Privacy Policy

Last Updated: September 30, 2025
Version: 1.0

1. GENERAL INFORMATION

This privacy policy informs you about the processing of personal data when using our mobile application "Magellanister" and the website magellanister.netlify.app. Our app follows the Privacy-by-Design principle with local data storage and minimal data collection. In case of any discrepancies, the German version of this privacy policy shall take precedence.

1.1 Scope of Application

This privacy policy applies to:

• The mobile app "Magellanister" (iOS and Android)
• The website magellanister.netlify.app
• All associated services and functions

1.2 Local Data Storage

Core Principle: The vast majority of your personal data is stored exclusively locally on your device and never leaves your device.

2. DATA PROCESSING IN DETAIL

2.1 LOCAL USER DATA (Device Storage)

What is stored locally:

• Learning Progress: Read stories, learned words, quiz results
• Personal Vocabulary Lists: Saved words with translations, examples and your notes
• User Settings: App language, learning level, theme preferences, font size
• Profile Picture: Avatar image selected from your gallery (stored exclusively locally and not transmitted)
• Learning Statistics: Usage time, progress tracking, personal goals
• Cache Data: Audio and image files for offline use

Storage Location: Exclusively on your device (encrypted MMKV storage)
Access: Only you have access to this data
Deletion: All data is automatically and completely deleted when you uninstall the app

Persistent Technical Data (Device Secure Storage): Certain technical data necessary for service integrity is stored in device secure storage, including advertising usage limits and promotional code validation history. This data persists across app installations to prevent fraud and abuse (Recital 47.6).

2.2 DEVICE PERMISSIONS AND SYSTEM ACCESS

Required Permissions:

• Photo Gallery: For selecting a profile picture (optional)
• Push Notifications: For learning reminders (optional)
• Audio: For text-to-speech and voice output functions

Automatically Collected Device Data:

• Operating system and version (for app compatibility)
• Device model (for optimized display)
• App version (for update management)
• System language (for interface localization)

2.3 INTELLIGENT LEARNING REMINDERS

Personalized Notifications:
Our app creates intelligent learning reminders based on your local data:

• Reminders for saved vocabulary
• Suggestions based on your learning progress
• Optimized timing based on your usage patterns

Data Processing: Completely local on your device
External Transfer: None - all calculations are performed offline
Legal Basis: Art. 6 para. 1 lit. a GDPR (consent when activating push notifications)

2.4 PREMIUM SUBSCRIPTIONS

Processed Data:

• Anonymous user ID (generated by RevenueCat)
• Subscription status and type
• Transaction data (date, product ID)
• Platform information (iOS/Android)

Purpose: Management of premium subscriptions and purchase restoration
Third Party: RevenueCat Inc., USA
International Transfer: USA (secured by EU-US Data Privacy Framework)
Legal Basis: Art. 6 para. 1 lit. b GDPR (contract fulfillment)

2.5 FIREBASE ANALYTICS

We collect anonymous analytics data through Firebase Analytics to improve app performance and user experience.

Data Collected:

• App Usage Events: App launches, screen views, story interactions
• Device Information: Operating system, app version, device model
• Usage Patterns: Feature usage, session duration
• Anonymous Identifiers: Firebase Analytics ID (not linked to personal identity)

Purpose: App improvement, performance optimization, feature development
Third Party: Google LLC (Firebase Analytics)
User Control: In certain regions, you can opt-out of analytics collection through Privacy Settings
Legal Basis: Art. 6 para. 1 lit. f GDPR (legitimate interest for app improvement) / Art. 6 para. 1 lit. a GDPR (consent where required by law)

2.6 CRASH REPORTING (Firebase Crashlytics)

We automatically collect crash reports to maintain app stability and fix technical issues.

Data Collected:

• Error Information: Crash logs, error messages, stack traces
• Device Context: Operating system, device model, app version
• Technical Data: Memory usage, performance metrics at time of crash
• Anonymous Session ID: For crash correlation (not linked to personal identity)

Purpose: App stability, bug fixes, performance improvements
Third Party: Google LLC (Firebase Crashlytics)
User Control: This data collection cannot be opted out as it is essential for app functionality and user safety
Legal Basis: Art. 6 para. 1 lit. f GDPR (legitimate interest for app stability and user safety)

2.7 ADVERTISING (Rewarded Ads)

In our app, we exclusively use so-called "Rewarded Ads" via Google AdMob. These ads are only displayed when you actively and voluntarily click on a corresponding button (e.g., to unlock additional content or features).

Advertising Data and Identifiers Collected:

• Device Identifiers: Anonymous IDFA (iOS) / Advertising ID (Android) - only when consent is provided in regulated regions
• Technical Device Information: Operating system, app version, device model
• Ad Interaction Data: Only when you voluntarily choose to watch advertisements
• Consent Status: User preferences for personalized advertising (stored locally)

Advertising Personalization by Legal Framework:

• European Union (EU) and United Kingdom: Explicit consent is required for personalized advertising and use of Advertising Identifiers under GDPR Article 6(1)(a) and ePrivacy Directive. We first request App Tracking Transparency (ATT) permission on iOS, then use Google's User Messaging Platform (UMP) SDK to obtain and manage your advertising consent. Advertising Data processing only occurs after both consents are obtained. You can withdraw consent at any time through the app's Privacy Settings.
• Regulated US States (California, Virginia, Colorado, etc.): Consent is required for personalized advertising and processing of Advertising Identifiers under state privacy laws (CCPA, VCDPA, CPA). We use iOS ATT permission followed by Google UMP SDK to manage consent preferences. You can withdraw consent through Privacy Settings where available.
• Other Regions: Personalized advertising using Advertising Identifiers is shown based on legitimate interest (GDPR Art. 6(1)(f)) for app financing. iOS ATT permission is still requested as required by Apple, but no additional consent form is presented as it is not required by local law. Users can opt-out by upgrading to Premium.

Non-personalized vs Personalized Advertising:

• Personalized Ads: Use your Advertising Identifiers and may process Advertising Data to consider your interests and demographics for more relevant advertisements
• Non-personalized Ads: Do not use Advertising Identifiers for targeting and are based only on general factors like app content and general location (e.g., country-level)

Consent Management: Google's User Messaging Platform (UMP) SDK automatically determines whether consent is required based on your location and applicable privacy laws. In regions where consent is not legally required, no consent form is shown and personalized ads may be displayed based on legitimate interest.

Your Control: You always have the choice whether to watch an advertisement or not. In regulated regions, you can manage your advertising preferences through Privacy Settings. In all regions, Premium subscription removes all advertising completely.

Legal Basis:

• EU/UK & Regulated US States: Your explicit consent (GDPR Art. 6(1)(a), state privacy laws) for personalized ads
• Other Regions: Legitimate interest (GDPR Art. 6(1)(f)) for app financing and service provision
• All Regions: Your voluntary action when choosing to watch an advertisement

2.8 SUPPORT AND ERROR REPORTS

Contact Forms (Optional):
When using the support functions, the following data is transmitted:

Mobile App:

• Email address (entered by you)
• Support request or error description
• RevenueCat Customer ID (if available, for subscription support)
• System data for technical support: Device model, operating system, app version, premium status

Retention: 3 years for support purposes
Voluntary: Only with active use of contact functions
Legal Basis: Art. 6 para. 1 lit. a GDPR (consent when submitting)

2.9 APP INFRASTRUCTURE AND UPDATES

Expo/Vercel Services:

• App Updates: Automatic update delivery
• Content Delivery: Provision of learning content

Cloudflare Workers:

• API Requests: Anonymous requests for app content
• IP Addresses: Temporarily for security and rate limiting

Purpose: App stability, security and content delivery
Legal Basis: Art. 6 para. 1 lit. f GDPR (legitimate interest for app operation)

3. YOUR DATA AND CONTROL

3.1 COMPLETE DATA CONTROL THROUGH APP UNINSTALLATION

Simple Deletion of All Data:
All your personal data can be completely and permanently deleted at any time by uninstalling the app.

What is automatically deleted:

• Complete learning progress and statistics
• All saved vocabulary and personal notes
• User settings and preferences
• Profile picture and personal data
• Usage history and cache files
• All local app data

Important Note: After uninstallation, recovery of your learning data is not possible as we do not store this on our servers.

4. PRACTICAL LIMITATIONS IN USER IDENTIFICATION

4.1 Technical Challenges in Data Processing

Due to our Privacy-by-Design architecture with local data storage, technical challenges may arise in certain cases when assigning user requests:

• Local Data Processing: Most of your data is processed exclusively locally and is not directly accessible to us
• Anonymous System Architecture: Our system is designed to protect your privacy through minimal data collection
• Limited Server-side Data Linking: We deliberately store only minimally necessary information on our servers

4.2 Legal Basis for Identification Limitations

GDPR-compliant Procedure:
According to Art. 11 GDPR, we are not obligated to obtain additional information to identify data subjects if we do not need this for purpose fulfillment.

Proportionality Principle (Art. 12 para. 2 GDPR):
When exercising your rights, we apply the proportionality principle. In cases where clear identification would involve disproportionate effort, we may request reasonable information for identification.

4.3 Support for Identification

Assistance for User Requests:
To process your requests optimally, we collect the following information when you contact us (if provided by you):

• RevenueCat Customer ID (if premium user): Enables direct assignment of subscription-related data
• Email address of original support communication (if available)
• Approximate timeframe of app usage or contact
• Specific details about your request that facilitate assignment

Privacy-friendly Solution:
This approach complies with the principle of data minimization and ensures that we only process information necessary for handling your request.

5. YOUR RIGHTS UNDER GDPR

5.1 Simplified Rights Exercise for Mobile Apps

• Right to Information (Art. 15 GDPR): Local data completely viewable in the app, server data on request via Contact
• Right to Rectification (Art. 16 GDPR): Local data directly editable in the app
• Right to Erasure (Art. 17 GDPR): Local data through app uninstallation (immediately and completely)
• Right to Data Portability (Art. 20 GDPR): Local data permanently available and viewable in the app
• Right to Object (Art. 21 GDPR): Advertising through premium upgrade or app uninstallation

5.2 Contact for Data Protection Requests

Contact: Contact Form with subject "GDPR Request"
Processing Time: Maximum 30 days
Required for: Only server-side data (support requests, subscriptions)

6. INTERNATIONAL DATA TRANSFERS

Minimization of Third-country Transfers:
We minimize international data transfers by storing most user data locally on the device.

USA Transfers (Minimal Third-country Transfers):

Third-Party Services:

• RevenueCat Inc. (Subscription Management): EU-US Data Privacy Framework
• Google LLC (AdMob Advertising): Adequacy Decision
• Cloudflare Inc. (CDN/Infrastructure): Adequacy Decision, Standard Contractual Clauses
• Resend Inc. (Email Sending): Standard Contractual Clauses
• Expo/Vercel Inc. (App Hosting): Standard Contractual Clauses

Common Protective Measures:

• EU-US Data Privacy Framework or Standard Contractual Clauses
• Minimal data transfer only for service provision
• Privacy policies of providers available on their websites

Third-party Control: We work with third parties who may process personal data on our behalf. We regularly review these providers' compliance with GDPR. According to Art. 11 GDPR, we only transfer anonymous or minimally necessary data, which in many cases means formal data processing agreements are not required.

