EnglishEN

PRIVACY POLICY

Last Updated: June 12, 2026

Introduction: This Privacy Policy explains how Nextstapp UG (Haftungsbeschränkt) ("Nextstapp", "we", or "us"), as the developer of the mobile application Learn German with Practice (the "App"), collects, uses, and protects user data. By using the App, you agree to the data practices described in this Privacy Policy.

1. Information We Collect

1.1 Personal Information (Optional)

The App offers optional user registration through third-party authentication providers. If you choose to create an account, we collect:

  • Authentication Data: Email address, name, and profile photo (if provided) via Google Sign-In or Apple Sign-In.
  • Profile Information: If you complete your profile, we collect: first name, last name, date of birth, gender, German proficiency level, native language, optional "about me" text, and an optional profile photo you upload.
  • Firebase User ID: A unique identifier assigned by Firebase Authentication to manage your account.

You can use most of the App's features without creating an account. Account creation is only required for certain social features (such as real-time chat with other learners) and to sync your progress across devices.

1.2 Anonymous Usage Data

We collect anonymous usage statistics and information about your interactions with the App's features. This data may include:

  • How often you use the App and which features you access (e.g., lessons, exercises, AI practice sessions).
  • General trends in how users interact with exercises and practice modes.
  • App performance metrics (crash reports, loading times, errors).
  • An anonymous user identifier (a randomly generated hash stored locally on your device) to track usage patterns without identifying you personally.

This data is collected for educational purposes and to improve the App's features and content. It does not contain personally identifiable information and cannot be used to identify you.

1.3 AI Interaction Data

When you use AI-driven features (such as sentence translation practice, speech evaluation, spoken conversation practice, writing evaluation, or AI chat), your inputs and the AI's responses are processed:

  • Text Practice: Sentences you write, questions you ask, translations you provide, and letters/texts you submit for writing evaluation.
  • Voice Practice: Audio recordings of your speech, used to transcribe and evaluate your pronunciation and conversation answers. Recordings are processed by AI services (see below) and are not permanently stored by us; temporary audio files created during processing are automatically deleted from our servers within 24 hours.
  • Generated Pronunciation Audio: When you request to hear the correct pronunciation of a sentence, that sentence text is synthesized into audio by an AI text-to-speech service. The generated audio file is automatically deleted from our servers within 24 hours.
  • Chat Conversations: Messages exchanged with AI teachers in the chat feature.

This data is sent anonymously to our backend API and then to our AI providers (OpenAI and Google Gemini) for processing. We do not include any information that could directly identify you when sending data to these providers.

1.4 Device and Technical Information

We automatically collect certain technical information about your device and how you access the App:

  • Device Information: Device type, operating system version (iOS/Android), app version, device language settings.
  • Identifiers: Advertising ID (IDFA on iOS, GAID on Android) if you consent to tracking, device push notification token (FCM token) if you enable notifications.
  • Network Information: Approximate location derived from your IP address (used only for analytics and ad attribution, not for precise geolocation).

1.5 Website Referral Tracking

When you visit our website (lingzy.net) through advertising or referral links, we collect limited anonymized data to measure the effectiveness of our marketing campaigns:

  • Referral Source: The campaign or source that directed you to our website (e.g., "instagram", "tiktok").
  • Device Type: Whether you are using an iOS or Android device (to redirect you to the appropriate app store).
  • Anonymized IP Address: Your IP address is partially masked (last octet replaced with "xxx", e.g., 192.168.1.xxx) before being stored. This ensures we cannot identify you personally while still allowing us to detect fraudulent traffic patterns.
  • Timestamp: The date and time of your visit.
  • Advertising Click Identifiers (gclid, fbclid): When you arrive at our website by clicking on a Google or Meta (Facebook/Instagram) advertisement, the link URL may include a click identifier appended by the ad platform. We capture these identifiers (gclid for Google, fbclid for Meta) and, if you later install the App on the same device, may pass them to the corresponding ad platform server-side to attribute your install or subscription to the originating ad click. These identifiers expire after 30 days.
  • UTM Parameters: Standard utm_source, utm_medium, utm_campaign and similar query-string parameters are read for internal analytics. They are not shared with third parties in raw form.

This data is stored on our servers in Germany and is used solely for aggregate statistical analysis and ad-spend measurement. It is not linked to any personal account or identity beyond what is described in the "Marketing Attribution & Advertising Partners" section below.

1.6 Real-Time Chat Data (Optional Feature)

If you create an account and use the real-time chat feature to converse with other learners:

  • All chat messages, timestamps, and conversation metadata are stored in our database (hosted in Germany).
  • Chat data is linked to your user profile (email and Firebase UID).
  • You can block other users, and blocking information is also stored.
  • Chat messages are stored indefinitely unless you manually delete your account (see "Data Deletion" section).
  • Automated Anti-Spam Moderation: To protect users from spam and scam attempts, our systems automatically analyze chat activity patterns (such as how many different users an account contacts in a short period, repeated identical messages, and how often an account is blocked by others). As part of this, we derive short cryptographic fingerprints (hashes) from message content to detect identical messages sent to many users; these fingerprints cannot be reversed back into the original message and are automatically deleted after 7 days. Accounts exhibiting spam-like behavior may have their messages hidden from recipients or their ability to start new conversations limited.

2. How We Use Your Information

We use the collected information for the following purposes:

  • To Provide and Improve the App: Deliver core features (lessons, exercises, AI practice), maintain and improve functionality, fix bugs, and develop new features.
  • To Personalize Your Experience: Remember your progress, preferences, and settings; provide personalized recommendations and reminders.
  • To Manage Subscriptions: Process in-app purchases and subscriptions, verify premium access, and manage billing (handled by app stores and RevenueCat).
  • To Enable Social Features: Facilitate real-time chat with other users (if you create an account and use this feature).
  • To Analyze and Optimize: Understand how users interact with the App, identify areas for improvement, and measure the effectiveness of new features.
  • To Measure Advertising Performance: Track which advertising campaigns lead to app installs and purchases, to optimize our marketing spend.
  • To Send Notifications: Deliver push notifications for learning reminders, new content, and other relevant updates (only if you grant permission). We also use local notifications (generated on your device) for personalized study reminders; the timing and content of these reminders may be personalized based on your usage patterns, computed entirely on your device.
  • To Communicate With You by Email: If you have created an account, we may send emails to your registered email address. These include service emails (such as important account, security, or policy-change notices) and — with your consent or as otherwise permitted by applicable law — learning tips, feature announcements, and promotional offers. Every marketing email contains an unsubscribe link, and you can opt out at any time (see Section 9, "Email Communications").
  • To Ensure Safety: Moderate user-uploaded content (profile photos are checked for inappropriate content using automated moderation) and operate automated anti-spam systems in the real-time chat feature (see Section 1.6).

3. Marketing Attribution & Advertising Partners

To measure the effectiveness of our advertising campaigns and to detect fraudulent installs, Lingzy works with third-party marketing measurement and advertising partners. These partnerships allow us to understand which ad campaigns lead to app installs and in-app subscriptions so we can invest responsibly in reaching users who find the App valuable. We do not use this data to build a profile of you for purposes unrelated to ad measurement.

3.1 AppsFlyer (Mobile Measurement Partner)

We use AppsFlyer to attribute app installs and in-app events to the advertising campaigns that drove them. AppsFlyer acts as a data processor on our behalf. The following data may be transmitted to AppsFlyer:

  • Hashed external user identifier (SHA-256)
  • Mobile advertising identifiers (IDFA on iOS where permitted by App Tracking Transparency; GAID on Android)
  • IP address, used for fraud detection and approximate geolocation (truncated or anonymized per region)
  • App event data (install, registration, subscription start/trial, renewal, cancellation)
  • Click identifiers such as fbclid or gclid when present at install time
  • Device information (model, operating system, app version)

AppsFlyer's privacy policy: https://www.appsflyer.com/legal/services-privacy-policy/. You may opt out of AppsFlyer tracking at https://www.appsflyer.com/optout/.

