Privacy Policy

Last updated: October 2025

Preamble - Scope

This Privacy Policy applies to:

  • The Learny Mobile App (available on the Apple App Store for iOS and Google Play Store for Android)
  • The website learny.page (informational website about the app)

Important Note: The Learny App stores learning data primarily locally on the device. Data transmission to servers only occurs when subscribing to the newsletter or using optional cloud features (iCloud).

1. Data Controller

The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

Emanuel Schmacher e.U.
Sielach 76
9133 Sittersdorf
Austria
Email: support@learny.page
Phone: +43 664 2617817

2. Data Protection Officer

A data protection officer is not legally required and has not been appointed.

3. Types of Data Processed

A distinction is made between data processing in the Learny App and on the website learny.page:

3.1 Learny Mobile App (iOS/Android)

Stored locally on the device (no transmission):

  • Content data: Created flashcards, courses, and subjects
  • Usage data: Learning progress, statistics, personal settings
  • App configuration: Language settings, display options, Dark Mode

Transmitted to Apple (when using paid features):

  • Payment data: Subscription status, purchase information (processed exclusively by Apple)

Transmitted to Google (only when actively using the AI function):

  • Text content: Entered texts for AI-assisted content generation

3.2 Website learny.page

Processed on the server:

  • Server log files: IP address, browser type, access time, pages visited
  • Newsletter data: Email address, name (optional), registration time, IP address
  • Contact form: Name, email address, message text, IP address
  • Cookies: Session cookies, reCAPTCHA cookies (see Section 11)

4. Legal Basis for Processing

The processing of personal data is based on the following legal grounds:

  • Contract performance (Art. 6 para. 1 lit. b GDPR): Providing app functionality
  • Legitimate interests (Art. 6 para. 1 lit. f GDPR): App improvement, security
  • Consent (Art. 6 para. 1 lit. a GDPR): Newsletter, optional features
  • Legal obligation (Art. 6 para. 1 lit. c GDPR): Tax record retention obligations

5. Purposes of Data Processing

Data is processed for the following purposes:

  • Provision and operation of the Learny App
  • Management of subscriptions
  • Storage and synchronization of learning data
  • Improvement and development of the app
  • Customer support and communication
  • Compliance with legal obligations

6. Data Storage and Deletion

6.1 Storage Duration

Personal data is stored only as long as necessary for the fulfillment of the purposes:

  • Billing data: 7 years according to Austrian Federal Fiscal Code (BAO § 132)
  • Newsletter data: Until revocation of consent, then 3 years (proof)
  • Support requests: 3 years after completion
  • Server log files: Maximum 7 days
  • IP addresses: 7 days, then anonymization

Detailed retention periods can be found in Section 13.

6.2 Deletion

After expiration of the storage periods, data will be automatically deleted unless legal retention obligations exist. The right to deletion of data can be exercised at any time (see Section 9.3).

7. Data Transmission to Third Parties

Transmission of data to third parties occurs only in the following cases:

7.1 Apple (App Store) / Google (Play Store)

For payment processing and app distribution. Privacy Policy: apple.com/legal/privacy

7.2 Google (Gemini AI)

Purpose: AI-assisted generation of learning content (only when actively using this function)

Processed data: Entered texts for content generation

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance) and Art. 6 para. 1 lit. a GDPR (consent)

Data transfer: Data may be transferred to the USA (Standard Contractual Clauses)

Privacy Policy: policies.google.com/privacy

Important: Texts are only transmitted to Google when actively using the AI function. Learning data remains local on the device.

7.3 Cloud Sync (iCloud/Google Drive - optional)

Purpose: Data synchronization between Apple devices (only when activated)

Processed data: Flashcards, courses, and learning progress

Legal basis: Art. 6 para. 1 lit. a GDPR (consent through activation)

Privacy Policy: apple.com/legal/privacy

7.4 Web Hosting

Provider: HostEurope GmbH (Hansestr. 111, 51149 Köln, Germany)

Purpose: Provision of the website learny.page

Processed data: IP addresses, access times, visited pages (server log files)

Storage duration: Maximum 7 days, then automatic deletion

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in secure website provision)

8. International Data Transfers

When using Google Gemini AI and Apple services, data may be transferred to the USA. The transfer is based on Standard Contractual Clauses pursuant to Art. 46 GDPR.

9. Rights as Data Subject

Under GDPR, the following rights exist:

9.1 Right of Access (Art. 15 GDPR)

There is a right to obtain information about processed personal data.

9.2 Right to Rectification (Art. 16 GDPR)

There is a right to request correction of inaccurate or completion of incomplete data.

9.3 Right to Erasure (Art. 17 GDPR)

There is a right to request deletion of personal data ("right to be forgotten").

9.4 Right to Restriction of Processing (Art. 18 GDPR)

There is a right to request restriction of data processing.

9.5 Right to Data Portability (Art. 20 GDPR)

There is a right to receive data in a structured, commonly used, and machine-readable format.

9.6 Right to Object (Art. 21 GDPR)

There is a right to object at any time to the processing of personal data for reasons arising from a particular situation.

9.7 Right to Withdraw Consent (Art. 7 para. 3 GDPR)

Given consent can be withdrawn at any time with effect for the future.

