Loading...
Last updated on December 27, 2024
This privacy policy complies with the EU General Data Protection Regulation (GDPR) and German data protection laws. We are committed to protecting your privacy and ensuring transparent data processing practices.
This privacy policy explains how KoalaReads (“we”, “us”, or “our”), operated by SunsetPicnic UG (haftungsbeschränkt), collects, uses, and protects your personal data when you use our German language learning service.
SunsetPicnic UG (haftungsbeschränkt)
KoalaReads Platform
c/o Oksana Sawicka
Plantage 17
13597 Berlin, Germany
Email: support@koalareads.com
Data Protection Contact: support@koalareads.com
We collect and process the following categories of personal data:
Account Data: Email address, username, display name, account preferences
Authentication Data: Login credentials and session information (managed by Clerk)
Learning Data: Reading progress, vocabulary lists, exercise results, study patterns
Usage Data: Feature interactions, page views, time spent on content
Technical Data: IP address, browser type, device information, session data
Communication Data: Support requests, feedback, user contributions (comments, audio recordings)
Your learning data (vocabulary lists, reading progress, exercise results) is processed to provide personalized learning experiences and track your progress. This data remains private to your account and is not shared with other users or third parties for marketing purposes.
We use AI services (OpenAI) to generate vocabulary examples and improve content quality. Your personal learning data is not used to train these AI models. Only anonymous, aggregated data may be used for service improvement.
We process your personal data based on the following legal grounds under GDPR:
Contract Performance (Art. 6(1)(b) GDPR): To provide our language learning services
Legitimate Interest (Art. 6(1)(f) GDPR): For service improvement, security, and analytics
Consent (Art. 6(1)(a) GDPR): For optional features like audio recordings and marketing communications
Legal Obligation (Art. 6(1)(c) GDPR): For compliance with tax and accounting requirements
We work with trusted third-party providers who assist in delivering our services:
Clerk: Authentication and user management services
OpenAI: AI-powered vocabulary generation and content features
ElevenLabs: Text-to-speech pronunciation services
Vercel: Hosting and content delivery
Resend: Transactional email delivery
PostgreSQL/Prisma: Secure database services for data storage
All third-party processors are bound by data processing agreements (DPAs) and are required to maintain GDPR compliance standards. Data transfers outside the EU are protected by appropriate safeguards such as Standard Contractual Clauses (SCCs).
As a data subject under GDPR, you have the following rights:
Right of Access (Art. 15): Request information about your personal data
Right to Rectification (Art. 16): Correct inaccurate personal data
Right to Erasure (Art. 17): Request deletion of your personal data
Right to Restrict Processing (Art. 18): Limit how we process your data
Right to Data Portability (Art. 20): Receive your data in a portable format
Right to Object (Art. 21): Object to processing based on legitimate interest
Right to Withdraw Consent: Withdraw consent for consent-based processing
To exercise these rights, contact us at support@koalareads.com. We will respond within 30 days.
Account Data: Retained for the duration of your account plus 3 years for legal obligations
Learning Data: Retained while your account is active; deleted upon account closure
Vocabulary Lists: Retained as part of your personal learning data
Usage Logs: Retained for 12 months for security and performance monitoring
Communication Data: Retained for 3 years for support purposes
When data is deleted, we ensure secure removal from all systems, including backups, within a reasonable timeframe not exceeding 6 months.
We implement comprehensive security measures to protect your personal data:
Encryption: Data in transit and at rest is encrypted using industry-standard protocols (TLS/SSL)
Access Control: Strict access controls and authentication for all systems
Secure Infrastructure: Hosted on secure, GDPR-compliant infrastructure
Regular Security Audits: Ongoing security assessments and vulnerability testing
Incident Response: Procedures for data breach detection and response
Staff Training: Regular data protection training for all personnel
When we transfer personal data outside the European Economic Area (EEA), we ensure adequate protection through:
European Commission adequacy decisions for trusted countries
Standard Contractual Clauses (SCCs) with service providers
Binding Corporate Rules where applicable
Additional safeguards as required by GDPR
We use essential cookies for authentication and session management. We do not use tracking cookies for advertising purposes. Analytics data is collected in an anonymized form to improve our service. You can control cookie preferences through your browser settings.
Our service is intended for users aged 16 and above. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our website and, where required by law, by sending you a notification. Your continued use of our service after such changes constitutes acceptance of the updated policy.
If you have any questions about this privacy policy or wish to exercise your rights, please contact us at:
SunsetPicnic UG (haftungsbeschränkt)
KoalaReads Platform
c/o Oksana Sawicka
Plantage 17
13597 Berlin, Germany
Email: support@koalareads.com
You also have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not complied with GDPR requirements. In Germany, this is the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI).