Skip to main content

Privacy Policy

Last updated: 8 July 2026

1. Introduction

This Privacy Policy explains how Shapedeep processes personal data when you use our mobile application, website, and related services (together, the “Services”).

Shapedeep is a language learning app designed to make language learning engaging, motivating, and accessible. The app includes learning content, exercises, progress tracking, streaks, achievements, leaderboards, social profile features, optional diagnostics, and other features that help users learn languages and improve their learning routine.

We are committed to privacy by design. We aim to collect only the data that is necessary to provide, protect, improve, and develop the Services. We do not sell your personal data.

This Privacy Policy applies to the Services operated by Shapedeep. It does not apply to third-party websites, third-party apps, or third-party services that may be linked from the Services and that are not controlled by us.

Please read this Privacy Policy carefully. If you do not agree with this Privacy Policy, please do not use the Services.

2. Controller and Contact Details

The controller responsible for the processing of your personal data is:

Shapedeep

Ender Temizdemir

c/o Postflex #7026

Emsdettener Str. 10

48268 Greven

Germany

No parcels or packages – Acceptance will be refused!

 

Privacy contact: privacy@shapedeep.com

Support contact: support@shapedeep.com

Website: https://shapedeep.com

 

If a data protection officer is appointed in the future, we will update this Privacy Policy with the relevant contact details.

3. Important Version Note

Some features described in this Privacy Policy may not be active in every app version, release channel, country, or user account.

For example, a current release may not display advertising and may not use the Android Advertising ID, while a future release may introduce advertising or ad-supported features. Similarly, some social or contact-discovery features may be enabled, disabled, changed, or removed depending on the app version and platform requirements.

Where a feature is optional, we process the relevant data only if the feature is available in your app version and you choose to use it, enable it, or give the required permission or consent.

Google Play, Apple App Store, and other app store privacy declarations for a specific app release describe the data practices of that specific release.

4. Data We Process

4.1 Account and Authentication Data

When you create or use an account, we may process:

  • your user ID;
  • your email address;
  • your username;
  • your display name or profile name;
  • your password authentication status;
  • your email verification status;
  • your sign-in provider, such as email/password or Google Sign-In;
  • authentication tokens and technical session data required to keep you signed in securely;
  • account creation, sign-in, and update timestamps.

Passwords are handled through Firebase Authentication or comparable authentication providers. We do not store your plain-text password in our own database.

We use account and authentication data to:

  • create and manage your account;
  • authenticate you securely;
  • prevent unauthorized access;
  • send password reset and email verification messages;
  • connect your learning progress with your account;
  • enforce our Terms and protect the Services.

Legal bases, where the GDPR applies:

  • performance of a contract, Article 6(1)(b) GDPR;
  • legitimate interests in account security and fraud prevention, Article 6(1)(f) GDPR;
  • legal obligations, Article 6(1)(c) GDPR, where applicable.

4.2 Profile Data

You may provide or generate profile-related information, such as:

  • username;
  • display name or profile name;
  • selected profile picture or avatar;
  • app language;
  • sound and notification preferences;
  • selected interface settings;
  • social profile information that is shown to other users where social features are enabled.

The current app uses predefined local profile image assets. If a future version allows uploads of custom photos or other user-generated profile content, we will process that content to provide the profile feature and will update the relevant app store disclosures and in-app information where required.

We use profile data to:

  • show your profile inside the app;
  • allow you to customize your account;
  • support social features such as public profile search, following, followers, friend relations, and profile viewing;
  • personalize your app experience.

Legal bases:

  • performance of a contract, Article 6(1)(b) GDPR;
  • legitimate interests in providing a user-friendly social and learning experience, Article 6(1)(f) GDPR;
  • consent, Article 6(1)(a) GDPR, where a feature requires consent.

4.3 Onboarding and Learning Preference Data

During onboarding and account setup, we may process:

  • age category;
  • confirmation that you are not under the minimum age for using the Services;
  • how you heard about Shapedeep;
  • learning reasons;
  • humor preference, including whether you are comfortable with edgy humor;
  • source language;
  • target language or target languages;
  • current target language;
  • text-to-speech locale;
  • app language and localization preferences;
  • whether onboarding has been completed;
  • whether Terms and Privacy Policy have been accepted;
  • Terms and Privacy Policy version identifiers;
  • telemetry or analytics consent preference.

We use this data to:

  • determine whether you are eligible to use the Services;
  • personalize onboarding;
  • configure your language learning path;
  • select appropriate language content;
  • configure text-to-speech behavior;
  • remember your preferences;
  • document your legal and privacy choices.

Legal bases:

  • performance of a contract, Article 6(1)(b) GDPR;
  • consent, Article 6(1)(a) GDPR, for optional choices and telemetry;
  • legitimate interests in providing a safe and personalized learning service, Article 6(1)(f) GDPR;
  • legal obligations, Article 6(1)(c) GDPR, where we must document consent or comply with age-related requirements.

4.4 Learning Progress and App Activity Data

To provide the core language learning experience, we process learning and progress data such as:

  • selected courses and languages;
  • current lesson path;
  • completed lessons;
  • completed themes or chapters;
  • completed task IDs;
  • lesson accuracy;
  • difficulty level;
  • total exercises and correct-first-try exercises;
  • source language and target language for lessons;
  • theme, chapter, and lesson identifiers;
  • learning progress by language;
  • experience points and other in-app point balances;
  • achievements and global achievements;
  • daily missions and mission progress;
  • streaks, learning days, freeze and reserve tools;
  • mystery prize state and rewards;
  • league group, weekly XP, and leaderboard-related values;
  • timestamps related to progress and rewards.

Many sensitive economy, reward, streak, mission, achievement, protected-content, social, and league operations are handled server-side through Cloud Functions. This helps prevent manipulation and protects other users.

We use this data to:

  • save and restore your progress;
  • provide lessons and exercises;
  • calculate rewards, streaks, achievements, missions, and leaderboards;
  • prevent abuse or manipulation;
  • keep the app experience consistent across sessions and devices;
  • provide support and resolve learning-progress issues.

Legal bases:

  • performance of a contract, Article 6(1)(b) GDPR;
  • legitimate interests in service integrity, fraud prevention, balancing, and app security, Article 6(1)(f) GDPR.

4.5 Protected Learning Content Requests

Some learning content is protected and is not bundled directly into production app builds. When you start a relevant lesson or chapter, the app may request protected content from our backend.

For protected content requests, we may process:

  • your user ID;
  • authentication state;
  • selected language pair;
  • theme ID;
  • chapter number;
  • task references;
  • schema version;
  • content version;
  • request timestamp;
  • rate-limit counters;
  • App Check or integrity signals, where enabled;
  • limited technical logs needed to debug, secure, and rate-limit protected content access.

We use this data to:

  • deliver protected learning content only when needed;
  • prevent unauthorized access;
  • reduce mass scraping or automated downloading;
  • enforce rate limits;
  • verify that the request matches the user’s learning context;
  • protect our intellectual property and the stability of the Services.

Legal bases:

  • performance of a contract, Article 6(1)(b) GDPR;
  • legitimate interests in content protection, security, abuse prevention, and service integrity, Article 6(1)(f) GDPR.

4.6 Social Features, Public Profiles, Friend Relations, and Search

If social features are available and you use them, we may process:

  • your public profile;
  • user ID;
  • username or display name;
  • selected profile picture or avatar;
  • following and follower relationships;
  • friend or follow actions;
  • public profile search queries;
  • public profile lookup requests;
  • timestamps and technical metadata for social actions.

The app is designed so that social operations are handled through backend functions rather than direct client-side writes to private user records. Public profile search does not require reading other users’ private user documents directly.

We use social data to:

  • show public profiles;
  • allow users to find and follow other learners;
  • list following and follower relationships;
  • manage social interactions securely;
  • prevent duplicate or invalid follow actions;
  • protect private user data.

Legal bases:

  • performance of a contract, Article 6(1)(b) GDPR;
  • legitimate interests in providing safe social learning features, Article 6(1)(f) GDPR;
  • consent, Article 6(1)(a) GDPR, where required for optional social features.

4.7 Contact Discovery

The current Android release may not include device contact access. If contact discovery is disabled in your app version, the app does not read your device address book.

If a contact discovery feature is made available in a future or specific app version, and you choose to use it, the app may ask for permission to access your device contacts. If you grant permission, the app may process email addresses stored in your address book to help you find people you may know on Shapedeep.

If enabled, contact discovery would be optional. We would use contact email addresses only to look for matching Shapedeep public profiles. We would not write, modify, or delete your device contacts. We would not send invitations to your contacts without your separate action. We would not sell contact information.

You can avoid this processing by not using contact discovery, denying the permission, or revoking the permission in your device settings.

Legal bases:

  • consent, Article 6(1)(a) GDPR;
  • performance of a contract, Article 6(1)(b) GDPR, where you request the feature.

