Privacy Policy for Mitlesen

Mitlesen (the app) is a reading and language learning app that offers graded German stories, dictionaries, and learning content. Mitlesen is developed and operated by Hani und Radin Studio (sole proprietorship of Hanialhassan Hashemifar).
This Privacy Policy explains what data we collect, how we use it, and what rights you have.

By using Mitlesen, you agree to the practices described here.

1. Data controller and contact

The data controller (under the GDPR) is:

Business name: Hani und Radin Studio
Owner: Hanialhassan Hashemifar
Address: Available on request via email
Email: hello@mitlesen.com

If you have any questions about this policy or your data, contact us at the email above.

2. What data we collect

We collect only the data that is necessary to provide and improve the app.

2.1 Account and identification data

If you create an account or sign in, we may collect:

Email address
Display name (if you set one)
User ID generated by our systems, Firebase, or RevenueCat

This data allows you to log in, sync your progress, and access your subscription.

2.2 App usage and learning data

To provide reading and learning features, we may store:

Which stories and books you open
Your reading progress (for example last read paragraph, completed chapters)
Bookmarks, highlights, notes, and saved words
In-app settings (for example level, interface language, dark mode, font size)

This is typically linked to your user ID so we can save and sync your learning progress.

2.3 Subscription and payment information

Mitlesen uses in-app purchases and subscriptions via:

Google Play Billing (Android)
Apple App Store (iOS)
RevenueCat (subscription management service)

We do not store or see your full payment card data.

From Google, Apple, and RevenueCat we may receive:

Transaction and order IDs
Product you purchased (for example monthly or yearly plan)
Subscription status (active, canceled, expired, in trial)
Store country / region information

We use this only to verify purchases and unlock premium features.

2.4 Automatically collected technical data

When you use the app, certain technical data can be collected automatically, for example:

Device model and operating system version
App version
Language and country settings
Anonymous identifiers (for example Firebase Installation ID, RevenueCat User ID)
IP address (may be processed transiently by our providers)

This helps us keep the app running, secure, and compatible with different devices.

2.5 Analytics data (Firebase Analytics)

We use Firebase Analytics to understand how the app is used, for example:

Which screens are used most
How often users open the app
Basic interaction events (for example story opened, level selected)

The data is aggregated and does not include your name or email. We use it to improve the app and content.

Where required by law, certain analytics events may be collected only with your consent.

2.6 Authentication data (Firebase Authentication)

When you log in with Firebase Authentication, Firebase processes:

Your email address and, if applicable, data from the chosen login method (for example Google account information)
Timestamps of sign-in events and authentication tokens

We use this to securely sign you in and protect your account.

2.7 Crash reports and diagnostics

We may use Firebase Crashlytics (or similar tools) to collect:

Crash logs and error reports
Device model, OS version, and app version at the time of the crash

This data is used solely to find and fix technical problems and improve stability.

2.8 Support and communication data

If you contact us (for example by email or via an in-app feedback form), we may store:

Your email address
The content of your message
Any attachments you send

We use this to respond to you and improve the app. We do not use your support messages for advertising.

3. How we use your data

We use the data described above for the following purposes:

To provide the app and its features: display stories, save progress, manage your account.
To operate subscriptions and purchases: verify purchases, unlock premium access.
To improve and secure the app: analyze usage, fix crashes and bugs.
To communicate with you: respond to support requests, inform you about important changes.

We do not sell your personal data and we do not use your data for third-party targeted advertising.

4. Legal bases under GDPR

If you are in the EU/EEA, we process your data based on:

Performance of a contract (Art. 6(1)(b) GDPR): To provide the app and its features.
Legitimate interests (Art. 6(1)(f) GDPR): For analytics, security, and improvement.
Legal obligations (Art. 6(1)(c) GDPR): For tax and legal requirements.
Consent (Art. 6(1)(a) GDPR): Where required (for example optional analytics).

5. How we share your data

We only share your data with third parties when necessary to run the app, process payments, or comply with the law.

Typical recipients include:

Technology providers: Google Firebase / Google Cloud
Payment providers: Google Play Store, Apple App Store, RevenueCat
Service providers for support and communication
Public authorities if required by law

6. International data transfers

Our service providers (for example Google, RevenueCat) may process data on servers located outside the EU/EEA, for example in the United States.

Where such transfers occur, we rely on appropriate safeguards under the GDPR, such as Standard Contractual Clauses or equivalent mechanisms provided by the service providers.

7. Data retention

We keep your data only as long as needed for the purposes described:

Account data: while your account is active and for a reasonable period afterwards if needed for legal or security reasons.
Reading progress and learning data: while you use the app or until you request deletion.
Purchase and subscription data: as required by tax and accounting laws.
Analytics and crash data: according to the retention periods of our providers, after which it is aggregated or deleted.

8. Your rights (EU/EEA users)

If you are in the EU/EEA, you have the following rights regarding your personal data:

Right of access (to know what data we hold about you)
Right to rectification (correction of inaccurate data)
Right to erasure (“right to be forgotten”) – Learn how to delete your account
Right to restriction of processing
Right to data portability
Right to object to processing based on legitimate interests
Right to withdraw consent at any time, where processing is based on consent

To exercise these rights, contact us at hello@mitlesen.com.

You also have the right to lodge a complaint with your local data protection authority (for example, the data protection authority in your EU member state or in Germany).

9. Children’s privacy

Mitlesen is designed primarily for adults and older learners. It is not directed to children under the age of 13. We do not knowingly collect personal data from children under 13.

If you believe that a child under 13 has provided us with personal data, please contact us so we can delete it.

10. Security

We take reasonable technical and organizational measures to protect your data against loss, misuse, and unauthorized access. We work with established providers such as Google Firebase and follow best practices for secure storage and transmission where appropriate.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Third-party services and links

The app may contain links to external websites or services (for example, help pages, external content). We are not responsible for the privacy practices of those third parties. We recommend that you review their privacy policies separately.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Updates will be reflected by the “Effective date” at the top of this page.

If we make significant changes, we may also inform you within the app or by other reasonable means. Continued use of the app after changes become effective means you accept the updated policy.

13. Contact

If you have any questions, concerns, or requests about your data or this Privacy Policy, contact:

Hani und Radin Studio
Owner: Hanialhassan Hashemifar
Email: hello@mitlesen.com