Privacy Policy for Next Level Order Engineering

Effective Date: April 02, 2026

Provider (Controller): Next Level Order Engineering UG (haftungsbeschränkt)

Applies to: Websites, web apps, mobile apps, and related online services operated by Next Level Order Engineering UG (haftungsbeschränkt) that link to this Privacy Policy

1. Introduction

Next Level Order Engineering UG (haftungsbeschränkt) ("we", "our", "us") respects your privacy and is committed to protecting it. This Privacy Policy describes how we process personal data when you use websites, web apps, mobile apps, and other digital services that we own or operate and that link to this Privacy Policy (collectively, the "Services").

We may operate the Services across multiple domains, subdomains, country-specific domains, branded domains, and application endpoints. This Privacy Policy applies to those Services when they reference or link to this policy, even if the specific domain changes over time.

Some of our websites are hosted or delivered through Squarespace. For those websites, Squarespace may process visitor data on our behalf and for certain purposes described in Squarespace's own privacy documentation.

Product-specific features. Some Services store data locally on your device by default, while others rely on hosted infrastructure. Data is only transmitted to online services when required to provide the Service, when you enable a feature, or when you consent where consent is required.

2. Information We Collect

Depending on how you use the Services and your privacy choices, we may collect the following types of information:

• Information You Provide
  • Account details (e.g., email address) if you choose to create or use an account.
  • Contact and form submission data you provide when you contact us or submit a website form (for example, your name, email address, and the contents of your message).
  • Newsletter subscription data if you sign up to receive updates or marketing emails from us (for example, your email address and related subscription preferences).
  • User content you enter into the app (e.g., inventory item names, notes, categories, photos if you choose to add them).
  • Settings and preferences (e.g., privacy/analytics choices, language, app settings).
• Device and Usage Data
  • App, website, and web app interactions (e.g., features used, visited pages, session duration, button clicks, and basic event data).
  • Device and browser information (e.g., device type/model, operating system, browser type, app version, language, screen size, and referrer information).
  • Approximate technical data (e.g., timestamps, error reports, and performance data) to keep the app stable and secure.
  • For Squarespace-hosted websites, this may also include information about your browser, network, and device, the pages you visited before arriving at the site, the pages you view on the site, your IP address, and website activity data such as clicks, internal links, searches, scrolling, and timestamps.
• Website Cookies, Local Storage, and Consent Preferences
  • Our websites may use cookies, local storage, pixels, and similar technologies to provide core functionality, remember preferences, protect the site, and understand how visitors use the site.
  • If a website is hosted or delivered through Squarespace, Squarespace may place necessary cookies required for security, navigation, consent management, and core site functions.
  • If enabled, Squarespace may also place analytics and performance cookies to help us understand site traffic, visitor activity, and usage patterns. Where required, these non-essential cookies are only used after you make the relevant consent choice through our banner or consent settings.
  • If you interact with our cookie banner, we may store your consent choices and cookie preferences.
• Website Form, Newsletter, and Font Delivery Data
  • If you submit a contact form or similar webform on a Squarespace-hosted website, the data you enter may be processed by Squarespace so it can provide website hosting, form handling, and related site administration services.
  • If you subscribe to our newsletter or other email updates through a Squarespace-hosted website, your contact details may be processed by Squarespace and any configured email campaign or mailing-list provider so we can send and manage those communications.
  • Our websites may also use web fonts. If fonts are served through third-party font services, those providers may receive technical information such as your browser, device, the page you viewed, and your IP address in order to render the fonts properly.
• Server Log Data (Online Features)
  • If you use features that communicate with our servers or websites, our infrastructure and hosting providers may process standard log data such as IP address, timestamps, request metadata, browser information, and device/app identifiers for security, abuse prevention, troubleshooting, and service operation.
  • We try to minimize log data and retain it only as long as necessary for these purposes.
• Optional Analytics and Advertising Data (Opt-in)
  • If you opt in, we may collect analytics data via Google Analytics 4 (GA4), Squarespace analytics/performance cookies, and enable targeted/personalized advertising where applicable.
  • If you do not opt in, we only process the minimum technical data required to operate the Services, except for cookies or storage technologies that are strictly necessary.
• Data Processed for AI or Barcode Features (Feature-dependent)
  • If you use features that generate or enrich content (e.g., AI descriptions) or scan barcodes, the relevant input data (such as item text, category, barcode number, and similar context) may be sent to backend services to produce results.
  • We try to minimize what is sent and only process what is necessary for the feature to work.
• Identifiers and Advertising Data
  • Depending on your privacy settings, we may process device or advertising identifiers (such as the Apple IDFA or Google Advertising ID) to serve and measure advertisements.
  • These identifiers are only used for advertising purposes if you have opted in to the relevant tracking/advertising setting and granted App Tracking Transparency permission (where applicable).
• Purchase and Transaction Data (Feature-dependent)
  • If you make in-app purchases (e.g., token purchases), transaction-related data may be processed by the platform billing provider (Apple App Store or Google Play) and by RevenueCat, a third-party service used to manage purchase state and entitlements.
  • RevenueCat may receive end-user technical information (device type, OS), transaction information (e.g., Apple receipt data, Google purchase tokens), and an app-specific user identifier.
  • We also store a limited history of service requests (up to approximately 200 entries) and token purchase transaction IDs in your account record to manage your balance and for fraud prevention.
• Google Account File Sync Data (Feature-dependent)
  • If you choose to connect a Google account to enable syncing, we will process information required to establish and maintain that connection (for example, an account identifier such as an email address and technical authorization credentials/tokens).
  • When syncing is enabled, we may process the content you choose to sync (such as files) and related metadata (such as filenames, timestamps, sizes, and sync status), to the extent needed for the feature to work.
  • The specific data processed depends on the permissions/scopes you grant during the Google authorization flow and the actions you take in the relevant app.
  • Sync requests may be routed through our backend services that interact with Google APIs. This means synced content and metadata may be processed transiently on our servers in order to transfer it to and from Google Drive.