4.8 Feedback, Error Reports, and Feature Requests

If you submit feedback, an error report, or a feature request, we may process:

  • the message you submit;
  • the type of submission;
  • the source screen or source context;
  • limited diagnostic context such as screen type, language pair, theme index, chapter index, lesson index, or task ID;
  • your user ID if you are signed in;
  • timestamps;
  • technical response IDs.

We limit client-side message and context sizes to reduce the chance of excessive or unnecessary data collection.

Please do not include passwords, payment details, private messages, health information, or other sensitive information in free-text feedback unless it is strictly necessary for your request.

We use this data to:

  • respond to support requests;
  • investigate bugs;
  • improve app quality;
  • prioritize product improvements;
  • detect recurring issues.

Legal bases:

  • performance of a contract, Article 6(1)(b) GDPR, where the request relates to your account or service use;
  • legitimate interests in support, quality improvement, and service security, Article 6(1)(f) GDPR;
  • consent, Article 6(1)(a) GDPR, where you voluntarily submit optional feedback.

4.9 Analytics, Usage Statistics, and Diagnostics

The app is designed to keep analytics and crash diagnostics disabled by default before user consent and app configuration allow collection.

If you opt in to usage statistics and diagnostics, and if the current app configuration allows it, we may process:

  • screen views;
  • route names without query parameters;
  • event names;
  • limited event parameters;
  • task completion counts;
  • app interactions;
  • app version;
  • device type;
  • operating system version;
  • crash reports;
  • error types;
  • sanitized diagnostic keys;
  • user ID only where collection is enabled and necessary for diagnostics or analytics.

The app aims to sanitize analytics and diagnostic data. Debug logging is designed to avoid printing user IDs, emails, reset codes, full routes with query parameters, event parameter values, passwords, tokens, or other sensitive data.

If you disable usage statistics and diagnostics, analytics collection is disabled, analytics identity is cleared or reset where applicable, and Crashlytics user identifiers are cleared where applicable.

We use analytics and diagnostics to:

  • understand how the app is used;
  • improve lessons and user experience;
  • identify broken screens or flows;
  • diagnose crashes and technical errors;
  • improve stability, performance, and accessibility;
  • measure feature usage in a privacy-conscious way.

Legal bases:

  • consent, Article 6(1)(a) GDPR, for optional analytics and crash diagnostics;
  • legitimate interests, Article 6(1)(f) GDPR, for strictly necessary security and operational logs that are required to keep the Services secure and functional.

You may change your telemetry preference in the app settings where this feature is available.

4.10 Advertising ID, Advertising, and Future Monetization

The current Android release may be configured not to use the Google Play services Advertising ID and may explicitly disable Advertising ID collection for analytics.

If Shapedeep introduces advertising, ad-supported features, advertising measurement, or ad personalization in a future app version, we may process additional data such as:

  • advertising identifiers, where permitted and declared;
  • app interactions relevant to ad measurement;
  • broad audience segments;
  • approximate region or language;
  • ad impressions, clicks, and performance events;
  • consent status and privacy preferences.

We will not use advertising identifiers or personalized advertising technologies unless they are enabled in your app version and we have a valid legal basis. Where required by law or platform policy, we will request consent, provide controls, update app store disclosures, and update this Privacy Policy.

You can usually reset or delete the Android Advertising ID in your device settings. You may also have app-level controls where advertising or personalization features are enabled.

Legal bases:

  • consent, Article 6(1)(a) GDPR, where required for advertising identifiers, personalized advertising, or tracking;
  • legitimate interests, Article 6(1)(f) GDPR, for limited non-personal or aggregated ad measurement where permitted;
  • performance of a contract, Article 6(1)(b) GDPR, where advertising-free paid features are provided as part of a paid plan.

4.11 Device, Technical, and Security Data

When you use the Services, we may process technical data such as:

  • device type;
  • operating system;
  • app version;
  • language and locale settings;
  • approximate network information;
  • IP address as processed by service providers and security systems;
  • request timestamps;
  • backend response codes;
  • authentication and integrity signals;
  • crash and performance information if diagnostics are enabled;
  • logs needed for security, abuse prevention, and service reliability.

We use this data to:

  • operate the Services;
  • secure accounts and backend functions;
  • detect suspicious or abusive use;
  • prevent scraping or unauthorized access;
  • troubleshoot technical problems;
  • maintain service reliability.

