Privacy Policy for Deutsch Mentor

Introduction

Welcome to Deutsch Mentor, a mobile language learning application designed to help you learn German through AI-powered conversations, interactive exercises, and gamification features. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our mobile application ("App") available on iOS and Android platforms.

By downloading, installing, or using the App, you agree to the collection and use of your information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use the App.

Information We Collect

1. Account & Profile Information

When you create an account, we collect:

• Name and email address
• User ID and authentication tokens
• German proficiency level (beginner, intermediate, advanced)
• Learning interests and preferences
• Native language selection
• Profile images and photos (optional)
• Account creation and modification timestamps

2. Learning Data

As you use the App for language learning, we collect:

• Chat conversations with our AI tutor
• Voice messages and audio recordings
• Saved flashcards and vocabulary lists
• Learning progress and achievements
• XP points and gamification data
• Exercise completion and performance metrics
• User-generated content and messages

3. Technical & Usage Data

We automatically collect technical information including:

• Device information (OS, app version, device model)
• App usage patterns and session data
• Crash reports and error logs
• Performance analytics
• Push notification tokens
• Network connectivity information
• App state and activity tracking

4. Authentication & Security Data

For account security and authentication, we collect:

• Google Sign-In data (with your consent)
• Apple Sign-In data (with your consent)
• Firebase Authentication tokens
• Session management data

5. Subscription & Payment Data

If you subscribe to premium features, we collect:

• RevenueCat subscription information
• Payment processing data (handled by app stores)
• Billing history and transaction records
• Subscription status and renewal dates

How We Use Your Information

Primary Purposes

We use your information for the following purposes:

• Service Provision: To provide and maintain the App's core language learning features
• Personalization: To customize your learning experience based on your proficiency level and preferences
• AI Interactions: To enable conversations with our AI tutor and generate personalized learning content
• Progress Tracking: To monitor your learning progress and provide feedback
• Gamification: To manage XP points, achievements, and learning milestones
• Voice Features: To process voice messages and provide audio synthesis for pronunciation practice

Secondary Purposes

• App Improvement: To analyze usage patterns and improve the App's functionality
• Technical Support: To troubleshoot issues and provide customer support
• Security: To protect against fraud, abuse, and security threats
• Legal Compliance: To comply with applicable laws and regulations
• Communication: To send important updates and learning reminders

AI & Machine Learning

Our App uses artificial intelligence to provide personalized language learning experiences. Here's how we handle AI-related data:

• Conversation Processing: Your chat conversations with the AI tutor are processed to provide relevant responses and improve learning outcomes
• Learning Analytics: We analyze your learning patterns to personalize content and track progress
• Content Generation: AI generates educational content based on your proficiency level and interests
• Voice Processing: Voice messages are processed for pronunciation feedback and language practice

Important: While we strive for accuracy, AI-generated content is for educational purposes only and may not always be perfect. We are not responsible for any misunderstandings or errors in AI-generated content.

Voice & Audio Data

Our App includes voice features for pronunciation practice and language learning:

• Voice Recording: You may record voice messages for pronunciation practice
• Audio Synthesis: We use ElevenLabs technology to generate audio for learning materials
• Storage: Voice recordings are stored securely and used only for educational purposes
• Consent: Voice recording requires your explicit consent each time
• Deletion: You can delete voice recordings at any time through the App

Information Sharing & Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

Service Providers

We share data with trusted third-party service providers who help us operate the App:

• Firebase (Google): For authentication, data storage, and backend services
• OpenAI: For AI conversation processing and language learning features
• ElevenLabs: For voice synthesis and audio generation
• RevenueCat: For subscription management and billing
• Sentry: For crash reporting and error monitoring
• Expo: For push notification services

Legal Requirements

We may disclose your information when required by law, such as:

• To comply with legal obligations or court orders
• To protect our rights, property, or safety
• To investigate fraud or security threats
• To respond to government requests

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction.

Data Storage & Security

We implement comprehensive security measures to protect your personal information:

Technical Security

• Encryption: All data is encrypted in transit and at rest using industry-standard protocols
• Firebase Security: We leverage Firebase's enterprise-grade security features
• Access Controls: Strict access controls and authentication mechanisms
• Regular Audits: We conduct regular security assessments and updates

Data Protection

• Secure Storage: Data is stored in secure, geographically distributed data centers
• Backup Security: Regular backups with encryption and access controls
• Incident Response: We have procedures for responding to security incidents
• Employee Training: Our team is trained on data protection best practices

Important: While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Your Rights & Choices

Depending on your location, you have certain rights regarding your personal information. We are committed to helping you exercise these rights.

