Deduco
πŸ‡©πŸ‡ͺ Deutsche VersionBack

Privacy Policy

Last updated: April 2026 Β· Applies to deduco.de and app.deduco.de

1. Data Controller

Johannes Bauersachs

Lissi-Kaeser-Str. 6

80797 MΓΌnchen

Germany

Email: support@deduco.de

2. Data We Collect

Account Data

Email address and display name when you create an account.

Learning Data

Questions answered, XP earned, progress per subject, streaks, and leaderboard ranking.

Payment Data

If you subscribe to Deduco Pro, payment details are processed by RevenueCat and the respective app store (Apple / Google). We do not store full payment card data.

Technical Data

IP address, device type, operating system, app version, and anonymised crash reports.

3. How We Use Your Data

  • Providing and operating the learning app
  • Personalising your learning experience (spaced repetition, XP system)
  • Managing your account and subscription
  • Running leaderboards and social features
  • Maintaining technical reliability and fixing bugs
  • Communicating with you about your account

4. Legal Basis (GDPR)

  • Art. 6(1)(b) GDPR β€” Performance of a contract (account and subscription management)
  • Art. 6(1)(f) GDPR β€” Legitimate interests (security, crash reporting, fraud prevention)
  • Art. 6(1)(a) GDPR β€” Consent, where separately obtained

5. Third-Party Services

Supabase β€” Database & Authentication

We use Supabase (Supabase Inc., USA) for database hosting and user authentication. Data may be transferred to the USA under standard contractual clauses.

Supabase Privacy Policy

RevenueCat β€” Subscription Management

Subscriptions are managed via RevenueCat (RevenueCat Inc., USA), which processes transaction and entitlement data.

RevenueCat Privacy Policy

Sentry β€” Error Monitoring

We use Sentry (Functional Software Inc., USA) for anonymised crash and error reporting.

Sentry Privacy Policy

Google Gemini β€” AI Patient Simulation

AI patient dialogue is generated via the Google Gemini API (Google LLC, USA). Free-text inputs may be transmitted to Google for processing.

Google Privacy Policy

6. Data Retention

We retain personal data only as long as necessary for the described purposes or as required by law. When you delete your account, personal data is removed within 30 days unless legal retention obligations apply.

7. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erasure ("right to be forgotten") (Art. 17)
  • Restrict processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)
  • Withdraw consent at any time (Art. 7(3))

To exercise these rights, contact us at: support@deduco.de

You also have the right to lodge a complaint with a data protection supervisory authority.

8. Contact

For any privacy-related questions or to exercise your rights, please contact us at: support@deduco.de

Last updated: April 2026 Β· This policy may be updated at any time. We will notify users of material changes.