Deutsch30YOUR GERMAN. YOUR PACE.
حقوقی · سیاست حریم خصوصی

سیاست حریم خصوصی

نسخهٔ انگلیسی زیر، متن حقوقی مرجع است. ترجمه‌ها فقط برای پوسته (پیمایش، عنوان صفحه) موجودند؛ خود سند حقوقی در حال بررسی توسط وکیل واجد شرایط در هر حوزهٔ قضایی است.

This policy explains how Deutsch30 collects, uses, and protects your personal data. We aim to be transparent and to collect the minimum necessary to deliver the service.

1. Data controller

Kaveh Akbarzadeh trading as NEXTSEEN / Deutsch30
Praterstraße 2, Top 2, 1020 Wien, Austria
Email: info@deutsch30.com

2. Data we collect

Account data

  • Email address (sign-up, password reset, support)
  • First name (for personalised greetings in the app)
  • Encrypted password hash (we never see your plaintext password)
  • Account creation date, last login
  • If you choose to set up a Passkey: a WebAuthn credential ID and public key bound to your account. The private key never leaves your device; we cannot use it to impersonate you.

Learning data

  • Which days/tabs you have marked complete
  • Vocabulary items you have starred
  • Notes and writing drafts you save in the app
  • Conversation history with the Leo AI partner
  • Streak and completion statistics

Payment data

  • Stripe customer ID and payment status
  • Amount, currency, and date of any purchase
  • We do not store your full card number, CVV, or billing address — these are handled directly by Stripe.

Technical and analytics data

  • IP address (used transiently for rate limiting and fraud prevention)
  • Browser type, device type, operating system
  • Pages visited, buttons clicked (Google Analytics 4, Meta Pixel)

3. Legal bases (Art. 6 GDPR)

  • Contract performance (Art. 6(1)(b)) — account, lesson access, progress sync, payment processing
  • Legitimate interests (Art. 6(1)(f)) — fraud prevention, security, basic analytics
  • Consent (Art. 6(1)(a)) — marketing analytics (GA, Meta), email marketing if you opt in
  • Legal obligation (Art. 6(1)(c)) — keeping transaction records for the periods required by Austrian tax law

4. Sub-processors

We rely on the following service providers, each bound by a data processing agreement and (where applicable) Standard Contractual Clauses for international transfers:

  • Supabase (database, authentication) — EU and US infrastructure
  • Stripe Payments Europe, Limited (payments) — Ireland with US affiliates
  • Anthropic, PBC (the AI model powering Leo and the writing checker) — USA
  • Vercel Inc. (web hosting) — global CDN with EU presence
  • Google Ireland Limited (Google Analytics) — EU/global; conditional on your analytics consent
  • Meta Platforms Ireland Limited (Meta Pixel) — EU/global; conditional on your advertising consent

5. International transfers

Some sub-processors transfer data to the United States. These transfers rely on the EU–US Data Privacy Framework (where the provider is certified) or the European Commission's Standard Contractual Clauses, supplemented by technical safeguards.

6. AI data handling

When you chat with Leo or run the writing checker, the messages you send and the contextual prompt we generate (your lesson day, focus vocabulary, name) are sent to Anthropic's API. Per Anthropic's API terms, messages from our deployment are not used to train Anthropic's models. They are processed and discarded by Anthropic according to their published retention policy.

7. Retention

  • Account and learning data: as long as your account is active
  • Account data after deletion: removed within 30 days, except where retention is required by law
  • Payment records: 7 years (Austrian tax law)
  • Server logs: 30 days
  • Anonymised analytics: up to 14 months (GA default)

8. Cookies and tracking

Strictly necessary cookies (authentication, session) are set automatically. Analytics and advertising cookies (Google Analytics, Meta Pixel) are only set after you give consent through the cookie banner. You can withdraw consent at any time via the cookie banner or your browser settings.

9. Your rights under the GDPR

You have the right to:

  • Access the personal data we hold about you (Art. 15)
  • Have inaccurate data corrected (Art. 16)
  • Have your data erased (Art. 17 — "right to be forgotten")
  • Restrict or object to processing (Art. 18, 21)
  • Receive your data in a portable format (Art. 20)
  • Withdraw consent at any time, without affecting prior processing (Art. 7(3))

To exercise any of these rights, email info@deutsch30.com from the address on your account. We will respond within one month.

10. Right to complain

You may lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde):

Österreichische Datenschutzbehörde
Barichgasse 40–42, 1030 Wien
www.dsb.gv.at

11. Children

Deutsch30 is not directed at children under 16. If you become aware that a child has provided personal data without parental consent, email us and we will delete it.

12. Changes to this policy

We may update this policy. Material changes will be notified by email or via an in-app banner at least 14 days in advance.

Last updated: May 11, 2026 — version 1.0.