Your Privacy Rights (GDPR/CCPA)

You have the following rights regarding your personal data:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Portability: Receive your data in a portable format
• Right to Restrict Processing: Limit how we use your data
• Right to Object: Object to certain types of processing
• Right to Withdraw Consent: Withdraw consent for optional features

How to Exercise Your Rights

You can exercise your rights by:

• Using the App's built-in privacy controls
• Contacting us at gianmarco@ondadev.com
• Using the account settings in the App

We will respond to your request within 30 days. If you're in the EU/UK and believe we're processing your data unlawfully, you can also complain to your local data protection authority.

Data Retention

We retain your personal data only for as long as necessary to provide our services and as required by law:

Retention Periods

• Account Data: Retained while your account is active, deleted within 30 days after account deletion
• Chat Conversations: Stored for 2 years to provide learning continuity, then anonymized
• Voice Recordings: Stored for 1 year, then automatically deleted
• Learning Progress: Retained for 5 years to provide personalized learning experiences
• Payment Data: Retained as required by financial regulations (typically 7 years)
• Technical Logs: Retained for 90 days for security and troubleshooting

Data Deletion

When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required for legal, security, or business purposes.

What Information Do We Collect?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when registering on the Services, expressing an interest in obtaining information about us or our products and Services, participating in activities on the Services, or otherwise contacting us.

Personal Information Provided by You. The personal information we collect depends on the context of your interactions with us, the Services, your choices, and the products and features you use. This may include:

• Names
• Email addresses

Sensitive Information. We do not process sensitive information.

Payment Data. If you make purchases, we may collect data necessary for the payment process, like your payment instrument number and its associated security code. All payment data is stored byStripe.

Social Media Login Data. We offer the option to register using your existing social media account details, such as Facebook or Twitter. If you choose to register this way, we'll collect the information as outlined in the section "HOW DO WE HANDLE YOUR SOCIAL LOGINS?" below.

Please ensure all personal information you provide is accurate and up to date. Notify us immediately of any changes.

Information automatically collected

In Short: Some information, like your IP address or browser and device details, is collected automatically upon visiting our Services.

When you visit, use, or navigate our Services, we automatically gather certain data. While this information doesn’t reveal your identity directly, it might include details such as the browser and device characteristics, IP address, language preferences, referring URLs, device name, country, location, and other technical details. This data helps ensure the security and optimal functioning of our Services, and is also used for analytics and reporting.

Log and Usage Data. Our servers automatically gather and log service-related, diagnostic, and performance data when you access or use our Services. Depending on your interaction with us, this log data can include details such as your IP address, device specifics, browser type, actions on the Services like pages viewed or features used, error reports, and hardware settings.

Location Data. We might collect data about your device’s location, which can be either precise or imprecise. The extent of information we collect depends on your device’s type and settings. For instance, we might use technologies like GPS to get geolocation data based on your IP address. You can always opt out or disable these services. However, doing so might limit some features of the Services.

How Do We Process Your Information?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

Depending on how you interact with our Services, we process your personal information for various purposes including:

• Facilitating account creation, authentication, and managing user accounts.
• Saving or protecting an individual's vital interest, like preventing harm.

What Legal Bases Do We Rely On to Process Your Information?

In Short: We only process your personal information when we believe it's necessary and we have a valid legal reason, such as consent, law compliance, service provision, contractual obligations, your rights protection, or business interests.

The GDPR and UK GDPR necessitate that we provide valid legal bases for processing your personal information. We might rely on:

• Consent: With your permission for specific purposes. You can revoke this anytime. Learn more about withdrawing your consent.
• Legal Obligations: For compliance purposes, cooperation with enforcement agencies, legal rights defense, or as litigation evidence.
• Vital Interests: To protect vital interests of you or a third party, especially in potentially harmful situations.

When and With Whom Do We Share Your Personal Information?

In Short: We may share information in specific situations described in this section and/or with certain third parties.

Your personal information might be shared in scenarios such as:

• Business Transfers: In mergers, company asset sales, financing, or during business acquisitions.
• Business Partners: With partners to offer specific products, services, or promotions.

How Do We Handle Your Social Logins?

In Short: If you opt to register or log in using a social media account, certain information about you may become accessible to us.