7. CALIFORNIA (CCPA) - ADDITIONAL RIGHTS

7.1 CCPA Categories

• Identifiers: Email (only on contact), device information
• Commercial Information: Subscription status
• Internet Activity: App usage (stored locally)

7.2 CCPA Rights

• Right to Know: This privacy policy + email request
• Right to Delete: App uninstallation + email for server data
• Sale of Data: We do not sell data
• Non-discrimination: Same app functions for everyone

CCPA Requests: Contact Form with subject "CCPA Request"

8. DATA SECURITY

8.1 Technical Security Measures

• Local Encryption: MMKV with AES encryption
• Network Security: TLS 1.3 for all connections
• API Security: Authenticated endpoints
• Device Security: Use of operating system security features

8.2 Privacy-by-Design Architecture

• Local Processing: Minimization of data transfers
• Data Economy: Only necessary data is collected
• Purpose Limitation: Data used only for stated purposes

9. RETENTION PERIODS

• Local Data: Until app uninstallation
• Support Requests: 3 years after last communication
• Subscription Data: Duration + tax retention periods (10 years)
• Ad Interactions: According to Google guidelines (maximum 26 months)
• API Access Logs: 30 days

10. PROTECTION OF MINORS

10.1 Age Guidelines

• EU/Germany: The app is aimed at users aged 16 and over (according to GDPR Art. 8)
• Outside the EU: Minimum age 13 years
• Special Protective Measures: No additional data collection for minors

10.2 Family Control

• In-App Purchases: Subject to device family control settings
• Data Protection: Identical protective measures for all age groups

11. AUTOMATED DECISION-MAKING

11.1 Local Personalization

Automated Procedures (completely local):

• Content recommendations based on learning level
• Notification timing based on usage patterns
• Difficulty level adjustments

Your Control: Complete control through local processing and app settings

11.2 No Profiling Risks

No External Profiling: Since data remains local, there are no risks from external profile creation.

12. CONSENT MANAGEMENT

12.1 Required Consents by Region

• App Installation: Implicit consent for core functions
• Push Notifications: Explicit system permission
• Gallery Access: Explicit system permission (for profile picture)
• Analytics (Certain Regions): Opt-out available through Privacy Settings for Firebase Analytics
• Advertising (EU/UK & Regulated US States): Explicit consent via iOS ATT + Google UMP SDK for personalized ads

12.2 Consent Withdrawal Options

• System Permissions: In device settings under "Apps" → "Magellanister"
• Analytics (Certain Regions): Privacy Settings in app to disable Firebase Analytics
• Advertising (EU/UK & Regulated US States): Privacy Settings in app to withdraw/modify consent
• All Data: App uninstallation

13. UPDATES AND CHANGES

13.1 Information About Changes

Current Version: Users are required to regularly check for changes to this privacy policy. The current version is always available:

• Website: magellanister.netlify.app/privacy
• In the App: Magellanister

Version Control: Each version is marked with date and version number. For significant changes, the version number will be increased.

13.2 Your Options for Changes

• Consent: Continued app usage constitutes consent to updated terms
• Rejection: App uninstallation (complete data deletion)
• Information Obligation: Users should review this privacy policy before each app update

13.3 Transitional Provisions

For significant changes, a transition period of 30 days applies. During this time, users can continue to use the app under the old terms or choose to discontinue use.

14. RIGHT TO COMPLAIN

You have the right to complain to a supervisory authority if you believe that the processing of your personal data violates the GDPR.

Competent Supervisory Authority: The data protection supervisory authority responsible for your habitual residence, workplace, or the place of the alleged violation.

Information can be found at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

15. CONTACT

Data Protection Requests:
Contact: Contact Form
Email (for GDPR requests): moc.liamg@ptlm.cca.krow.ty
Subject: "Data Protection Request" or "GDPR Request"
Response Time: Maximum 30 days

Support: For technical questions, use the in-app contact function

16. DATA CONTROLLER

Responsible within the meaning of GDPR:
kynleM taraM
89 .rtsnebelsgniR
nilreB 35321
ynamreG

Contact:
Contact Form