Privacy Policy

1. Controller

The controller responsible for data processing on this website is:

Emanuel Schmacher e.U.
Mr. Emanuel Schmacher
Sielach 76
9133 Sittersdorf
Austria
Email: support@learny.page

Scope: This privacy policy applies to both the website learny.page and the Learny App.

2. Privacy for the Website (learny.page)

2.1 Newsletter Registration

When registering for the newsletter, the following data is collected:

  • Email address
  • Time of registration
  • Language version of the website
  • IP address (for security and spam prevention)

2.2 Contact Form

When using the contact form, the following data is collected:

  • Name
  • Email address
  • Subject
  • Message

2.3 Google reCAPTCHA

To prevent spam, Google reCAPTCHA is used on the contact form. The following data is transmitted to Google:

  • IP address
  • Date and time of visit
  • Referrer URL
  • Technical information about browser and operating system
  • Mouse movements and click behavior
  • Cookies (see section 11)

3. Privacy for the Learny App

3.1 Artificial Intelligence and Google Services

The Learny App uses various Google services and AI technologies to provide core functions. The following services are used:

Google Gemini AI

For automatic generation of flashcards and learning content, Google Gemini AI is used. The following data is transmitted:

  • Topics and content entered by you
  • Language settings
  • Request timestamps
  • Anonymized usage statistics

Google Text-to-Speech API

For speech output of flashcards, Google Text-to-Speech is used. The following data is transmitted:

  • Texts to be spoken from flashcards
  • Selected language and voice
  • Audio quality settings

Google Firebase AI Logic API

For intelligent learning recommendations and adaptive algorithms, Firebase AI Logic is used. The following data is processed:

  • Learning progress and statistics
  • Answer patterns and success rates
  • Preferred learning times and frequency
  • Difficulty level preferences

Google Vertex AI API

For advanced machine learning functions and text analysis, Google Vertex AI is used. The following data is processed:

  • Texts for analysis and categorization
  • Flashcard content for optimization
  • Speech patterns for personalized recommendations

Google Firebase App Check API

To protect against misuse and ensure app authenticity, Firebase App Check is used. The following data is transmitted:

  • App signature and certificate hashes
  • Device attestation (SafetyNet/Play Integrity)
  • Request tokens for validation
  • App version and build information

Data Processing by Google

All above-mentioned Google services process data according to Google Cloud privacy policies. Google is certified under the EU-US Data Privacy Framework and provides adequate data protection guarantees.

3.2 Age Restriction and Data Protection for Minors

The Learny App is suitable for users aged 12 and above and has comprehensive protective measures for young users.

3.2.1 Age Requirements

The Learny App is approved for persons aged 12 and above. Users under 12 years of age may not use the App.

3.2.2 Parental Responsibility

For users between 12 and 16 years of age, parental involvement is recommended when first using the app.

3.2.3 Youth Protection in the App

The Learny App has comprehensive protective measures for young users:

  • Content filtering: Automatic blocking of content harmful to minors through multi-level filtering
  • No communication features: No chat, no social features, no sharing of user-generated content
  • Safe AI: Filtered and moderated AI responses in accordance with EU AI Act. All AI-generated content is labeled with 'AI Generated'
  • No location data: The app does not collect location data
  • Limited camera access: Camera only for document scanner, no facial recognition

3.3 EU AI Act Compliance

Learny is fully compliant with the EU AI Act (Regulation laying down harmonised rules on artificial intelligence). The app implements all required transparency and security measures:

3.3.1 Transparency and Labeling

  • Clear AI labeling: All AI-generated content is clearly marked with "AI Generated"
  • Transparent AI usage: Users are explicitly informed about the use of AI systems
  • Explainability: The app shows which AI services are used for which functions

3.3.2 Risk Management

  • Low-risk category: The Learny app falls into the low-risk category of the EU AI Act as an educational application
  • Content filtering: Two-stage filtering to avoid harmful or inappropriate content
  • Human review: Ability to review and correct AI-generated content
  • No manipulation: AI is not used for manipulative or deceptive purposes

3.3.3 User Rights under EU AI Act

The app offers the following features to protect your rights:

  • Export Compliance Report: Generate a complete report on AI compliance and your data processing
  • Export AI Interaction Logs: Export all your interactions with AI systems in a readable format
  • Delete AI Interaction Logs: Permanently delete all stored AI interaction data

3.3.4 Export Compliance Report

This feature allows you to generate a detailed report containing:

  • Overview of all AI services used and their purpose
  • Summary of your privacy settings
  • Proof of EU AI Act compliance
  • Timestamps of all relevant consents
  • Overview of data processing purposes

3.3.5 Export AI Interaction Logs

With this feature you can:

  • View all your inputs to AI systems
  • Review all AI-generated responses
  • Check timestamps and context of each interaction
  • Export data in JSON or CSV format
  • Archive the data for your own purposes

3.3.6 Delete AI Interaction Logs

This feature gives you complete control over your AI interaction data:

  • Immediate and irreversible deletion of all AI interaction data
  • Optional deletion of specific time periods or all data
  • Confirmation of deletion with detailed log
  • No impact on your created flashcards
  • Fulfillment of the "right to be forgotten" under GDPR

3.3.7 Technical Security Measures

  • Encrypted transmission: All AI requests are transmitted encrypted
  • No profiling: AI does not create personality profiles
  • Purpose limitation: AI is used exclusively for educational purposes
  • Regular audits: Continuous review of AI security and compliance

4. Purpose of Data Processing

The data is used exclusively for the following purposes:

  • Sending newsletters with information about the Learny app
  • Notification about app availability
  • Responding to inquiries via contact form
  • Technical security and spam prevention
  • Protection against automated requests (bots) through Google reCAPTCHA

5. Legal Basis

The processing of personal data is based on the following legal grounds:

  • Newsletter: Consent according to Art. 6 para. 1 lit. a GDPR
  • Contact inquiries: Legitimate interest or contract initiation according to Art. 6 para. 1 lit. f or lit. b GDPR
  • IP addresses: Legitimate interest in IT security according to Art. 6 para. 1 lit. f GDPR
  • Google reCAPTCHA: Legitimate interest in spam protection according to Art. 6 para. 1 lit. f GDPR

6. Automated Decision-Making

The Provider does not use automated decision-making including profiling according to Art. 22 GDPR on this website. Any AI-based features in the Learny app serve exclusively to support the learning process and do not make legally binding decisions about users. Final control over the use of generated content always remains with the user.

7. Storage Period

Personal data is only stored for as long as necessary to fulfill the respective purposes:

  • Newsletter data: Until unsubscription or withdrawal of consent
  • Contact inquiries: After complete processing, at the latest after 3 years
  • IP addresses: Automatically deleted after 7 days
  • Session cookies: Deleted when closing the browser
  • Google reCAPTCHA data: Stored by Google, see Google privacy policy

8. Data Sharing and Data Processing Agreements

Generally, personal data will not be shared with third parties. Exceptions:

  • Google reCAPTCHA: When using the contact form, data is transmitted to Google LLC (USA) for spam prevention. Google is certified under the EU-US Data Privacy Framework.

Data Protection Guarantees: Google LLC is certified under the EU-US Data Privacy Framework and provides appropriate data protection guarantees. All data transmissions are encrypted via HTTPS/TLS.

Data Processing Agreement: A data processing agreement in accordance with Art. 28 GDPR exists with Google LLC. Google processes personal data exclusively on instructions from the Provider and has committed to compliance with the GDPR.

For more information, see Google's privacy policy: https://policies.google.com/privacy

9. Your Rights as a Data Subject

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of access (Art. 15 GDPR): Data subjects have the right to request confirmation as to whether personal data is being processed and to receive information about this data.
  • Right to rectification (Art. 16 GDPR): Data subjects have the right to request the correction of inaccurate or the completion of incomplete personal data.
  • Right to erasure (Art. 17 GDPR): Data subjects have the right to request the deletion of personal data if the legal requirements are met.
  • Right to restriction of processing (Art. 18 GDPR): Data subjects have the right to request the restriction of processing of personal data.
  • Right to data portability (Art. 20 GDPR): Data subjects have the right to receive personal data in a structured, commonly used and machine-readable format.
  • Right to object (Art. 21 GDPR): Data subjects have the right to object at any time to the processing of personal data on grounds relating to their particular situation.
  • Right to withdraw consent (Art. 7 para. 3 GDPR): Data subjects have the right to withdraw consent at any time. The lawfulness of processing carried out until withdrawal remains unaffected.

To exercise these rights, please contact: support@learny.page

10. Unsubscribe from Newsletter

The newsletter can be unsubscribed at any time:

  • Via the link in every newsletter email
  • Via the unsubscribe page
  • By email to support@learny.page

11. Cookies

This website uses the following cookies:

  • Technical cookies: For language selection (required for website operation)
  • Google reCAPTCHA cookies: For spam prevention in the contact form

Google reCAPTCHA sets the following cookies:

  • _GRECAPTCHA: Stores user preferences for reCAPTCHA
  • NID: Contains a unique ID to remember preferences

These cookies are required for spam protection and are automatically set when the contact form is used.

12. Technical and Organizational Measures

To protect your data, appropriate security measures are implemented:

  • Encryption: All data transfers are encrypted (SSL/TLS)
  • Access Control: Restricted access to personal data
  • Regular Updates: Security updates for systems
  • Data Backup: Regular backups of your data

13. Changes to this Privacy Policy

This privacy policy may be updated as needed. The current version can always be found on this page.

14. Right to Lodge a Complaint with a Supervisory Authority

Data subjects have the right to lodge a complaint with a data protection supervisory authority about the processing of personal data. The competent supervisory authority for Austria is:

Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Austria
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: www.dsb.gv.at

15. Contact the Controller

For questions about data protection, please contact:

Emanuel Schmacher e.U.
Mr. Emanuel Schmacher
Sielach 76
9133 Sittersdorf
Austria
Email: support@learny.page

16. Google reCAPTCHA

This website uses the reCAPTCHA service from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

Purpose: The query serves to distinguish between input by a human or by automated, mechanical processing.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in spam protection).

Data transmission: The query is transmitted to Google and evaluated there. Among other things, IP address, browser information and behavioral data are transmitted.

Storage period: According to its own information, Google stores the data for various periods. You can find detailed information in Google's privacy policy.

Objection: You cannot directly deactivate the use of reCAPTCHA as this is required for the functionality of the contact form.

More information: https://policies.google.com/privacy

17. Automated Decision-Making

Automated decision-making including profiling according to Art. 22 GDPR does not take place.

18. SSL or TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. An encrypted connection can be recognized by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in the browser line.

Last updated: August 2025