EnglishEN

PRIVACY POLICY

Introduction: This Privacy Policy explains how Nextstapp UG (Haftungsbeschränkt) ("Nextstapp", "we", or "us"), as the developer of the mobile application Learn German with Practice (the "App"), collects, uses, and protects user data. By using the App, you agree to the data practices described in this Privacy Policy.

1. Information We Collect

1.1 Personal Information (Optional)

The App offers optional user registration through third-party authentication providers. If you choose to create an account, we collect:

  • Authentication Data: Email address, name, and profile photo (if provided) via Google Sign-In or Apple Sign-In.
  • Profile Information: If you complete your profile, we collect: first name, last name, date of birth, gender, German proficiency level, native language, optional "about me" text, and an optional profile photo you upload.
  • Firebase User ID: A unique identifier assigned by Firebase Authentication to manage your account.

You can use most of the App's features without creating an account. Account creation is only required for certain social features (such as real-time chat with other learners) and to sync your progress across devices.

1.2 Anonymous Usage Data

We collect anonymous usage statistics and information about your interactions with the App's features. This data may include:

  • How often you use the App and which features you access (e.g., lessons, exercises, AI practice sessions).
  • General trends in how users interact with exercises and practice modes.
  • App performance metrics (crash reports, loading times, errors).
  • An anonymous user identifier (a randomly generated hash stored locally on your device) to track usage patterns without identifying you personally.

This data is collected for educational purposes and to improve the App's features and content. It does not contain personally identifiable information and cannot be used to identify you.

1.3 AI Interaction Data

When you use AI-driven features (such as sentence translation practice, speech evaluation, or AI chat), your inputs and the AI's responses are processed:

  • Text Practice: Sentences you write, questions you ask, and translations you provide.
  • Voice Practice: Audio recordings of your speech (converted to text via speech recognition and then deleted from our servers; the original audio is not permanently stored by us).
  • Chat Conversations: Messages exchanged with AI teachers in the chat feature.

This data is sent anonymously to our backend API and then to OpenAI's API for processing. We do not include any information that could directly identify you when sending data to OpenAI.

1.4 Device and Technical Information

We automatically collect certain technical information about your device and how you access the App:

  • Device Information: Device type, operating system version (iOS/Android), app version, device language settings.
  • Identifiers: Advertising ID (IDFA on iOS, GAID on Android) if you consent to tracking, device push notification token (FCM token) if you enable notifications.
  • Network Information: Approximate location derived from your IP address (used only for analytics and ad attribution, not for precise geolocation).

1.5 Website Referral Tracking

When you visit our website (lingzy.net) through advertising or referral links, we collect limited anonymized data to measure the effectiveness of our marketing campaigns:

  • Referral Source: The campaign or source that directed you to our website (e.g., "instagram", "tiktok").
  • Device Type: Whether you are using an iOS or Android device (to redirect you to the appropriate app store).
  • Anonymized IP Address: Your IP address is partially masked (last octet replaced with "xxx", e.g., 192.168.1.xxx) before being stored. This ensures we cannot identify you personally while still allowing us to detect fraudulent traffic patterns.
  • Timestamp: The date and time of your visit.

This data is stored on our servers in Germany and is used solely for aggregate statistical analysis. It is not linked to any personal account or identity.

1.6 Real-Time Chat Data (Optional Feature)

If you create an account and use the real-time chat feature to converse with other learners:

  • All chat messages, timestamps, and conversation metadata are stored in our database (hosted in Germany).
  • Chat data is linked to your user profile (email and Firebase UID).
  • You can block other users, and blocking information is also stored.
  • Chat messages are stored indefinitely unless you manually delete your account (see "Data Deletion" section).

2. How We Use Your Information

We use the collected information for the following purposes:

  • To Provide and Improve the App: Deliver core features (lessons, exercises, AI practice), maintain and improve functionality, fix bugs, and develop new features.
  • To Personalize Your Experience: Remember your progress, preferences, and settings; provide personalized recommendations and reminders.
  • To Manage Subscriptions: Process in-app purchases and subscriptions, verify premium access, and manage billing (handled by app stores and RevenueCat).
  • To Enable Social Features: Facilitate real-time chat with other users (if you create an account and use this feature).
  • To Analyze and Optimize: Understand how users interact with the App, identify areas for improvement, and measure the effectiveness of new features.
  • To Measure Advertising Performance: Track which advertising campaigns lead to app installs and purchases, to optimize our marketing spend.
  • To Send Notifications: Deliver push notifications for learning reminders, new content, and other relevant updates (only if you grant permission). We also use local notifications (generated on your device) for personalized study reminders.
  • To Ensure Safety: Moderate user-uploaded content (profile photos are checked for inappropriate content using automated moderation).