3. How We Use Your Information

We use personal data for the following purposes:

• To provide, operate, and improve our websites, web apps, mobile apps, and related Services.
• To host and deliver our Squarespace-based websites, including site rendering, security, fraud prevention, diagnostics, and site analytics where enabled.
• To receive, store, and respond to contact form submissions, support requests, and other website inquiries.
• To send newsletters or marketing emails where you subscribe or otherwise consent, and to manage subscription preferences and unsubscribe requests.
• To provide optional features you enable, such as Google account file sync.
• To maintain app security, prevent fraud/abuse, and troubleshoot issues.
• To improve performance and reliability (including optional diagnostics tools if enabled).
• To understand usage and improve the Services, including website performance and visitor journeys (only if analytics are enabled or where otherwise permitted).
• To provide targeted or personalized advertising (only if you explicitly opt in and where applicable).
• To process and verify in-app purchases and manage your credit/token balance.
• To store and honor your cookie consent preferences on our websites.
• To comply with legal obligations and enforce our policies.

4. Legal Bases for Processing (EEA/UK/Switzerland)

If you are located in the European Economic Area (EEA), the UK, or Switzerland, we rely on these legal bases where applicable:

• Contract: to provide the Services and requested features (including optional features you enable, such as Google account file sync).
• Legitimate interests: to secure, maintain, defend, and improve the Services (e.g., basic diagnostics, abuse prevention, fraud detection, and core website operations), balanced against your rights.
• Consent: for optional analytics, non-essential cookies, personalized advertising, and similar tracking technologies where your consent is required.
• Legal obligation: when required to comply with law.

5. How We Share Information

We do not sell your personal data. We may share data in the following cases:

• With service providers (processors):
  • Squarespace (website hosting, content delivery, visitor analytics, cookie consent tooling, forms, and related site operations). For Squarespace-hosted websites, Squarespace may receive information such as browser, network, device, browsing activity on the site, and IP address in order to provide, secure, and improve its platform and services.
  • Email and form service providers (including Squarespace tools and any connected newsletter or form-storage provider we configure) to process contact form submissions, mailing-list signups, and related communications.
  • Font delivery providers (for example, Google Fonts or Adobe Fonts, if used on a given website) to render web fonts and display the site correctly.
  • Firebase (backend infrastructure, authentication, and databases; optional performance/diagnostics tools may be enabled in the future).
  • Google services such as GA4 and advertising services (only if you opt in).
  • Google APIs for sync (e.g., Google services required to access and sync content you choose to connect), when you enable Google account file sync.
  • RevenueCat (purchase/entitlement management), which may receive device information, purchase receipts/tokens, and an app-specific user identifier to process and verify in-app purchases.
  • Apple App Store / Google Play for payment processing. Your payment details are handled by the respective platform; we do not receive or store your payment card information.
  • Other vendors required to provide specific features (e.g., barcode lookup, AI processing, video hosting, embedded content, or communication features), when you use those features.
• Through website technologies: some website features, embeds, integrations, or analytics tools may allow third parties to receive information from your browser or device when you visit our sites.
• Google’s processing: when you use Google account file sync, Google may process information as part of providing its services under Google’s own terms and privacy policies.
• For legal reasons: if required by law, regulation, subpoena, or valid legal process.
• To protect rights and safety: to investigate or prevent fraud, abuse, security incidents, or harm.

