, USA

Front

Help desk software provided by FrontApp, Inc.

Personal Data: Support emails
Location of Data Processing: USA

Heroku

Hosting service provided by Heroku, Inc.

Personal Data: Purchase statistics and student application status
Location of Data Processing: EU

Hetzner

Hosting service provided by Hetzner Online GmbH.

Personal Data: Usage Data and Customer Surveys
Location of Data Processing: Germany

App Center

Crash analytics software provided by Microsoft Corporation.

Personal Data: Crash reports
Location of Data Processing: USA

Melting Mind

Email server hosting company.

Personal Data: Email traffic
Location of Data Processing: Germany

LanguageTool

Text analysis software provided by LanguageTooler GmbH.

Personal Data: Written Texts
Location of Data Processing: Germany

Sentry

Error tracking service.

Personal Data: Error messages (anonymized)
Location of Data Processing: USA

Your Privacy Rights (Under GDPR)

Right to Access. You can request Ulysses to provide you with information on how we collect, use, and store your personal information, and to provide you with a copy of your personal information we store.

Right of Rectification. You can request that we correct inaccurate information about you.

Right to Delete. You can request that we delete information collected about you, given that we are not required by law to preserve it, that it is not necessary for contract fulfillment and that we can still identify your records.

Right to Object. You can object to the processing of your information in certain cases, as well as request that Ulysses does not use your personal information for direct marketing purposes.

Right to Data Portability. If requested, we will provide you all data under our control in common, machine-readable formats. If requested, we will provide you with instructions to obtain your data, in cases where we do not have direct access.

Responsible Body for Data Privacy

Responsible body for the processing of personal data within the meaning of the law. Art. 4 (7) GDPR :

Ulysses GmbH & Co. KG
Peterssteinweg 10
04107 Leipzig
Germany

Email: privacy@ulysses.app

Data Protection Officer

Jan Marschner, LL.M.
Markt 9
04109 Leipzig
Germany
E-Mail: jm@datenschutzbeauftragter-leipzig.de

Contacting You

We may use your contact information to communicate with you about our product, diagnostic data and error reports, provide support, and send you other information such as product updates and announcements. You can opt out of news and announcements by unsubscribing from our newsletter.

Breach Notification

If the confidentiality of customer data is breached, we recognize our responsibility to our customers and to the public to disclose the nature of the risk and provide a transparent account of the events without undue delay. At a bare minimum, we must inform the applicable supervisory authorities as required by law and regulation.

Those under the age of 16 may not use the services without the consent or authorization of their parent or legal custodian.

Updates to Our Privacy Policy

At our discretion, we may make changes to this Policy and note the date of the last revision. You should check here frequently if you need to know of updates to our Privacy Policy. We maintain the right to inform you of substantive changes via email. Previous versions of this page will be made available.

Glossary

Ulysses

Ulysses (or sometimes “we”, “us” or “our”) refers to the company Ulysses GmbH & Co. KG.

Pseudonymization

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to an identified or identifiable natural person without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Last updated: July 27th, 2023