Privacy policy

Privacy Policy

Last updated: April 14, 2025

I. Introduction

This Privacy Policy (“Policy”) outlines how Gusev-Bildungstechnologie (Oleg Gusev, Kiefholzstraße 25, 12435 Berlin, Germany) (“we,” “us,” “our”) handles data related to our services and users. As we value your privacy, our app is designed to collect minimal data and adhere to the General Data Protection Regulation (GDPR) standards.

We collect and process your Personal Data differently, depending on whether you are a:

- User of our “A1-C1” app;

- Visitor to our “a1-c1.org” website.

For more details regarding the data processed in relation to each category, please see below.

II. Privacy Policy for “A1-C1” app users

1. Introduction

This Privacy Policy explains how I, Oleg Gusev, operating as a sole entrepreneur (Gusev-Bildungstechnologie) based in Berlin, Germany ("I", "me", "my"), collect, use, share, and protect your personal data when you use my mobile language learning application, “A1-C1” (the "App").

Your privacy is important to me, and I am committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

This policy applies to all users of the App. Please read it carefully.

2. Data Controller

The data controller responsible for the processing of your personal data under this Privacy Policy is:

Oleg Gusev

Gusev-Bildungstechnologie

Kiefholzstraße 25

12435 Berlin, Germany

Email: privacy@a1-c1.org

Website: a1-c1.org

I am solely responsible for the data processing activities described herein.

3. Data Protection Officer (DPO)

Under current data protection laws (GDPR Art. 37, BDSG §38), I am not legally required to appoint a Data Protection Officer, and I have not appointed one. For any privacy-related inquiries, please use the contact details provided in Section 2.

4. What Personal Data We Collect

I collect only the personal data necessary to provide and improve the App's services. The types of data collected depend on how you use the App:

4.1. Data Collected from All Users:

Usage Data: No personal data is collected from users who are neither subscribed nor signed-in .

4.2. Data Collected Only if You Sign In (Optional):

Account Information (via OAuth):

- If signing in with Google: Your name, email address, and a unique Google User ID provided by Google. Google requires the collection of name and email for their sign-in process.

- If signing in with Apple: A unique Apple User ID provided by Apple. You may have the option within Apple's settings to share a real or anonymized email address; I only process the User ID provided by Apple.

- Voucher Information: Details about any unique vouchers linked to your signed-in account (e.g., voucher code status - redeemed/not redeemed).

4.3. Data Collected if You Subscribe (Optional):

Subscription Information: Information about your subscription status (e.g., active, expired, trial), the type of subscription purchased, renewal dates, and anonymized or partial transaction identifiers provided by RevenueCat, the Apple App Store, or the Google Play Store.

Important: I do not collect, access, or store your full payment details (like credit card numbers). Payment processing is handled entirely by the Apple App Store or Google Play Store. RevenueCat acts as an intermediary to manage subscription status across platforms.

5. How We Collect Your Data

I collect data in the following ways:

5.1. Directly from You: When you optionally sign in using Google or Apple OAuth, or when you contact me for support.

5.2. Automatically: As you use the App, I automatically collect aggregated and anonymized Usage Data and Technical Data using standard app functionalities and integrated tools like Firebase Analytics and Crashlytics.

5.3. From Third Parties:

- Google / Apple: When you choose to sign in via their OAuth service, they provide me with the Account Information specified above.

- RevenueCat: When you subscribe, RevenueCat informs my backend about your subscription status based on information from the Apple App Store or Google Play Store.

- Apple App Store / Google Play Store: Indirectly via RevenueCat regarding purchase validation and subscription status.

6. Legal Basis for Processing Personal Data (GDPR Art. 6)

I process your personal data based on the following legal grounds under GDPR:

6.1. Performance of a Contract (Art. 6(1)(b) GDPR): This is the primary basis for processing most of your data. It applies when processing is necessary to:

- Provide the core language learning features of the App.

- Authenticate you if you choose to sign in via Google or Apple.

- Link and manage personalized vouchers for signed-in users.

- Manage your subscription status (via RevenueCat) to grant access to premium features.

- Provide customer support related to the App's functionality.

6.2. Legitimate Interests (Art. 6(1)(f) GDPR): I process certain data based on my legitimate interests, provided these are not overridden by your rights and interests. This includes:

- Analyzing aggregated and anonymized Usage Data and Technical Data (via Firebase Analytics) to understand how the App is used, identify areas for improvement, and enhance the user experience. My legitimate interest is to improve and optimize the App.

- Collecting Technical Data and crash logs (via Firebase Crashlytics) to diagnose and fix bugs, ensure the App's stability, and maintain security. My legitimate interest is to provide a functional and secure App.

- Preventing fraud or misuse of the service. My legitimate interest is to protect my service and users.

You have the right to object to processing based on legitimate interests (see Section 12 of this Policy).

6.3. Legal Obligation (Art. 6(1)(c) GDPR): I may need to process certain data (primarily anonymized transaction/subscription records derived from RevenueCat/App Stores) to comply with legal obligations, such as German tax and accounting requirements (e.g., retention periods for financial records, typically 10 years).

7. How We Use Your Personal Data (Purposes of Processing)

I use your personal data solely for the following purposes:

- To provide, operate, and maintain the App and its language learning services.

- To manage user accounts and authentication for users who sign in.

- To manage subscriptions and provide access to premium features (using data from RevenueCat).

- To link, validate, and track personalized vouchers for signed-in users.

- To personalize the learning experience based on your progress and preferences within the App.

- To analyze usage patterns (primarily in aggregated/anonymized form) to understand user needs and improve the App's features, content, and usability (using Firebase Analytics).

- To monitor App performance, diagnose crashes, and fix bugs (using Firebase Crashlytics).

- To ensure the security of the App and prevent fraudulent activities.

- To comply with applicable legal and regulatory obligations (e.g., financial record keeping).

- To respond to your support requests or inquiries.

I do not use your personal data for sending marketing emails or push notifications. There are no advertisements in the App.

8. Data Sharing and Third-Party Processors

I do not sell your personal data. I only share your data with trusted third-party service providers (processors) who help me operate and improve the App, and only to the extent necessary for their specific services. I have agreements in place with these processors where required.

My processors include:

8.1. Google (Google Cloud Platform & Firebase):

Services Used: Google Cloud Run (hosting backend functions), Firestore (database for user progress, account info, vouchers), Firebase Authentication (for Google/Apple sign-in), Firebase Analytics (for usage analytics), Firebase Crashlytics (for crash reporting).

Purpose: Hosting the App's backend infrastructure, storing user data securely, enabling sign-in, providing analytics for app improvement, and monitoring stability.

Google's Privacy Policy: https://policies.google.com/privacy

8.2. Apple:

Services Used: Apple Sign-In (OAuth), Apple App Store (payment processing and subscription management).

Purpose: Enabling sign-in via Apple ID, processing payments and managing subscriptions initiated through the App Store.

Apple's Privacy Policy: https://www.apple.com/legal/privacy/

8.3. Google:

Services Used: Google Sign-In (OAuth), Google Play Store (payment processing and subscription management).

Purpose: Enabling sign-in via Google Account, processing payments and managing subscriptions initiated through the Play Store.

Google's Privacy Policy: https://policies.google.com/privacy

8.4. RevenueCat:

Service Used: Subscription management backend.

Purpose: Managing subscription status across platforms (iOS/Android) and communicating subscription events between the App Stores and my backend. RevenueCat receives subscription status information and anonymized transaction identifiers but does not process your payment details.

RevenueCat's Privacy Policy: https://www.revenuecat.com/privacy

Various Generative AI Providers (Google, Anthropic, OpenAI):

Purpose: Generating personalized study texts based on non-personal data (lists of words, proficiency level).

Important Clarification: I do not share any of your personal data (like name, email, user ID, or specific usage patterns linked to you) with these AI providers. Only the context required for text generation (e.g., vocabulary list, target language level) is sent.

8.5. I may also disclose your data if required by law, regulation, or legal process, or to respond to lawful requests from public authorities.

9. International Data Transfers

Some of the third-party processors I use (Google, Apple, RevenueCat, AI providers) are based outside the European Economic Area (EEA), primarily in the United States. When your personal data is transferred outside the EEA, I ensure appropriate safeguards are in place to protect your data in accordance with GDPR requirements. These safeguards typically include:

- Transferring data to countries deemed to provide an adequate level of data protection by the European Commission.

- Using Standard Contractual Clauses (SCCs) approved by the European Commission.

- For transfers to the US, processors may participate in the EU-U.S. Data Privacy Framework (DPF), which provides a mechanism recognized by the European Commission as ensuring adequate protection. I rely on my processors' commitments to these safeguards.

You can find more information about the data transfer mechanisms used by my key processors in their respective privacy policies linked above.

10. Data Security

I take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction. These measures include:

- Encryption of data in transit (using HTTPS/TLS).

- Encryption of sensitive data at rest where appropriate.

- Access controls to limit access to personal data to myself only when necessary for the purposes outlined in this policy.

- Regular review of my data collection, storage, and processing practices.

However, please note that no method of transmission over the internet or electronic storage is 100% secure. While I strive to use commercially acceptable means to protect your data, I cannot guarantee its absolute security.

11. Data Retention

I retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including providing the App services, complying with legal obligations, resolving disputes, and enforcing my agreements.

11.1. Account Data (if signed in): Retained as long as your account is active. If you delete your account (see Section 13), this data is deleted promptly, except where retention is legally required.

11.2. Usage Data & Technical Data: Retained for a period necessary for analysis, improvement, and debugging (e.g., aggregated/anonymized analytics data may be kept longer, while specific logs might be deleted sooner). Typically, this data is anonymized or deleted within [Specify a reasonable timeframe, e.g., 1-2 years] unless needed for ongoing technical issues or legal reasons.

11.3. Subscription/Transaction Data: Anonymized or necessary identifiers related to subscriptions and transactions are retained for the period required by German tax and commercial law (generally 10 years).

12. Your Data Protection Rights (GDPR)

As a user based in the EU, you have the following rights regarding your personal data:

- Right of Access (Art. 15 GDPR): You have the right to request copies of your personal data that I hold.

- Right to Rectification (Art. 16 GDPR): You have the right to request correction of any inaccurate or incomplete personal data.

- Right to Erasure ('Right to be Forgotten') (Art. 17 GDPR): You have the right to request the deletion of your personal data, under certain conditions (e.g., if it's no longer necessary for the purpose it was collected, or if you withdraw consent where applicable). This is subject to legal retention obligations (see Section 11 and 13).

- Right to Restriction of Processing (Art. 18 GDPR): You have the right to request the restriction of processing your personal data, under certain conditions.

- Right to Data Portability (Art. 20 GDPR): You have the right to receive the personal data you provided to me in a structured, commonly used, and machine-readable format, and to transmit it to another controller, where processing is based on consent or contract and carried out by automated means.

- Right to Object (Art. 21 GDPR): You have the right to object to the processing of your personal data where it is based on my legitimate interests (Art. 6(1)(f) GDPR). I will stop processing unless I can demonstrate compelling legitimate grounds which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

- Right to Withdraw Consent (Art. 7(3) GDPR): If any processing is based on consent (which is not the primary basis for this App's core functions), you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact me at [Your Dedicated Privacy Email Address]. I will respond to your request within one month, as required by GDPR.

13. How to Delete Your Account and Data

We value your privacy and want to make it easy for you to manage your data in the app. If you signed in with Google or Apple, and now wish to delete your account, please follow the steps below.

13.1. Steps to Delete Your Account

To permanently delete your account and all associated data stored on my servers:

1. Open the app.

2. Go to "Menu" > "Account and subscriptions".

3. Tap "Delete my account".

4. Confirm your choice when prompted.

Once you complete these steps, your account and all associated personal data stored on my systems (including linked vouchers and learning progress associated with the account) will be permanently deleted, subject to the exceptions below. This action cannot be undone.

13.2. What Data is Deleted?

When you delete your account via the app, the following data stored on my servers (e.g., in Google Firestore) is permanently removed:

- Your user profile and account information (Name, Email, Google/Apple ID).

- Your learning progress and usage data linked to the account.

- Any vouchers associated with your account.

13.3. What Data is Retained?

Some data cannot be deleted via this process or may be retained for operational or legal reasons:

- Subscription and Purchase Data: This data is managed separately by the Google Play Store and Apple App Store and is not deleted when you delete your app account. This ensures your subscription status is maintained by the stores. Anonymized records related to these transactions may be retained by me for financial, legal (tax compliance), or security purposes as required by law (see Section 11).

- Anonymized Analytics/Crash Data: Data already collected by Firebase Analytics/Crashlytics in an aggregated or anonymized form may not be individually deletable.

13.4. Managing Subscriptions

Important: Deleting your app account does not automatically cancel your active subscription. You must cancel your subscription separately through the platform you used to subscribe:

Google Play Store: Manage subscriptions here: https://play.google.com/store/account/subscriptions

Apple App Store: Manage subscriptions on your Apple device (Settings > [Your Name] > Subscriptions)

13.5 Need Help?

If you have any questions or need assistance with account deletion, please contact us at [Your Dedicated Privacy Email Address].

14. Children's Privacy

The App is designed for a general audience and is not specifically targeted at children. While the content is generally safe for all ages (e.g., no inappropriate material), the learning content may not be engaging for very young children.

I do not knowingly collect personal data from children under the age of 16 without verifiable parental consent. If you are under 16, please do not use the sign-in features or provide any personal data through the App without parental consent. If I become aware that I have collected personal data from a child under 16 without verification of parental consent, I will take steps to delete that information promptly. If you believe I might have any information from or about a child under 16, please contact me at privacy@a1-c1.org.

15. Use of Generative AI

The App utilizes Generative Artificial Intelligence (AI) technology from Google, Anthropic and OpenAI to create personalized study texts. This feature uses information about the words you are learning and your selected proficiency level as input. Crucially, none of your personal data (such as your name, email, user ID, or specific, identifiable usage history) is shared with these AI providers. Only the non-personal context necessary for text generation is transmitted.

16. Changes to This Privacy Policy

I may update this Privacy Policy from time to time to reflect changes in my practices, service providers, or legal requirements. I will post any changes on this page and/or on my website a1-c1.org. If the changes are significant, I may provide a more prominent notice (e.g., through an in-app notification, although I currently do not use notifications for this). Your continued use of the App after the effective date of the revised policy constitutes your acceptance of the changes. I encourage you to review this Privacy Policy periodically.

17. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR. You can lodge a complaint in the EU member state of your habitual residence, place of work, or the place of the alleged infringement.

As I am based in Berlin, the relevant supervisory authority is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Friedrichstr. 219

10969 Berlin

Germany

Website: https://www.datenschutz-berlin.de/

However, I encourage you to contact me first at privacy@a1-c1.org to resolve any concerns.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or my data practices, please contact me at:

Oleg Gusev

Gusev-Bildungstechnologie

Kiefholzstraße 25

12435 Berlin, Germany

Email: privacy@a1-c1.org

III. Privacy Policy for “a1-c1.org” website visitors

The a1-c1.org website (“Site”) is owned by Gusev-Bildungstechnologie, which is a data controller of your personal data.

We have adopted this Privacy Policy, which determines how we are processing the information collected by the Site, which also provides the reasons why we must collect certain personal data about you. Therefore, you must read this Privacy Policy before using the Site.

We take care of your personal data and undertake to guarantee its confidentiality and security.

1. Personal information we collect

When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the installed cookies on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products you view, what websites or search terms referred you to the Site, and how you interact with the Site. We refer to this automatically-collected information as “Device Information.”