6. Your Choices and Controls

You can control how your data is handled in several ways:

• On our websites, you can use the cookie banner or consent settings to accept, reject, or manage non-essential cookies where that functionality is available.
• You can also use your browser settings or device settings to block, clear, or limit cookies and similar technologies, although this may affect site functionality.
• You can disable optional analytics and advertising tracking in our apps or websites where those controls are provided.
• You can enable GA4 analytics, Squarespace analytics/performance cookies, and targeted/personalized advertising only if you choose to opt in where consent is required.
• You can unsubscribe from newsletters or marketing emails at any time by using the unsubscribe link in the message or by contacting us.
• You can connect or disconnect a Google account for file sync (where available). You can also revoke the app’s access through your Google account security settings.
• You can request deletion of analytics data associated with your account through the relevant in-app or in-service deletion feature, where available.
• You can change privacy settings at any time in the applicable Service, where available.

7. Data Retention

We retain personal data only as long as necessary to provide the Services, fulfill the purposes described in this policy, and comply with legal obligations.

Website cookies, local storage entries, and consent records may remain on your browser or our systems for different periods depending on their purpose, your consent choices, and the default expiration periods set by our providers such as Squarespace.

If you enable Google account file sync, we retain authorization credentials/tokens only as long as needed to keep the feature enabled, unless a longer retention period is required for security, dispute resolution, or legal compliance. If you disconnect the Google account or revoke access, we will stop syncing and will remove or invalidate stored credentials within a reasonable period, subject to the above.

AI and barcode data. Images, text, or other content you submit for AI or barcode processing is deleted from our servers upon completion of the request, or if the request cannot be fulfilled, within at most 48 hours.

If you disable tracking, we limit processing to the minimal technical data required for the Services to function and remain secure, except where certain strictly necessary cookies or storage technologies are required.

If a website is hosted on Squarespace, certain visitor data and strictly necessary cookies may still be processed by Squarespace in order to securely deliver the website, operate core functions, and protect the platform, even when non-essential analytics or advertising cookies are not enabled.

7A. Squarespace Commerce Status

We do not currently sell products or services through Squarespace checkout. As a result, Squarespace-specific commerce processing such as store checkout data, customer account data, shipping data, invoicing data, or Squarespace Payments processing does not currently apply to our Squarespace-hosted websites unless and until we enable those features in the future.

If we later enable Squarespace commerce or related transaction features, we may update this Privacy Policy to describe the additional categories of data collected and the third parties involved.

8. Security

We use reasonable technical and organizational measures to protect your data from unauthorized access, loss, misuse, or alteration. However, no system can be guaranteed 100% secure.

Please note that network communications may be logged by infrastructure providers as part of standard operations. We take steps to reduce and protect such data where feasible.

9. International Data Transfers

Because we use service providers such as Squarespace, Firebase, Google (including Google APIs for optional sync features), and potentially other providers for AI or barcode lookups, your data may be processed on servers located outside of your country, including the United States.

Where required by law, we rely on appropriate safeguards for cross-border transfers (such as contractual protections).

10. Children’s Privacy

Our Services are not directed to children under the age of 16. We do not knowingly collect personal data from children. If we learn we have collected such data, we will delete it.

11. Your Rights

Depending on your location, you may have rights such as access, correction, deletion, restriction, objection, and data portability. You may also withdraw consent at any time where processing is based on consent (e.g., optional analytics/ads), without affecting processing that occurred before withdrawal.

To exercise rights, contact us using the details below. We may need to verify your identity before fulfilling requests.

12. Account Deletion

If a Service offers user accounts and account deletion, you can request deletion using the instructions provided in that Service or on the relevant support page. For services that use the Containd deletion flow, the current instructions are available here: Information about account deletion .

Because we operate across multiple domains and products, account deletion workflows may differ by Service.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be communicated within the relevant Service, on our website, and/or by updating this page. The “Effective Date” at the top will reflect the latest version.

14. Contact Us

If you have questions or concerns about this Privacy Policy, please contact:

Next Level Order Engineering UG (haftungsbeschränkt)
Email: policies@nextlevelorderengineering.com

Last updated: March 20, 2026