3. Advertising and Performance Measurement

To support and promote our App, we run advertising campaigns on third-party platforms, such as Meta (Facebook and Instagram). To measure the performance of these campaigns (a process called "attribution"), we have integrated the Meta Ads SDK (Facebook SDK).

3.1 What Data is Shared with Meta

This SDK helps us understand how users find our App. For example, it allows us to know if you installed the App after seeing one of our ads. To make this work, the SDK may collect and share certain data with Meta, including:

  • App Events: Actions you take in the App, such as "App Install", "App Launch", "Purchase", and "Trial Started".
  • Device Information: Your device's Advertising ID (IDFA for iOS or GAID for Android), device model, and operating system version.
  • Approximate Location: Derived from your IP address (country/region level).

This data is used by Meta to provide us with aggregated reports about our ad performance. We do not use this data to personally identify you.

3.2 App Tracking Transparency (iOS)

On iOS devices (version 14.5 and newer), we are required by Apple to ask for your permission to "track" you across apps and websites. This permission (known as App Tracking Transparency or ATT) is requested via a pop-up when you first open the App.

  • If you "Allow" tracking: We can receive your device's Advertising ID (IDFA) and send it to Meta for more accurate attribution data and purchase event tracking. This helps us optimize our ad campaigns and understand which ads are most effective.
  • If you "Do Not Allow" tracking: We will not receive your device's Advertising ID for tracking purposes. Instead, we rely on Apple's SKAdNetwork framework, which provides us with anonymous, aggregated, and delayed data about installs resulting from our ads. This limits our ability to measure ad performance in detail, but fully respects your privacy choice.

On Android devices, you can control ad tracking through your device's Google Ads settings (Settings > Google > Ads).

4. Third-Party Services

To operate and enhance the App, we rely on several trusted third-party services. These services process data on our behalf. The third-party services we use are:

4.1 Firebase (Google)

We use multiple Firebase services for app functionality, analytics, and infrastructure:

  • Firebase Authentication: Manages user sign-in via Google and Apple. Stores your email, name, and user ID (UID). Data is stored on Google's servers.
  • Firebase Analytics: Tracks anonymous usage statistics (e.g., screens viewed, features used, session duration) to help us understand app usage patterns. This data is stored by Google and is not linked to your identity unless you create an account.
  • Firebase Crashlytics: Collects crash reports and error logs to help us identify and fix bugs. This includes device information, stack traces, and app state at the time of a crash. No personally identifiable information is included in crash reports.
  • Firebase Cloud Messaging (FCM): Delivers push notifications to your device if you grant notification permissions. We store your FCM token to send you notifications.
  • Firebase Performance Monitoring: Tracks app performance metrics (loading times, network requests) to identify performance bottlenecks.

All Firebase data is processed in accordance with Google's privacy policy: https://policies.google.com/privacy

4.2 Meta Ads SDK (Facebook)

As detailed in the "Advertising and Performance Measurement" section, this SDK is used for ad attribution and performance analytics. It collects device identifiers (like the Advertising ID), app interaction data (events like installs and purchases), and approximate location. Data is shared with Meta to provide us with aggregated campaign performance reports.

Meta's data policy: https://www.facebook.com/privacy/policy/

4.3 Google Analytics

Used to track and analyze aggregate usage information (e.g., number of users, session duration, screens viewed). This helps us understand how the App is used and improve user experience. Google Analytics collects usage data such as device information and app interactions.

4.4 OpenAI ChatGPT API

We use OpenAI's ChatGPT API to power AI-driven learning features, including:

  • Generating practice sentences and exercises
  • Evaluating your answers and providing feedback
  • Powering the AI teacher chat feature

When you use these features, your exercise prompts, answers, and chat messages are sent to OpenAI's servers for processing. This data is sent anonymously – we do not include your name, email, or any other personal identifiers when communicating with OpenAI.

Data Retention: According to OpenAI's data usage policies (as of December 2024), data sent to the OpenAI API is retained by OpenAI for 30 days for abuse monitoring purposes, after which it is deleted from their systems. We do not control OpenAI's data retention practices beyond our API usage. For the most current information, please refer to OpenAI's data usage policy: https://openai.com/policies/usage-policies

4.5 RevenueCat

Used to manage subscription purchases and in-app purchases. RevenueCat helps us determine if you have an active subscription and what features to unlock. It processes purchase data from the app stores (Google Play or Apple App Store). No personal payment information (such as your name or credit card details) is ever seen or stored by us – all payment processing is handled by the app stores. RevenueCat provides us with anonymous identifiers, subscription status, and purchase history (e.g., whether your subscription is active or expired) so we can grant access to premium features.

If you create an account in our App, we link your RevenueCat ID with your Firebase UID to sync your subscription status with your profile.