2. Legal Basis for Data Processing

The minimal data collection on our a1-c1.org website is based on our legitimate interest in maintaining and improving the website's functionality and security. This includes processing basic information such as IP addresses and browser details necessary for the website's operation and protection against abuse. We are committed to ensuring that any data processing is conducted with the utmost respect for user privacy and in compliance with applicable data protection laws.

3. Why do we process your data?

Our top priority is customer data security, and, as such, we may process only minimal user data, only as much as it is absolutely necessary to maintain the website. Information collected automatically is used only to identify potential cases of abuse and establish statistical information regarding website usage. This statistical information is not otherwise aggregated in such a way that it would identify any particular user of the system.

You can visit the website without telling us who you are or revealing any information, by which someone could identify you as a specific, identifiable individual. If, however, you wish to use some of the website’s features, or you wish to receive our newsletter or provide other details by filling a form, you may provide personal data to us, such as your email, first name, last name, city of residence, organization, telephone number. You can choose not to provide us with your personal data, but then you may not be able to take advantage of some of the website’s features. For example, you will not be able to receive our Newsletter or contact us directly from the website. Users who are uncertain about what information is mandatory are welcome to contact us via privacy@a1-c1.org.

4. Your rights

If you are a European resident, you have the following rights related to your personal data:

- The right to be informed.

- The right of access.

- The right to rectification.

- The right to erasure.

- The right to restrict processing.

- The right to data portability.

- The right to object.

- Rights in relation to automated decision-making and profiling.

If you would like to exercise these rights, please contact us through the contact information below.

Additionally, if you are a European resident, we note that we are processing your information in order to fulfill contracts we might have with you (for example, if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information might be transferred outside of Europe, including Canada and the United States.

5. Links to other websites

Our website contains links to other websites that are not owned or controlled by us. Please be aware that we are not responsible for such other websites or third parties' privacy practices. We encourage you to be aware when you leave our website and read the privacy statements of each website that may collect personal information.

6. Information security

We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We keep reasonable administrative, technical, and physical safeguards to protect against unauthorized access, use, modification, and personal data disclosure in its control and custody. However, no data transmission over the Internet or wireless network can be guaranteed.

7. Legal disclosure

We will disclose any information we collect, use or receive if required or permitted by law, such as to comply with a subpoena or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

8. Data Protection Role and Contact

As a registered sole entrepreneur operating Gusev-Bildungstechnologie, I, Oleg Gusev, personally oversee all aspects of our data protection practices. While the scale of our operations does not necessitate the formal appointment of a Data Protection Officer (DPO) as defined under GDPR, I am committed to ensuring the highest standards of privacy and data protection. Should you have any questions or concerns regarding your data and privacy, please feel free to reach out directly to me at privacy@a1-c1.org. I am dedicated to addressing any inquiries and ensuring the protection of your rights under data protection laws.

9. Updates to the Privacy Policy

We reserve the right to update or change our Privacy Policy at any time to reflect changes in our practices or service offerings. As we do not collect personal contact information from our users, we will not send direct notifications about policy updates. Instead, we encourage our users to review our Privacy Policy periodically for any changes. The latest version of our Privacy Policy will always be accessible on the a1-c1.org website, with the date of the last update clearly indicated. Staying informed about our privacy practices is an important part of safeguarding your personal information and privacy rights.

10. Consent and Acknowledgment

By using the a1-c1.org website, you acknowledge that you have read and understood this Privacy Policy.

11. Consent Withdrawal

The primary consent we request from our users pertains to the use of cookies on our website, a1-c1.org. These cookies are essential for providing an optimal user experience and for basic website functionality. If you wish to withdraw your consent for cookies, you can do so at any time by adjusting your browser settings to refuse cookies. Please be aware that disabling cookies may affect the functionality and features available on our website. For more detailed information on managing cookies, please refer to the help documentation of your web browser.

12. Contact information

If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to individual rights and your Personal Information, please contact me at:

Oleg Gusev

Gusev-Bildungstechnologie

Kiefholzstraße 25

12435 Berlin, Germany

Email: privacy@a1-c1.org