Privacy Policy

Last updated: January 2025

1. Introduction

SRS Deutsch ("we", "our", or "the Service") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our German vocabulary learning application. By using our Service, you consent to the data practices described in this policy.

2. Data Controller

SRS Deutsch operates as the data controller for personal information collected through this Service. We determine the purposes and means of processing your personal data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area.

3. Information We Collect

Account Information

  • Email address (required for account creation and communication)
  • Password (stored as a secure hash, never in plain text)
  • Name (optional, for personalization)

Learning Data

  • Vocabulary decks you create (name, description, color)
  • Flashcards with German words, translations, genders, plurals, examples, and notes
  • Spaced repetition progress (ease factor, interval, due dates, card status)
  • Review history (grades, response times, timestamps) for algorithm optimization

Subscription Information

  • Your subscription tier (Free, Basic, or Full Access)
  • Stripe customer ID and subscription ID (for payment processing)
  • Subscription status (active, cancelled, past due)

Technical Data

  • IP address (used for rate limiting and security, not stored long-term)
  • Device information (browser user agent, for push notifications)
  • Timezone (for scheduling notifications)

User Preferences

  • Preferred language (English, Russian, or Serbian)
  • Notification settings (enabled/disabled, reminder times)
  • Review settings (new cards per day, max reviews, review order)

4. Legal Basis for Processing

  • Contract Performance - Processing your account, learning data, and subscription information to provide the Service
  • Consent - Sending push notifications and marketing communications (you can withdraw consent anytime)
  • Legitimate Interests - Improving our Service, preventing fraud, and ensuring security

5. How We Use Your Information

  • Providing and maintaining the vocabulary learning Service
  • Generating AI-powered example sentences and pronunciation audio
  • Processing payments and managing subscriptions through Stripe
  • Sending study reminders (if enabled)
  • Protecting against fraud, abuse, and unauthorized access
  • Analyzing usage patterns to improve the Service (aggregated, anonymized data)

6. Information Sharing

We do not sell your personal data. We share information only with the following service providers who help us operate the Service:

Service Providers

  • Stripe - Payment processing and subscription management. Receives your email and payment information.
  • Groq (LLaMA) - AI example sentence generation. Receives the German word and translation for generating examples.
  • OpenAI - Text-to-speech generation. Receives text to convert to pronunciation audio.
  • Resend - Email delivery (password resets). Receives your email address.
  • Vercel - Application hosting. May have access to request logs.

We never sell, rent, or trade your personal information to third parties for marketing purposes.

7. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States. Our service providers (Stripe, Groq, OpenAI, Resend, Vercel) are primarily based in the US. We ensure appropriate safeguards are in place, including Standard Contractual Clauses where required, to protect your data in accordance with applicable laws.

8. Data Retention

  • Account data: Retained until you delete your account
  • Learning data (cards, progress, reviews): Retained until account deletion (required for spaced repetition algorithm)
  • Security logs: Retained for 90 days for security purposes
  • Billing records: Retained as required by tax and financial regulations

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right to Access - Request a copy of your personal data (use the Export feature in Settings)
  • Right to Rectification - Update or correct inaccurate data through your account settings
  • Right to Erasure - Delete your account and all associated data (Settings → Delete Account)
  • Right to Data Portability - Export your vocabulary data in CSV format
  • Right to Restriction - Request limitation of processing in certain circumstances
  • Right to Object - Object to processing based on legitimate interests
  • Right to Withdraw Consent - Withdraw consent for optional features like notifications

10. Data Security

  • HTTPS encryption for all data in transit
  • Password hashing using bcrypt with high work factor
  • Rate limiting to prevent brute force attacks
  • Security logging with automatic redaction of sensitive data

11. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice in the application or sending an email. The "Last updated" date at the top indicates when the policy was last revised. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us through the email address provided in the application. For GDPR-related inquiries from EU residents, please see our GDPR Compliance page.

See also:Terms of Service,Cookie Policy,GDPR Compliance