← Back to zwischen
Privacy Policy
Last updated: April 2026
The short version: zwischen does not require an account, does not track you personally, and does not sell any data. The only data processed is your search queries (station names) to fetch train timetables.
Who we are
zwischen is a personal project by Aditya Aserkar. The app helps Deutschland-Ticket holders discover where regional trains take them. Contact: hello@zwischen.app
What data we collect
zwischen collects minimal data:
- Search queries — station names you type are sent to our backend server to query the Deutsche Bahn API. These are not stored beyond the duration of your request.
- Server logs — our hosting providers (Railway for the backend, Netlify for the frontend) automatically log IP addresses and request timestamps as part of standard server operation. These logs are retained according to their respective policies (typically 30 days) and are used solely for debugging and security purposes.
We do not collect: your name, email, location, device fingerprint, or any personal information. We do not use cookies for tracking. We do not use Google Analytics or Facebook Pixel.
Third-party services
- Deutsche Bahn Open Data API — your station search queries are forwarded to DB's API to retrieve timetable data. DB's own privacy policy applies to this data. See DB data terms.
- OpenStreetMap / Nominatim — station names are geocoded (converted to map coordinates) using OpenStreetMap's Nominatim service. Queries include a User-Agent identifying this app. See OSM privacy policy.
- Netlify — hosts the frontend. Processes IP addresses per their privacy policy.
- Railway — hosts the backend server. Processes IP addresses per their privacy policy.
- Carto / OpenStreetMap — map tiles are loaded from Carto's servers. Your IP address is sent to their servers when the map loads. See Carto privacy policy.
- YouTube — the homepage background video is embedded from YouTube. YouTube may set cookies or process your IP when the video loads. See Google privacy policy.
Legal basis (GDPR)
For users in the European Economic Area, we process data on the basis of legitimate interests (Article 6(1)(f) GDPR) — specifically, to provide the train search service you request and to maintain server security. No personal data is processed for marketing or profiling purposes.
Your rights
Under GDPR you have the right to access, rectify, or erase personal data we hold about you, and to object to processing. Since we do not store personal data beyond server logs (which contain only IP addresses and are retained for max 30 days), there is typically nothing to access or erase. For any requests, contact hello@zwischen.app.
Data retention
Search queries are not stored. Server access logs (IP addresses, timestamps, request paths) are retained for up to 30 days by our hosting providers for security and debugging purposes, then automatically deleted.
Children
zwischen is not directed at children under 16. We do not knowingly collect data from children.
Changes
If we make material changes to this policy we will update the date at the top of this page. Continued use of the app after changes constitutes acceptance.
Contact
For privacy questions: hello@zwischen.app