Legal bases:

  • performance of a contract, Article 6(1)(b) GDPR;
  • legitimate interests in security, abuse prevention, and reliable service operation, Article 6(1)(f) GDPR;
  • legal obligations, Article 6(1)(c) GDPR, where applicable.

4.12 Payment and Subscription Data

Shapedeep may offer paid services, subscriptions, trials, in-app purchases, or ad-free plans in the future.

If paid services are available and you purchase them, we and our payment providers may process:

  • billing name;
  • billing address, if required;
  • payment method information;
  • transaction identifiers;
  • payment amount;
  • currency;
  • subscription status;
  • purchase date;
  • renewal and cancellation status;
  • invoice and receipt information;
  • tax-related information.

Full payment card details are processed by payment processors or app store billing providers. We do not intend to store full credit card numbers on our own servers.

We use payment and subscription data to:

  • process payments;
  • provide paid features;
  • prevent fraud;
  • send receipts and account-related messages;
  • comply with tax, accounting, and consumer protection obligations.

Legal bases:

  • performance of a contract, Article 6(1)(b) GDPR;
  • legal obligations, Article 6(1)(c) GDPR;
  • legitimate interests in fraud prevention and payment security, Article 6(1)(f) GDPR.

4.13 Marketing Communications

If you opt in to marketing communications, we may process:

  • your email address;
  • your marketing preference;
  • language and region preference;
  • email interaction data, such as whether an email was opened or a link was clicked, where provided by our email service provider and permitted by law;
  • survey responses or voluntary feedback.

We use this data to:

  • send newsletters;
  • announce new features;
  • invite feedback or surveys;
  • inform you about offers or paid features;
  • measure marketing effectiveness.

You can unsubscribe from marketing communications at any time. Unsubscribing from marketing does not affect service-related messages such as password resets, security notices, payment confirmations, or important legal updates.

Legal bases:

  • consent, Article 6(1)(a) GDPR;
  • legitimate interests in measuring non-intrusive communications, Article 6(1)(f) GDPR, where permitted.

4.14 Website Data, Cookies, and Similar Technologies

If you use our website, we may process:

  • IP address;
  • browser type and version;
  • device type;
  • operating system;
  • referral URL;
  • pages visited;
  • timestamps;
  • cookie consent settings;
  • essential cookies;
  • analytics cookies, where enabled;
  • advertising or marketing cookies, where enabled and permitted.

Essential cookies are used to provide core website functions. Analytics, advertising, or marketing cookies are used only where permitted by law and according to your cookie choices.

You can manage cookies in your browser settings and through any cookie preference tools we provide.

5. How We Use Personal Data

We use personal data for the following purposes:

  • to create and manage accounts;
  • to authenticate users;
  • to provide language learning content;
  • to save and restore learning progress;
  • to provide streaks, achievements, missions, rewards, and leaderboards;
  • to provide protected learning content securely;
  • to personalize learning paths and app settings;
  • to provide optional social features;
  • to process optional feedback, bug reports, and feature requests;
  • to provide support;
  • to send account-related messages;
  • to provide optional analytics and diagnostics after opt-in;
  • to prevent fraud, cheating, scraping, and unauthorized access;
  • to secure backend infrastructure;
  • to comply with legal obligations;
  • to process payments and subscriptions if paid services are offered;
  • to provide advertising or marketing if enabled in a future version and permitted;
  • to improve the Services.

6. Legal Bases for Processing

Where the GDPR applies, we rely on the following legal bases:

Performance of a contract, Article 6(1)(b) GDPR

We use this basis when processing is necessary to provide the Services you request, including account creation, authentication, learning progress, lesson completion, profile features, social features, support, and paid services.

Consent, Article 6(1)(a) GDPR

We use this basis for optional telemetry, analytics, diagnostics, marketing communications, optional contact discovery, optional advertising identifiers, and certain personalization or tracking features where consent is required.

Legal obligations, Article 6(1)(c) GDPR

We use this basis where we must comply with tax, accounting, consumer protection, data protection, or other legal requirements.

Legitimate interests, Article 6(1)(f) GDPR

We use this basis for security, fraud prevention, abuse prevention, rate limiting, protecting protected learning content, debugging, service reliability, non-invasive product improvement, and legal claim handling, provided that your interests and rights do not override those interests.

7. Sharing Personal Data

We do not sell your personal data.

We may share personal data with the following categories of recipients:

7.1 Service Providers

We use service providers to operate the Services. These may include:

  • cloud hosting providers;
  • Firebase and Google Cloud services;
  • authentication providers;
  • analytics and crash reporting providers;
  • app integrity and security providers;
  • email delivery providers;
  • payment processors or app store billing providers, if paid services are offered;
  • customer support and communication tools;
  • advertising or ad measurement providers, if advertising is introduced and enabled.