3.2 Meta (Facebook) — Conversions API

We use Meta's Conversions API (a server-side integration) to report advertising conversion events directly from our backend servers to Meta. This allows us to measure and optimize campaigns running on Facebook and Instagram, including remarketing and the building of lookalike audiences. The Meta Facebook SDK is not embedded in the App; all transmission to Meta happens server-side. Data transmitted may include:

  • Hashed email address (SHA-256, not reversible)
  • Hashed external user identifier (SHA-256)
  • IP address (used for matching only; not stored alongside identifiable user data)
  • App event data (initial purchase, renewal, refund, registration)
  • fbclid (Meta click identifier captured when a user arrives via a Meta ad link)

Each event includes a deterministic event identifier so that Meta can deduplicate our server-side reports against any client-side signal received via AppsFlyer. Meta's data policy: https://www.facebook.com/privacy/policy/.

3.3 Google Ads — Enhanced Conversions

We use Google Ads Enhanced Conversions for App to improve the accuracy of conversion measurement for our Google Search, Performance Max, and App campaigns. Data is sent server-side and processed by Google. Data transmitted may include:

  • Hashed email address (SHA-256)
  • gclid (Google click identifier captured when a user arrives via a Google ad link)
  • App event data (install, subscription)
  • Order identifier (used for deduplication only)

Google's privacy policy: https://policies.google.com/privacy.

3.4 App Tracking Transparency (iOS)

On iOS devices (version 14.5 and newer), we are required by Apple to ask for your permission to "track" you across apps and websites. This permission (known as App Tracking Transparency or ATT) is requested via a system prompt the first time you reach a feature that benefits from attribution.

  • If you allow tracking: The App may access your device's IDFA and share it with AppsFlyer for the purposes described above. This helps us understand which ad campaigns drove your install and optimize our spend.
  • If you deny tracking: The App will not access your IDFA. No personal-level device identifier will be shared with advertising partners. Attribution will fall back to Apple's SKAdNetwork framework, which reports privacy-preserving, aggregated, and delayed campaign performance to ad networks without any data flowing through our servers or those of our partners. Your in-app experience is identical regardless of your choice.

You can change your decision at any time under Settings > Privacy & Security > Tracking on your iOS device.

3.5 Android

On Android devices, you can reset or opt out of personalized advertising at any time via Settings > Privacy > Ads (path varies by manufacturer and Android version). When personalized ads are opted out, the GAID is not used to build an advertising profile and falls back to a non-identifying value.

3.6 Legal Basis under GDPR

Under the EU General Data Protection Regulation (Regulation (EU) 2016/679), we rely on Legitimate Interests (Article 6(1)(f)) for marketing attribution measurement — specifically our interest in understanding the source of app installs and measuring return on advertising spend — balanced against your interests and rights. Where required by law or where you have not given consent under the iOS App Tracking Transparency framework, we rely only on privacy-preserving aggregated attribution via SKAdNetwork (iOS) or Google Play Install Referrer (Android), neither of which contains personal-level identifiers.

For users in California (CCPA/CPRA), the data sharing described above may constitute a "sale" or "sharing" of personal information for cross-context behavioral advertising purposes. See Section 9 ("Your Rights and Choices") for opt-out instructions, including how to email nextstapp.tech{'@'}gmail.com to be excluded from Conversions API and Enhanced Conversions reporting.