9.8 Right to Lodge a Complaint (Art. 77 GDPR)

There is a right to lodge a complaint with the competent supervisory authority:

Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: www.dsb.gv.at

10. Data Security

Technical and organizational security measures are implemented pursuant to Art. 32 GDPR to protect data against accidental or intentional manipulation, loss, destruction, or unauthorized access:

  • Encrypted data transmission (HTTPS/TLS)
  • Encrypted data storage
  • Access control and authentication
  • Regular security updates
  • Data backup and recovery procedures

11. Cookies and Tracking

The Learny App itself does not use cookies. The website learny.page uses only technically necessary session cookies that are automatically deleted after ending the browser session.

11.1 Cookies Used

  • Session Cookies: Temporary cookies for session management (deleted after closing browser)
  • reCAPTCHA Cookies: Google reCAPTCHA for spam protection (only on contact form/newsletter)

11.2 Cookie Settings

Cookies can be disabled or deleted in browser settings. However, this may affect website functionality.

12. Newsletter

There is an option to subscribe to the newsletter to receive regular information about new features and updates.

12.1 Registration and Double Opt-In

Newsletter registration follows the Double Opt-In procedure:

  • Entry of email address
  • Receipt of a confirmation email with an activation link
  • Registration is only completed after clicking the link

12.2 Processed Data

Required: Email address

Optional: Name (for personalized address)

Technical data: Registration time, confirmation, IP address (proof of consent)

12.3 Legal Basis

Art. 6 para. 1 lit. a GDPR (consent) and Art. 7 GDPR (conditions for consent)

12.4 Storage Duration

  • Active subscribers: Until revocation of consent (unsubscription)
  • Unsubscribed email addresses: Up to 3 years for proof of former consent
  • Registration IP addresses: 7 days, then anonymization

12.5 Unsubscription

The newsletter can be unsubscribed at any time by:

  • Clicking the unsubscribe link in each newsletter email
  • Sending an email to support@learny.page with subject "Unsubscribe newsletter"

12.6 Email Service Provider

Newsletter delivery is conducted via the own server (HostEurope). No external newsletter service providers are used.

13. Detailed Retention Periods

Personal data is stored according to the following periods:

13.1 Legal Retention Obligations (Austria)

  • Accounting documents: 7 years (§ 132 BAO - Federal Fiscal Code)
  • Tax documents: 7 years (§ 212 BAO)
  • Invoices: 7 years (§ 132 BAO)

13.2 Operational Retention Periods

  • Server log files: Maximum 7 days
  • Support requests: 3 years after completion
  • Newsletter unsubscriptions: 3 years (proof of unsubscription)

14. Privacy by Design

Data protection by design and data protection-friendly default settings are implemented pursuant to Art. 25 GDPR:

  • Data minimization: Only absolutely necessary data is collected
  • Local data storage: Learning data is primarily stored locally on the device
  • Pseudonymization: Where possible, data is processed pseudonymously
  • Encryption: Data transmission and storage is encrypted
  • Privacy by Default: Privacy-friendly basic settings are preset

15. Protection of Minors

The app is exclusively designed for users aged 13 and above. The minimum age of 13 years is enforced.

15.1 COPPA Compliance (USA)

The app is not directed at children under 13 years of age. Personal data from children under 13 years is not knowingly collected, processed, or stored. No targeted advertising or marketing is conducted toward children under 13 years.

15.2 GDPR Art. 8 Compliance (EU/Austria)

For users under 16 years (in Austria under 14 years pursuant to § 4 para. 4 DSG), consent from parents or legal guardians is required. Parents and legal guardians have the right to grant or refuse consent to data processing.

15.3 Age Verification by Apple

Age verification is performed by Apple when downloading the app from the Apple App Store. The provider relies on age information in users' Apple accounts. The responsibility for correct age information lies with the account holders.

15.4 Procedure for Inadvertent Data Collection

If it becomes known that personal data from children under 13 years has been collected without parental consent, this data will be immediately and completely deleted. Deletion occurs without prior notification within 72 hours of becoming aware.

15.5 Rights of Legal Guardians

Parents and legal guardians have the following rights:

  • Right of access: Right to information about stored data of their children
  • Right to erasure: Right to complete deletion of their children's data
  • Right to object: Right to object to further processing
  • Right to rectification: Right to correction of inaccurate data

To exercise these rights, please contact: support@learny.page with subject "Child Protection".

15.6 No Processing of Sensitive Categories

No sensitive data from minors within the meaning of Art. 9 GDPR is processed. This includes in particular:

  • No health data
  • No biometric data for unique identification
  • No data on ethnic origin
  • No data on political opinions or religious beliefs

15.7 Local Data Storage as Child Protection Measure

The primarily local storage of learning data on the device also serves the protection of minors. The minimal data transmission to external servers minimizes the risk of unauthorized data processing. Parents retain full control over data stored on their children's devices.

15.8 Transparency and Communication

This privacy policy is written in language understandable for legal guardians. For questions about protection of minors, support is available at support@learny.page.

16. Changes to this Privacy Policy

The right is reserved to adapt this privacy policy to reflect changed legal situations or changes to the app and data processing. The current version is always available on the website.

Last updated: October 2025

17. Contact

For questions about data protection or to exercise rights, contact can be made at:

Email: support@learny.page
Subject: Privacy Inquiry