Service providers process data only as necessary to provide services to us, under contractual obligations and applicable data protection requirements.

7.2 Firebase and Google Services

We use Firebase and Google services for functions such as:

  • authentication;
  • Firestore database;
  • Cloud Functions;
  • Remote Config;
  • Analytics, where enabled;
  • Crashlytics, where enabled;
  • App Check or app integrity;
  • cloud infrastructure;
  • email verification and password reset flows;
  • Google Sign-In, if you choose that sign-in method.

The exact data processed by Firebase and Google services depends on the feature, your consent choices, the app version, and the relevant Firebase configuration.

7.3 Other Users

If you use public profile or social features, other users may see limited public profile information, such as:

  • display name or username;
  • selected avatar or profile picture;
  • public profile status;
  • follower/following relationship information, depending on the feature.

We do not intentionally show your private account document, private email address, private learning progress, or private onboarding preferences to other users, unless a feature clearly says that such information will be public.

7.4 Legal, Safety, and Compliance Recipients

We may disclose personal data if necessary to:

  • comply with law;
  • respond to lawful requests;
  • protect our rights, users, or the public;
  • prevent fraud, abuse, or security incidents;
  • enforce our Terms;
  • defend legal claims;
  • complete a business transaction such as a merger, acquisition, restructuring, or asset sale.

7.5 With Your Consent

We may share data with third parties if you ask us to do so or give us consent, for example for a testimonial, research participation, promotional campaign, integration, or partner feature.

8. International Data Transfers

We aim to process core user data within the European Union where technically and commercially feasible. Our primary backend functions are configured to use the Google Cloud/Firebase region `europe-west3` for core backend operations where applicable.

However, some providers, including Google and Firebase services, may process service data, support data, diagnostic data, security data, or infrastructure data outside the European Economic Area. Where personal data is transferred internationally, we rely on appropriate safeguards, such as:

  • adequacy decisions;
  • the EU-U.S. Data Privacy Framework, where applicable;
  • Standard Contractual Clauses;
  • data processing agreements;
  • technical and organizational safeguards;
  • encryption in transit and at rest where provided by the service.

Some technical scheduler or infrastructure metadata may be processed outside the EEA. We aim to keep such processing limited and not to include lesson content or unnecessary personal data in scheduler payloads.

9. Security Measures

We use technical and organizational measures designed to protect personal data, including:

  • authentication controls;
  • server-side validation through Cloud Functions;
  • Firestore security rules;
  • limited client-side write permissions;
  • protected content delivery through backend functions;
  • rate limiting for protected content;
  • App Check or integrity checks where enabled;
  • encryption in transit;
  • provider-side encryption at rest where supported;
  • role-based access controls;
  • avoiding secrets and admin credentials in the app bundle;
  • disabling verbose production logging;
  • debug-only logging helpers;
  • sanitization of diagnostics and event parameters;
  • limiting free-text submission and context sizes.

No internet-based service can be guaranteed to be completely secure. You are responsible for keeping your login credentials confidential and for using a secure device and network.

If you believe your account has been compromised, contact us at support@shapedeep.com or privacy@shapedeep.com.

10. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Account data

We keep account data for as long as your account exists. If you delete your account, we delete or anonymize account data unless we must retain certain data for legal, security, or dispute-resolution reasons.

Learning progress data

We keep learning progress, streaks, rewards, achievements, missions, language preferences, and similar learning data for as long as needed to provide the Services and restore your progress.

Public profile and social data

We keep public profile and friend/follow relationship data for as long as your account exists or until the feature is changed, removed, deleted, or otherwise no longer needed. Account deletion is designed to remove or disconnect your public profile and friend relation data where technically feasible.

Protected content request and rate-limit data

We retain protected-content request metadata and rate-limit data only as long as needed to deliver protected content, enforce limits, investigate abuse, maintain security, and operate the Services.

Analytics and diagnostics data

If you opt in, analytics and diagnostics data are retained according to our Firebase or analytics provider settings and our operational needs. We aim to use aggregated, pseudonymized, or limited data where possible.

Crash reports

Crash reports and related diagnostics are retained as long as needed to identify, investigate, and fix stability issues, subject to provider retention settings and your consent choices.