4. Third-Party Services

To operate and enhance the App, we rely on several trusted third-party services. These services process data on our behalf. The third-party services we use are:

4.1 Firebase (Google)

We use multiple Firebase services for app functionality, analytics, and infrastructure:

  • Firebase Authentication: Manages user sign-in via Google and Apple. Stores your email, name, and user ID (UID). Data is stored on Google's servers.
  • Firebase Analytics: Tracks anonymous usage statistics (e.g., screens viewed, features used, session duration) to help us understand app usage patterns. This data is stored by Google and is not linked to your identity unless you create an account.
  • Firebase Crashlytics: Collects crash reports and error logs to help us identify and fix bugs. This includes device information, stack traces, and app state at the time of a crash. No personally identifiable information is included in crash reports.
  • Firebase Cloud Messaging (FCM): Delivers push notifications to your device if you grant notification permissions. We store your FCM token to send you notifications.
  • Firebase Performance Monitoring: Tracks app performance metrics (loading times, network requests) to identify performance bottlenecks.

All Firebase data is processed in accordance with Google's privacy policy: https://policies.google.com/privacy

4.2 AppsFlyer (Mobile Measurement Partner)

As detailed in Section 3, AppsFlyer is our mobile measurement partner. The AppsFlyer SDK is embedded in the App and collects device identifiers (subject to ATT on iOS), install referrer data, app event data, and IP-derived approximate location for the purpose of attributing installs and in-app purchases to the originating ad campaign.

AppsFlyer's services privacy policy: https://www.appsflyer.com/legal/services-privacy-policy/

4.3 Meta Conversions API (Server-Side)

Our backend sends hashed user identifiers (email, external user ID), IP address, app event data, and click identifiers to Meta via the Conversions API for the purpose of measuring and optimizing advertising campaigns running on Facebook and Instagram. The Meta Facebook SDK is not embedded in the App.

Meta's data policy: https://www.facebook.com/privacy/policy/

4.4 Google Ads — Enhanced Conversions

Our backend sends hashed email addresses, Google click identifiers (gclid), and conversion event data to the Google Ads API for the purpose of accurate ad measurement for our Google campaigns.

Google's privacy policy: https://policies.google.com/privacy

4.5 Google Analytics

Used to track and analyze aggregate usage information (e.g., number of users, session duration, screens viewed). This helps us understand how the App is used and improve user experience. Google Analytics collects usage data such as device information and app interactions.

4.6 OpenAI ChatGPT API

We use OpenAI's ChatGPT API to power AI-driven learning features, including:

  • Generating practice sentences and exercises
  • Evaluating your answers and providing feedback
  • Powering the AI teacher chat feature

When you use these features, your exercise prompts, answers, and chat messages are sent to OpenAI's servers for processing. This data is sent anonymously – we do not include your name, email, or any other personal identifiers when communicating with OpenAI.

Data Retention: According to OpenAI's data usage policies (as of December 2024), data sent to the OpenAI API is retained by OpenAI for 30 days for abuse monitoring purposes, after which it is deleted from their systems. We do not control OpenAI's data retention practices beyond our API usage. For the most current information, please refer to OpenAI's data usage policy: https://openai.com/policies/usage-policies

4.7 Google Gemini API

We use Google's Gemini API to power AI-driven learning features, including:

  • Evaluating your spoken answers in conversation practice and speaking exams (your voice recordings are processed by Gemini to transcribe and assess them)
  • Generating follow-up questions during spoken conversation practice
  • Generating speech audio (text-to-speech) for practice questions and correct-pronunciation playback
  • Evaluating your written texts (e.g., letter-writing exercises) and generating practice content

When you use these features, your practice inputs (text and voice recordings) and exercise context are sent to Google's servers for processing. This data is sent anonymously – we do not include your name, email, or any other personal identifiers when communicating with Google Gemini. Data sent to the Gemini API is processed in accordance with Google's API terms and data policies: https://ai.google.dev/gemini-api/terms

4.8 RevenueCat

Used to manage subscription purchases and in-app purchases. RevenueCat helps us determine if you have an active subscription and what features to unlock. It processes purchase data from the app stores (Google Play or Apple App Store). No personal payment information (such as your name or credit card details) is ever seen or stored by us – all payment processing is handled by the app stores. RevenueCat provides us with anonymous identifiers, subscription status, and purchase history (e.g., whether your subscription is active or expired) so we can grant access to premium features.

