Privacy Policy

Effective date: May 2025

Germigo ("we", "us") is a German-language learning application. This policy explains what personal data we collect, why we collect it, how long we keep it, and what rights you have under the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679).

1. Data Controller

The controller responsible for processing your personal data is:

Nika Butikashvili
Germany
Contact: contact@germigo.de

For all data-protection enquiries, including requests to exercise your rights, please use the contact above.

2. Data We Collect

Account data: First name, last name, and email address you provide when you register or sign in with Google.
Preference data: Interface language, native language, German proficiency level (CEFR), translation display preference, and UI theme. These are tied to your account and stored in our database.
Learning data: Words you look up, word collections you create, learning-progress state for tracked words, practice session results, and daily practice history.
Technical data: IP address and standard HTTP request metadata (user-agent, referrer) recorded in server logs for security and abuse-prevention purposes.
Local storage: Your authentication token and certain UI preferences (accent colour) are stored in your browser's local storage. This data never leaves your device unless explicitly transmitted to our server.

3. Legal Basis for Processing

Contract performance — Art. 6(1)(b) GDPR: Account data and learning data are processed to provide the service you signed up for. Without this data we cannot operate your account.
Legitimate interests — Art. 6(1)(f) GDPR: Technical/server-log data is processed to detect abuse, protect the security of our infrastructure, and improve the service. Our interest in maintaining a secure and reliable service outweighs the minimal privacy impact of routine log data.
Consent — Art. 6(1)(a) GDPR: Where we process data beyond the two bases above (e.g. optional analytics in the future), we will ask for your explicit consent first.

4. Third-Party Services

We work with third-party services to deliver certain features. Each provider is contractually bound to use data only for the purposes we specify.

AI services: To generate word definitions, example sentences, and audio pronunciations, we send the German words and text you look up to AI services. Your personal information — name, email address, and account identifiers — is never included in these requests.
Google sign-in (optional): If you choose to sign in with Google, we receive your email address and display name from Google. Your Google password and payment information are never shared with us.

Some of these services are operated outside the European Economic Area. Such transfers are covered by the EU–US Data Privacy Framework or Standard Contractual Clauses as applicable.

5. Data Retention

Account and learning data: Retained for as long as your account is active. When you delete your account, all account data, collections, learning progress, and practice history are permanently deleted.
Word definitions: Definitions for looked-up words may be retained to improve service performance. This data is not linked to your account.
Server logs: Technical log data (IP address, request metadata) is retained for up to 90 days for security purposes.
Authentication tokens: Session tokens are invalidated when you sign out. Signing out is the reliable way to end your session.

6. Your Rights Under GDPR

As a data subject under GDPR you have the following rights. To exercise any of them, contact us at support@germigo.de.

Right of access (Art. 15): You may request a copy of the personal data we hold about you.
Right to rectification (Art. 16): You may ask us to correct inaccurate or incomplete data. Most profile data can also be updated directly in Settings.
Right to erasure (Art. 17): You may ask us to delete your personal data. You can also delete your account directly in Settings, which triggers immediate deletion of all associated data.
Right to restriction of processing (Art. 18): You may ask us to pause processing your data in certain circumstances, such as while a rectification request is being resolved.
Right to data portability (Art. 20): You may request your account and learning data in a structured, machine-readable format.
Right to object (Art. 21): You may object to processing based on legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds.
Right to lodge a complaint: You have the right to lodge a complaint with the supervisory authority in your EU member state. In Germany, the relevant authority is the data-protection commissioner of the state (Bundesland) in which you reside.

We respond to verified requests within one calendar month as required by Art. 12 GDPR.

7. Cookies and Local Storage

Germigo does not use tracking cookies or advertising cookies. We use browser local storage solely for:

Your authentication token (necessary for you to stay signed in).
UI preferences such as accent colour (functional, never transmitted).

You can clear local storage at any time via your browser settings, which will sign you out.

8. Data Security

We apply industry-standard technical and organisational measures to protect your personal data, including encrypted connections for all data in transit, secure credential storage, and access controls that restrict who can reach your data.

No system is perfectly secure. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you as required by Art. 34 GDPR.

9. Children

Germigo is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has registered, please contact us and we will delete the account promptly.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via an in-app notice or email at least 14 days before taking effect. The current version is always available at this URL.