Support, feedback, error reports, and feature requests

We keep support and feedback records as long as needed to respond, investigate issues, improve the Services, and handle follow-up requests. We may retain records longer if they are relevant to legal claims, abuse prevention, or security investigations.

Payment and transaction data

If paid services are offered, payment and transaction records may be retained as required for accounting, tax, consumer protection, fraud prevention, and legal compliance. We do not intend to store full payment card numbers on our own servers.

Marketing preferences

We retain marketing consent and unsubscribe records as long as necessary to respect your choices.

Backups

Personal data may remain in encrypted or protected backups for a limited period until backups are overwritten or deleted according to our backup cycles.

Inactive accounts

If your account remains inactive for an extended period, we may contact you before deleting or anonymizing the account. We may also retain limited records where required for legal, security, or accounting reasons.

11. Account Deletion

You may request deletion of your account from within the app where available or by contacting privacy@shapedeep.com.

Account deletion may require recent authentication to protect your account from unauthorized deletion.

When account deletion is completed, we aim to delete or disconnect:

  • your authentication account;
  • your private user document;
  • your public profile;
  • friend or follow relations associated with your account;
  • account-linked learning progress where deletion is technically and legally possible.

Some data may remain if retention is required or permitted by law, for example:

  • transaction or invoice data;
  • legal claim records;
  • abuse-prevention records;
  • security logs;
  • aggregated or anonymized statistics;
  • backups until overwritten;
  • records necessary to protect other users’ rights.

12. Your Rights

Depending on your location and applicable law, you may have rights including:

  • the right to be informed about processing;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restriction of processing;
  • the right to data portability;
  • the right to object;
  • the right to withdraw consent at any time;
  • the right not to be subject to certain automated decisions;
  • the right to lodge a complaint with a supervisory authority.

If you are in the European Economic Area, you may contact your local data protection supervisory authority. In Germany, this may include the competent state data protection authority depending on our business location.

To exercise your rights, contact privacy@shapedeep.com. We may need to verify your identity before fulfilling a request.

Withdrawing consent does not affect processing that took place before consent was withdrawn.

13. Telemetry and Privacy Choices

Where available in the app, you can choose whether to enable usage statistics, analytics, and crash diagnostics.

If telemetry is disabled:

  • Firebase Analytics collection is disabled where applicable;
  • analytics identity is cleared or reset where applicable;
  • Crashlytics collection is disabled where applicable;
  • Crashlytics user identifiers are cleared where applicable;
  • optional diagnostics are not sent.

Essential security, authentication, and backend logs may still be processed when necessary to provide and secure the Services.

14. Children and Teens

The Services are not intended for children under 13. If you indicate that you are under 13 during onboarding, you may be blocked from continuing.

Users aged 13 to 17 should use the Services only with permission from a parent or legal guardian where required by applicable law.

We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided personal data to us, contact privacy@shapedeep.com and we will take appropriate steps.

We do not knowingly use minors’ personal data for personalized advertising where prohibited by law or platform policy.

15. Automated Decision-Making and Profiling

We may use automated systems to:

  • route onboarding;
  • recommend or unlock learning content;
  • calculate progress, XP, streaks, missions, achievements, rewards, and leagues;
  • detect invalid requests or abuse;
  • enforce protected-content rate limits;
  • personalize the learning experience.

These systems are used to provide the Services and protect the app. We do not use automated decision-making that produces legal or similarly significant effects on you without appropriate safeguards.

If a future feature uses profiling for advertising or materially different personalization, we will update this Privacy Policy and provide any required consent or opt-out choices.

16. Third-Party Links and Services

The Services may contain links to third-party websites, app store pages, payment providers, social platforms, or external services. We are not responsible for the privacy practices of third parties. Please review their privacy policies before using them.

If you use Google Sign-In or another third-party sign-in provider, that provider may process data under its own privacy policy.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If changes are material, we will provide appropriate notice, such as:

  • an in-app notice;
  • an email to your account email address;
  • a notice on our website;
  • an updated “Last updated” date.

If a change requires consent, we will request consent where required by law.

Your continued use of the Services after an updated Privacy Policy becomes effective means that the updated policy applies to your continued use of the Services. If you do not agree with the updated policy, you should stop using the Services and may request account deletion.

18. Contact

For privacy questions, requests, or complaints, contact:

privacy@shapedeep.com

For support questions, contact:

support@shapedeep.com

Controller:

Shapedeep

Ender Temizdemir

c/o Postflex #7026

Emsdettener Str. 10

48268 Greven

Germany

No parcels or packages – Acceptance will be refused!