If you create an account in our App, we link your RevenueCat ID with your Firebase UID to sync your subscription status with your profile.

RevenueCat privacy policy: https://www.revenuecat.com/privacy

4.9 Google Sign-In and Apple Sign-In

If you choose to create an account using Google or Apple authentication:

  • Google Sign-In: Managed by Google. We receive your email, name, and profile photo (if you grant permission). Google's privacy policy applies: https://policies.google.com/privacy
  • Apple Sign-In: Managed by Apple. We receive an email address (real or privacy-relay email) and optionally your name. Apple's privacy policy applies: https://www.apple.com/legal/privacy/

5. Data Storage and Retention

5.1 Where We Store Data

  • Backend Server (Germany): Our main backend API and database (MariaDB) are hosted on Strato servers in Germany. This database stores user profiles, chat messages, usage analytics, and other app data.
  • Firebase (Google Cloud): Authentication data, analytics, crash reports, and performance data are stored on Google's Firebase infrastructure (servers located in various regions, managed by Google).
  • Your Device: Some data is stored locally on your device (using AsyncStorage), including: app preferences, usage counts (for free tier limits), question history, selected language, and other non-sensitive settings. This local data is not shared with us unless you manually sync it by creating an account.
  • Profile Pictures: User-uploaded profile photos are stored on our own server in Germany (not on third-party cloud storage).

5.2 How Long We Keep Data

  • Anonymous Usage Data: Stored indefinitely in Firebase Analytics and our backend database. This helps us track long-term trends and improve the App over time. Since this data is anonymous, there is minimal privacy risk.
  • User Accounts and Profiles: Stored as long as your account is active. If you delete your account, all associated personal data is permanently deleted (see "Data Deletion" section).
  • AI Interaction Data (Chat and Evaluations): Data sent to OpenAI is retained by OpenAI for 30 days according to their current policy; data sent to Google Gemini is handled according to Google's API data policies. We do not permanently store the raw AI conversation data on our servers (only summary statistics for analytics); temporary audio files (your practice recordings and generated pronunciation audio) are automatically deleted within 24 hours.
  • Chat Anti-Spam Fingerprints: Cryptographic message fingerprints used for spam detection (see Section 1.6) are automatically deleted after 7 days.
  • Real-Time Chat Messages: If you use the chat feature, messages are stored indefinitely in our database unless you delete your account.
  • Crash Reports and Logs: Retained for up to 90 days for debugging purposes, then automatically deleted.

6. Data Security

We take data security seriously and implement industry-standard measures to protect your information:

  • Encryption in Transit: All data transmissions between the App and our servers are encrypted using SSL/TLS (Secure Sockets Layer / Transport Layer Security). This means that data sent from your device to our servers, or to third-party services like OpenAI, Firebase, or RevenueCat, is protected from interception.
  • Encryption at Rest: Data stored in our backend database (Germany) is protected using server-level security measures and access controls.
  • Authentication Security: User accounts are protected by Firebase Authentication, which uses industry-standard OAuth 2.0 protocols for Google and Apple Sign-In.
  • Content Moderation: User-uploaded profile photos are automatically scanned for inappropriate content (NSFW detection) using machine learning models before being accepted.
  • Limited Access: Access to our backend servers and database is restricted to authorized personnel only.

While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security, but we will promptly notify users in the unlikely event of any data breach affecting the App.

7. Data Sharing

We do not sell or rent your personal information to third parties for their independent marketing purposes. Data is only shared in the following limited circumstances:

  • Third-Party Service Providers: As described in the "Third-Party Services" section, we share data with Firebase, OpenAI, Google Gemini, RevenueCat, AppsFlyer, Meta (via the Conversions API), Google Ads, and Google Analytics solely to provide, measure, and improve the App.
  • Advertising and Attribution Partners (AppsFlyer, Meta, Google Ads): We share hashed user identifiers, device identifiers (subject to ATT consent on iOS), click identifiers (gclid, fbclid), and app event data with these partners for the specific purpose of measuring and optimizing our ad campaign performance. The Meta integration is server-side (Conversions API); the App does not embed the Facebook SDK.
  • Legal Requirements: We may disclose information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, prevent fraud, or ensure user safety.
  • Business Transfers: If Nextstapp UG is acquired by or merged with another company, user data may be transferred to the new owner as part of the transaction. We will notify users of any such change.

We do not share data for any other purposes.

8. Children's Privacy

The App is designed to help people learn German and may be used by learners of all ages. However, the App is not specifically directed toward children under the age of 13.

  • We do not knowingly collect personal information from children under 13 without parental consent.
  • If account creation is used, parents/guardians should supervise their children's use of authentication features.
  • Most of the App can be used without creating an account, which minimizes data collection for younger users.

If you are a parent or guardian and believe your child has provided personal information to us without your consent, please contact us immediately, and we will delete the information.

9. Your Rights and Choices

9.1 Account Data

If you have created an account, you have the following rights:

  • Access: You can view and edit your profile information at any time within the App (Settings > Profile).
  • Correction: You can update incorrect or outdated profile information.
  • Deletion: You can permanently delete your account and all associated data by going to Settings > Account > Delete Account. This will erase your profile, chat messages, and all personal data from our servers. This action is irreversible.

9.2 Advertising and Tracking

  • iOS Users: You can control tracking permissions through Settings > Privacy & Security > Tracking. You can also reset your Advertising Identifier (IDFA) in Settings > Privacy & Security > Apple Advertising.
  • Android Users: You can opt out of personalized ads and reset your Advertising ID in Settings > Google > Ads.

9.3 Push Notifications

  • You can enable or disable push notifications at any time through your device's Settings > Notifications > Learn German with Practice.
  • Even if you disable push notifications, you may still receive local notifications (reminders generated by the App on your device, not sent from our servers). These can be disabled in the App's settings.

9.4 Email Communications

  • If you have created an account, we may send service emails (account, security, and important policy notices) to your registered email address. These are necessary for operating your account and cannot be disabled while your account exists.
  • Marketing and engagement emails (learning tips, feature announcements, promotional offers) are optional. You can opt out at any time by clicking the unsubscribe link included in every such email, or by contacting us at nextstapp.tech{'@'}gmail.com with the subject "Email Opt-Out".
  • Opting out of marketing emails does not affect service emails or your use of the App.

9.5 Data Portability (GDPR)

If you are a resident of the European Union, you have the right to request a copy of your personal data in a machine-readable format. Contact us using the details below to make such a request.

9.6 Withdraw Consent

You can withdraw your consent to data processing at any time by:

  • Deleting your account (if you created one)
  • Uninstalling the App (this will stop all future data collection)
  • Disabling tracking permissions (for advertising data)

9.7 Attribution & Conversion-API Opt-Out

If you wish to be excluded from server-side conversion reporting to Meta and Google Ads (Conversions API and Enhanced Conversions), email nextstapp.tech{'@'}gmail.com with the subject line "Attribution Opt-Out" and include the email address associated with your account (or your Firebase UID if known). Upon receipt, we will hash and add your email to a suppression list so that future purchase events from your account are not transmitted to Meta or Google Ads. To opt out of AppsFlyer's mobile measurement entirely, visit https://www.appsflyer.com/optout/.

10. International Data Transfers

Our backend servers are located in Germany, but some of our third-party service providers (Firebase, Google Analytics, Google Gemini, OpenAI, RevenueCat, Meta) may store or process data on servers located outside the European Economic Area (EEA).

When data is transferred internationally, we ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions (for countries recognized by the EU as providing adequate data protection)
  • Privacy Shield frameworks (where applicable)

For users in the EU/EEA, your rights under GDPR (General Data Protection Regulation) apply regardless of where data is processed.

11. Subscription Information

11.1 Available Subscription Plans

The App offers the following subscription options to unlock premium features:

  • Monthly Subscription
  • 6-Month Subscription
  • Yearly Subscription

Exact pricing is displayed within the App at the time of purchase and may vary by region and app store.

