Privacy Policy — Eloquentia
Effective date: 2026-05-02
This Privacy Policy informs you, in accordance with Articles 13 and 14 of the EU General Data Protection Regulation (GDPR) and applicable laws, about the processing of your personal data in the Eloquentia mobile application (the „App”).
1. Controller
RYTH UG (haftungsbeschränkt), Wiesenstraße 58C, 64331 Weiterstadt, Germany. Email: privacy@ryth-ug.de. A Data Protection Officer is not required under Art. 37 GDPR and has not been appointed.
2. Data we process
Account data: When you sign in with Apple, your Apple user ID and, where applicable, email (including Apple Relay) and name. When you use the App anonymously, a randomly generated identifier. Optional onboarding entries: display name, vocabulary level, difficulty preference, age range, gender, discovery source, daily learning goal.
Learning data: Your vocabulary progress, saved words and lists, exercise results, and App preferences such as language, color scheme, and notification settings.
Technical data: Push token (only if notifications are enabled), subscription status and App Store purchase receipts, product analytics events, crash reports.
We do not collect precise location data, contacts, photos, microphone or camera content, health data, biometric data, or the iOS advertising identifier (IDFA).
3. Purposes and legal bases
We process your data to provide App functionality, for authentication, for cross-device synchronization, for processing subscription purchases, and for speech synthesis of pronunciation (Art. 6(1)(b) GDPR — performance of contract).
We send push notifications only with your consent, which you may revoke at any time in iOS Settings (Art. 6(1)(a) GDPR).
For App improvement, stability analysis, and the establishment, exercise, or defense of legal claims, we process data on the basis of legitimate interests (Art. 6(1)(f) GDPR). You may object to such processing under Art. 21 GDPR (see § 7).
4. Recipients
We work with the following service providers, who act as processors under Art. 28 GDPR:
- Supabase for accounts and data storage (servers in the EU)
- RevenueCat for subscription management (USA)
- Amazon Web Services (AWS Polly) for speech synthesis (servers in the EU)
- PostHog for product analytics (servers in the EU; parent company in the USA)
Apple Inc. (USA) acts as an independent controller for push notifications and for processing in-app purchases; Apple’s privacy notices apply (https://www.apple.com/legal/privacy/).
Where data is transferred to the United States, we rely on the EU Standard Contractual Clauses (Implementing Decision 2021/914) and adequacy decisions where available (e.g., the EU–US Data Privacy Framework). A copy of the transfer safeguards is available on request.
5. Retention
Data on your device remains until you uninstall the App or clear it manually in App settings. Account and learning data on our backend are retained until you delete your account. Purchase data at RevenueCat is retained while your subscription is active; statutory retention obligations for receipts remain unaffected. Analytics events are linked to your account through your account identifier; on account deletion, your identity is reset so that subsequent events can no longer be attributed to you — full event deletion is available on request.
You can delete your account at any time in the App under Settings → Account → Delete account.
6. Children
The App is not directed at children under 16 (Art. 8 GDPR; some EU member states allow a lower minimum age). We do not knowingly collect data from children under 16. If you believe a child has provided personal data, please contact us at privacy@ryth-ug.de.
7. Your rights
You have the right to access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), to object to processing based on legitimate interests (Art. 21), and to withdraw consent at any time (Art. 7(3)) — without affecting the lawfulness of prior processing. You may also lodge a complaint with a supervisory authority (Art. 77).
To exercise your rights, contact privacy@ryth-ug.de. We will respond within one month; this period may be extended in accordance with Art. 12(3) GDPR. We may verify your identity using the email associated with your account.
8. Tracking, advertising, and automated decisions
We do not display advertising, do not use advertising identifiers, and do not sell or share personal data with advertising networks or data brokers. We do not engage in automated decision-making producing legal or similarly significant effects within the meaning of Art. 22 GDPR.
9. California residents (CCPA/CPRA)
In the past 12 months we have collected the following categories of personal information: identifiers (user identifier, email), commercial information (purchase history), internet/electronic activity (App interactions), and inferences (vocabulary level). We have not sold or shared personal information for cross-context behavioral advertising.
California residents have the rights to know, delete, correct, and limit, as listed in § 7 above, and the right to non-discrimination for exercising these rights. To exercise them, email privacy@ryth-ug.de. You may designate an authorized agent.
10. Security
We protect your data using technical and organizational measures consistent with the state of the art, in particular encrypted transmission and strict access controls on your account data. In the event of a notifiable personal data breach, we will notify the competent supervisory authority within 72 hours in accordance with Art. 33 GDPR, and affected users without undue delay where the breach is likely to result in a high risk (Art. 34 GDPR).
11. Changes to this Privacy Policy
We may update this Policy. The current version is available in the App and at https://ryth-ug.de/privacy with an updated „Effective date”. Material changes will be announced in the App.
12. Contact
Questions, complaints, or requests to exercise your rights: privacy@ryth-ug.de — RYTH UG (haftungsbeschränkt), Wiesenstraße 58C, 64331 Weiterstadt, Germany.