RevenueCat privacy policy: https://www.revenuecat.com/privacy

4.6 Google Sign-In and Apple Sign-In

If you choose to create an account using Google or Apple authentication:

  • Google Sign-In: Managed by Google. We receive your email, name, and profile photo (if you grant permission). Google's privacy policy applies: https://policies.google.com/privacy
  • Apple Sign-In: Managed by Apple. We receive an email address (real or privacy-relay email) and optionally your name. Apple's privacy policy applies: https://www.apple.com/legal/privacy/

5. Data Storage and Retention

5.1 Where We Store Data

  • Backend Server (Germany): Our main backend API and database (MariaDB) are hosted on Strato servers in Germany. This database stores user profiles, chat messages, usage analytics, and other app data.
  • Firebase (Google Cloud): Authentication data, analytics, crash reports, and performance data are stored on Google's Firebase infrastructure (servers located in various regions, managed by Google).
  • Your Device: Some data is stored locally on your device (using AsyncStorage), including: app preferences, usage counts (for free tier limits), question history, selected language, and other non-sensitive settings. This local data is not shared with us unless you manually sync it by creating an account.
  • Profile Pictures: User-uploaded profile photos are stored on our own server in Germany (not on third-party cloud storage).

5.2 How Long We Keep Data

  • Anonymous Usage Data: Stored indefinitely in Firebase Analytics and our backend database. This helps us track long-term trends and improve the App over time. Since this data is anonymous, there is minimal privacy risk.
  • User Accounts and Profiles: Stored as long as your account is active. If you delete your account, all associated personal data is permanently deleted (see "Data Deletion" section).
  • AI Interaction Data (Chat and Evaluations): Data sent to OpenAI is retained by OpenAI for 30 days according to their current policy. We do not permanently store the raw AI conversation data on our servers (only summary statistics for analytics).
  • Real-Time Chat Messages: If you use the chat feature, messages are stored indefinitely in our database unless you delete your account.
  • Crash Reports and Logs: Retained for up to 90 days for debugging purposes, then automatically deleted.

6. Data Security

We take data security seriously and implement industry-standard measures to protect your information:

  • Encryption in Transit: All data transmissions between the App and our servers are encrypted using SSL/TLS (Secure Sockets Layer / Transport Layer Security). This means that data sent from your device to our servers, or to third-party services like OpenAI, Firebase, or RevenueCat, is protected from interception.
  • Encryption at Rest: Data stored in our backend database (Germany) is protected using server-level security measures and access controls.
  • Authentication Security: User accounts are protected by Firebase Authentication, which uses industry-standard OAuth 2.0 protocols for Google and Apple Sign-In.
  • Content Moderation: User-uploaded profile photos are automatically scanned for inappropriate content (NSFW detection) using machine learning models before being accepted.
  • Limited Access: Access to our backend servers and database is restricted to authorized personnel only.

While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security, but we will promptly notify users in the unlikely event of any data breach affecting the App.

7. Data Sharing

We do not sell or rent your personal information to third parties for their marketing purposes. Data is only shared in the following limited circumstances:

  • Third-Party Service Providers: As described in the "Third-Party Services" section, we share data with Firebase, OpenAI, RevenueCat, Meta, and Google Analytics solely to provide and improve the App's functionality.
  • Advertising Partners (Meta): We share app event data and device identifiers with Meta for the specific purpose of measuring our ad campaign performance and attribution. This data is aggregated and anonymized for reporting purposes.
  • Legal Requirements: We may disclose information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, prevent fraud, or ensure user safety.
  • Business Transfers: If Nextstapp UG is acquired by or merged with another company, user data may be transferred to the new owner as part of the transaction. We will notify users of any such change.

We do not share data for any other purposes.

8. Children's Privacy

The App is designed to help people learn German and may be used by learners of all ages. However, the App is not specifically directed toward children under the age of 13.

  • We do not knowingly collect personal information from children under 13 without parental consent.
  • If account creation is used, parents/guardians should supervise their children's use of authentication features.
  • Most of the App can be used without creating an account, which minimizes data collection for younger users.

If you are a parent or guardian and believe your child has provided personal information to us without your consent, please contact us immediately, and we will delete the information.

9. Your Rights and Choices

9.1 Account Data

If you have created an account, you have the following rights:

  • Access: You can view and edit your profile information at any time within the App (Settings > Profile).
  • Correction: You can update incorrect or outdated profile information.
  • Deletion: You can permanently delete your account and all associated data by going to Settings > Account > Delete Account. This will erase your profile, chat messages, and all personal data from our servers. This action is irreversible.

9.2 Advertising and Tracking

  • iOS Users: You can control tracking permissions through Settings > Privacy & Security > Tracking. You can also reset your Advertising Identifier (IDFA) in Settings > Privacy & Security > Apple Advertising.
  • Android Users: You can opt out of personalized ads and reset your Advertising ID in Settings > Google > Ads.