11.2 Free vs. Premium Features

  • Free Users: Can access most learning features with daily usage limits:
    • 5 AI practice attempts per day (sentence translation and evaluation)
    • 3 AI explanation requests per day (Android only; iOS users have unlimited explanations)
  • Premium Subscribers: Enjoy unlimited access to all AI-powered features, no daily limits, and additional premium content.

11.3 Auto-Renewal and Cancellation

  • All subscriptions are auto-renewing. Your subscription will automatically renew at the end of each billing period unless you cancel it beforehand.
  • Cancellation: You can cancel your subscription at any time through your app store account settings (Google Play Store or Apple App Store). Once canceled, you will retain premium access until the end of the current billing period, after which your account will revert to the free version.
  • To avoid being charged for the next billing period, you must cancel at least 24 hours before the renewal date.

11.4 Payments and Refunds

  • Payments: All subscription payments are processed by the app stores (Google Play or Apple App Store). We do not directly handle or store your payment information.
  • Refunds: Refund requests are subject to the app store's policies. If you require a refund or have a billing issue, please contact Apple or Google support directly. We, as the developer, do not have the ability to issue refunds for app store transactions.

11.5 Special Offers

The App may occasionally offer limited-time discounts or promotional pricing for new users (e.g., a 24-hour discount from first launch). These offers are clearly communicated within the App and are subject to availability and eligibility.

12. Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or new features. When we make significant changes, we will notify you by:

  • Displaying a prominent notice within the App
  • Sending a push notification (if you have notifications enabled)
  • Sending an email to your registered email address (if you have created an account)
  • Updating the "Last Updated" date at the top of this document

We encourage you to review this Privacy Policy periodically. Your continued use of the App after any modifications indicates your acceptance of the updated terms.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy, data protection, or your rights, please contact us:

Nextstapp UG (Haftungsbeschränkt)
Attn: Serdar Degirmenci (Managing Director)
Address: Bartschiner Straße 31b, 12355 Berlin, Germany
Mobile Phone: +49 178 616 65 81
Email: nextstapp.tech{'@'}gmail.com

For data deletion requests, please include "Data Deletion Request" in your email subject line and provide your registered email address (if you have an account) or your device identifier (for anonymous data requests).

14. Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on the following legal grounds:

  • Consent: When you create an account, enable tracking, grant permissions (e.g., notifications, microphone access), or agree to receive marketing emails.
  • Contract Performance: To provide the App's features and fulfill our subscription agreement with you.
  • Legitimate Interests: To improve the App, analyze usage patterns, prevent fraud, and ensure security—provided these interests do not override your privacy rights.
  • Legal Obligations: To comply with applicable laws and regulations.

You have the right to withdraw consent at any time, object to processing based on legitimate interests, and lodge a complaint with your local data protection authority.

15. Summary of Key Points

  • Account Creation is Optional: You can use most features without registering.
  • Data Collection: We collect anonymous usage data, optional profile information (if you register), AI interaction data, and device/technical information.
  • Third-Party Services: We use Firebase, OpenAI, Google Gemini, RevenueCat, AppsFlyer (mobile measurement), Meta Conversions API (server-side, no Facebook SDK), Google Ads Enhanced Conversions, and Google Analytics to power and measure the App.
  • Data Storage: Backend in Germany (Strato servers), Firebase (Google Cloud), and some data stored locally on your device.
  • Data Retention: Anonymous data stored indefinitely, OpenAI retains data for 30 days, chat messages stored indefinitely (unless you delete your account).
  • Email Communications: If you create an account, we may send service emails and (with your consent or as permitted by law) learning tips and offers — every marketing email has an unsubscribe link.
  • Your Rights: Access, edit, and delete your data; control tracking, notifications, and marketing emails; request data portability (GDPR).
  • Security: All data encrypted in transit (SSL/TLS); server-level security for stored data.
  • No Data Selling: We never sell your personal information to third parties.