Our Services give you the chance to register and log in through third-party social media accounts (e.g., Facebook or Twitter). If you decide to do this, we might receive profile information from your social media provider. This could include your name, email, friends list, profile picture, and more, depending on the provider and your privacy settings. We will use this information as described in this privacy notice and any additional terms provided to you related to this feature. However, we don't have control over, and are not accountable for, the provider's use of your information. We suggest reviewing their privacy policies.

How Long Do We Keep Your Information?

In Short: We retain your data as long as necessary according to the purposes in this privacy notice, or as required by law.

We store your personal data only for the period necessary as described in this privacy notice or if there's a legal requirement to retain it. For instance, we won't keep your information longer than the duration of your account with us. Once we don't have a valid reason to process your data, we'll either delete or anonymize it, or securely store it without further processing if deletion isn't possible right away.

How Do We Keep Your Information Safe?

In Short: We employ both organizational and technical measures to secure your data.

We've put in place various technical and organizational security measures to safeguard your data. Nevertheless, no system can be completely secure, so we can't assure or guarantee the complete safety of your data from unauthorized third parties. It's important to be cautious and only access our Services in a safe setting.

Children's Privacy (COPPA)

Our App is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

Age Requirements

• Minimum Age: You must be at least 13 years old to use the App
• Parental Consent: If you are under 18, you need parental or guardian consent
• No Child Data: We do not knowingly collect data from children under 13

If We Discover Child Data

If we become aware that we have collected personal information from a child under 13, we will promptly delete such information. If you believe we may have collected data from a child under 13, please contact us immediately.

International Data Transfers

Our App operates globally and may transfer your data across international borders. We ensure appropriate safeguards are in place:

Cross-Border Transfers

• EU/UK Transfers: We use Standard Contractual Clauses (SCCs) for data transfers outside the EU/UK
• Adequacy Decisions: We rely on adequacy decisions where applicable
• Security Measures: All transfers include appropriate security safeguards

Data Processing Locations

Your data may be processed in the following locations:

• United States (Firebase, OpenAI, ElevenLabs)
• European Union (where applicable)
• Other locations where our service providers operate

Push Notifications

Our App sends push notifications to help you maintain your learning routine:

Notification Types

• Daily Reminders: Gentle reminders to practice German
• Learning Updates: Progress milestones and achievements
• App Updates: Important app updates and new features

Notification Controls

• Permission-Based: Notifications require your explicit consent
• Opt-In/Opt-Out: You can enable or disable notifications at any time
• Granular Control: Control different types of notifications separately
• Token Management: Notification tokens are stored securely and updated automatically

Legal Bases for Data Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

Primary Legal Bases

• Contract Performance: To provide the App's core language learning services
• Legitimate Interest: To improve the App and provide personalized learning experiences
• Consent: For optional features like push notifications and voice recording
• Legal Obligation: To comply with applicable laws and regulations

Consent Management

For features requiring consent, you can withdraw consent at any time through the App settings. Withdrawing consent will not affect the lawfulness of processing before the withdrawal.

Third-Party Services

Our App integrates with several third-party services to provide its functionality:

Service Providers

• Firebase (Google): Authentication, data storage, and backend services
• OpenAI: AI conversation processing and language learning features
• ElevenLabs: Voice synthesis and audio generation
• RevenueCat: Subscription management and billing
• Sentry: Crash reporting and error monitoring
• Expo: Push notification services

Third-Party Privacy

Each third-party service has its own privacy policy. We recommend reviewing their policies to understand how they handle your data. We are not responsible for the privacy practices of these third-party services.

Data Breach Notification

In the unlikely event of a data breach, we have procedures in place to protect your information:

Our Response

• Immediate Assessment: We will assess the breach within 72 hours
• User Notification: We will notify affected users as required by law
• Regulatory Reporting: We will report to relevant authorities where required
• Security Measures: We will implement additional security measures as needed

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws:

Update Process

• Notification: We will notify you of material changes through the App or email
• Review Period: You will have time to review changes before they take effect
• Continued Use: Continued use of the App after changes constitutes acceptance

Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

Contact Details

• Email: gianmarco@ondadev.com
• Website: https://web.deutsch-mentor.com/
• Response Time: We aim to respond to privacy inquiries within 30 days

Data Protection Officer

For EU/UK users with specific privacy concerns, you can also contact your local data protection authority.

Governing Law

This Privacy Policy is governed by and construed in accordance with applicable data protection laws. Any disputes will be resolved in accordance with the jurisdiction where you reside.