9.3 Push Notifications

  • You can enable or disable push notifications at any time through your device's Settings > Notifications > Learn German with Practice.
  • Even if you disable push notifications, you may still receive local notifications (reminders generated by the App on your device, not sent from our servers). These can be disabled in the App's settings.

9.4 Data Portability (GDPR)

If you are a resident of the European Union, you have the right to request a copy of your personal data in a machine-readable format. Contact us using the details below to make such a request.

9.5 Withdraw Consent

You can withdraw your consent to data processing at any time by:

  • Deleting your account (if you created one)
  • Uninstalling the App (this will stop all future data collection)
  • Disabling tracking permissions (for advertising data)

10. International Data Transfers

Our backend servers are located in Germany, but some of our third-party service providers (Firebase, Google Analytics, OpenAI, RevenueCat, Meta) may store or process data on servers located outside the European Economic Area (EEA).

When data is transferred internationally, we ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions (for countries recognized by the EU as providing adequate data protection)
  • Privacy Shield frameworks (where applicable)

For users in the EU/EEA, your rights under GDPR (General Data Protection Regulation) apply regardless of where data is processed.

11. Subscription Information

11.1 Available Subscription Plans

The App offers the following subscription options to unlock premium features:

  • Monthly Subscription
  • 6-Month Subscription
  • Yearly Subscription

Exact pricing is displayed within the App at the time of purchase and may vary by region and app store.

11.2 Free vs. Premium Features

  • Free Users: Can access most learning features with daily usage limits:
    • 5 AI practice attempts per day (sentence translation and evaluation)
    • 3 AI explanation requests per day (Android only; iOS users have unlimited explanations)
  • Premium Subscribers: Enjoy unlimited access to all AI-powered features, no daily limits, and additional premium content.

11.3 Auto-Renewal and Cancellation

  • All subscriptions are auto-renewing. Your subscription will automatically renew at the end of each billing period unless you cancel it beforehand.
  • Cancellation: You can cancel your subscription at any time through your app store account settings (Google Play Store or Apple App Store). Once canceled, you will retain premium access until the end of the current billing period, after which your account will revert to the free version.
  • To avoid being charged for the next billing period, you must cancel at least 24 hours before the renewal date.

11.4 Payments and Refunds

  • Payments: All subscription payments are processed by the app stores (Google Play or Apple App Store). We do not directly handle or store your payment information.
  • Refunds: Refund requests are subject to the app store's policies. If you require a refund or have a billing issue, please contact Apple or Google support directly. We, as the developer, do not have the ability to issue refunds for app store transactions.

11.5 Special Offers

The App may occasionally offer limited-time discounts or promotional pricing for new users (e.g., a 24-hour discount from first launch). These offers are clearly communicated within the App and are subject to availability and eligibility.

12. Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or new features. When we make significant changes, we will notify you by:

  • Displaying a prominent notice within the App
  • Sending a push notification (if you have notifications enabled)
  • Updating the "Last Updated" date at the top of this document

We encourage you to review this Privacy Policy periodically. Your continued use of the App after any modifications indicates your acceptance of the updated terms.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy, data protection, or your rights, please contact us:

Nextstapp UG (Haftungsbeschränkt)
Attn: Serdar Degirmenci (Managing Director)
Address: Bartschiner Straße 31b, 12355 Berlin, Germany
Mobile Phone: +49 178 616 65 81
Email: nextstapp.tech{'@'}gmail.com

For data deletion requests, please include "Data Deletion Request" in your email subject line and provide your registered email address (if you have an account) or your device identifier (for anonymous data requests).

14. Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on the following legal grounds:

  • Consent: When you create an account, enable tracking, or grant permissions (e.g., notifications, microphone access).
  • Contract Performance: To provide the App's features and fulfill our subscription agreement with you.
  • Legitimate Interests: To improve the App, analyze usage patterns, prevent fraud, and ensure security—provided these interests do not override your privacy rights.
  • Legal Obligations: To comply with applicable laws and regulations.

You have the right to withdraw consent at any time, object to processing based on legitimate interests, and lodge a complaint with your local data protection authority.

15. Summary of Key Points

  • Account Creation is Optional: You can use most features without registering.
  • Data Collection: We collect anonymous usage data, optional profile information (if you register), AI interaction data, and device/technical information.
  • Third-Party Services: We use Firebase, OpenAI, RevenueCat, Meta SDK, and Google Analytics to power the App.
  • Data Storage: Backend in Germany (Strato servers), Firebase (Google Cloud), and some data stored locally on your device.
  • Data Retention: Anonymous data stored indefinitely, OpenAI retains data for 30 days, chat messages stored indefinitely (unless you delete your account).
  • Your Rights: Access, edit, and delete your data; control tracking and notifications; request data portability (GDPR).
  • Security: All data encrypted in transit (SSL/TLS); server-level security for stored data.
  • No Data Selling: We never sell your personal information to third parties.