Privacy Policy

Last updated: November 15, 2025

1. Controller

The controller responsible for processing your personal data within the meaning of the GDPR is:
Philipp Tschauner, Dresdener Straße 113b, 10179 Berlin, Germany
Email: phil.tschauner@gmail.com

Data Location

We operate our primary database in Google Cloud region eur3 (EU). We aim to keep storage within the EU/EEA. Processing by Apple (e.g., purchases, Sign in with Apple) may occur in other regions according to Apple's infrastructure.

2. Categories of Data

  • Email address for account registration and authentication
  • Bookmarks you create for stories (linked to your account)
  • Reading activity (which stories you read) – only if you are logged in and a premium subscriber
  • Aggregated, anonymous metrics about story popularity and app performance
  • Purchase metadata (product identifier, subscription status, country/region) from Apple – we do not receive or store your full payment details
  • Sign in with Apple data (Apple user identifier and, where provided, email) used solely for authentication
  • We do not collect or store your name via Sign in with Apple; if you choose to share an email, it is stored in Firebase Authentication only
  • Notification preferences (permission status and local reminder schedule) – stored on your device; we currently do not use remote push notifications
  • Crash reports and analytics events, processed in a pseudonymous manner (Firebase Analytics and Crashlytics)

We store data securely using Google Firebase/Firestore services.

3. Purposes and Legal Bases

  • Account and authentication (email): Art. 6(1)(b) GDPR (performance of a contract)
  • Bookmarks syncing and retrieval: Art. 6(1)(b) GDPR
  • Premium personalization via reading activity (logged-in premium users only): Art. 6(1)(b) GDPR
  • Aggregated analytics and popularity statistics: Art. 6(1)(f) GDPR (legitimate interests in improving the app); data is processed in aggregated/anonymous form where possible
  • Purchase validation and subscription status (via Apple): Art. 6(1)(b) GDPR
  • Sign in with Apple for optional login and bookmark sync: Art. 6(1)(b) GDPR; email is stored in Firebase Authentication only (not in our app database)
  • Local notifications (daily reminder): Art. 6(1)(a) GDPR based on your consent via system settings; processing occurs on your device
  • Push notifications (if introduced in future): Art. 6(1)(a) GDPR; you can withdraw consent at any time via device settings
  • Crash reporting and analytics: Art. 6(1)(f) GDPR (legitimate interests in stability and product improvement); where local law requires, we obtain consent in-app

4. Recipients and Processors

  • Google LLC (Firebase/Firestore) as data processor for storage and backend services
  • Apple Inc. as payment and authentication provider (App Store purchases/subscriptions and Sign in with Apple)
  • Google LLC (Firebase Analytics, Crashlytics) for analytics and crash reporting

We do not sell your personal data.

5. International Data Transfers

We store data in the EU (eur3). Depending on service configuration and processing by our providers (e.g., Apple), transfers to third countries outside the EU/EEA may occur. Where applicable, we rely on appropriate safeguards such as the EU Standard Contractual Clauses.

6. Retention

  • Email/account data: retained until you delete your account or request deletion
  • Bookmarks: retained until you delete them or your account is deleted
  • Reading activity (logged-in premium users only): retained for the duration of your premium subscription and then deleted or anonymized within a reasonable period
  • Aggregated popularity metrics: stored without personal reference
  • Purchase metadata: retained as required to manage your subscription and comply with statutory retention requirements
  • Notification preferences: controlled by your device; we do not store local reminder schedules on our servers
  • Crash/analytics data: retained according to the provider's standard retention periods

7. Your Rights under GDPR

You have the right to access, rectification, erasure, restriction, data portability, and to object to processing under the conditions of the GDPR. To exercise these rights, contact us at the email above. Note: exports of in-app content are not provided within the app.

8. Children

Our services are intended for individuals aged 13+. We do not knowingly process data of children under the minimum age applicable in their country without appropriate consent.

9. Security

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction.