Privacy policy
Last updated: 25 May 2026. The legally binding version is the German one.
1. Controller
Beshoy Khalil
Cornelius-Fredericks-Str. 48F, 13351 Berlin, Germany
Email: info@wortodo.de
This policy applies both to the website wortodo.de and to the Wortschatz mobile app (the "app"). The provider and controller is Beshoy Khalil; the app is published in the app stores under the developer name "Wortodo".
2. What this website collects
This website is served via Cloudflare Pages. Technically necessary data is recorded in log files when you visit:
- IP address
- Date and time of the request
- Requested URL and HTTP status
- User-agent (browser and OS identifier)
- Amount of data transferred
This data is used solely to operate the website securely (defending against attacks, debugging) and is not combined with other data. Legal basis is Art. 6 (1) (f) GDPR; the legitimate interest is providing a functional website that is protected against abuse. On balance, the rights and interests of users do not override this interest, since only technical connection data is processed briefly and without further analysis.
Cloudflare deletes the logs automatically according to its current retention policy. The default retention for Cloudflare Pages access logs is a few days (typically up to 7 days); aggregate security events may be retained for longer.
We do not set cookies and we do not use analytics tools. No tracking, no profiling, no third-party scripts, no advertising tags. No automated decision-making within the meaning of Art. 22 GDPR takes place.
Note on the Android beta: The "Join the beta" button is purely a link to a Google Group and to Google Play, both operated by Google. Only if you voluntarily join the tester group does Google process your email address to register you as a tester; we process your email address as controller to administer the closed test. The legal basis is your consent under Art. 6 (1) (a) GDPR, given by joining and withdrawable at any time by leaving the group. This website itself collects no data through the link.
Providing this data is neither legally nor contractually required. Without the transmission of the technical connection data listed above, however, the website cannot be delivered to your browser.
3. Local storage (localStorage)
This website stores a single entry in your browser's local storage (localStorage) under the key wortodo-theme. It records only your choice of color scheme (light / dark) so it persists between visits.
This entry contains no personal data, stays in your browser, and is never transmitted to our servers or to third parties. You can delete it at any time via your browser settings. Legal basis is Art. 6 (1) (f) GDPR (legitimate interest in a comfortable interface); in our view no consent is required under § 25 (2) no. 2 TDDDG (the German telecommunications and digital-services data-protection act, formerly TTDSG) for this strictly necessary preference.
4. What the Wortschatz app collects
The app uses two services provided by Google LLC / Google Ireland Ltd. (Firebase) for stability and aggregate usage analysis: Firebase Crashlytics (crash reports) and Firebase Analytics (event telemetry). Your learning progress and vocabulary content still remain exclusively on your device; only the event and crash data listed below is transmitted.
In detail:
- Firebase Crashlytics transmits a report to Google whenever the app crashes, hits an ANR ("Application Not Responding"), or catches a non-fatal exception. The report contains the stack trace, breadcrumb log lines forwarded from the Kermit logging library at severity "Info" and above, device model, OS version, app version, and an opaque per-install Firebase Installation ID. Kotlin/Native symbol names beyond the public framework surface are stripped from the binary on iOS Release builds.
- Firebase Analytics records automatic lifecycle events (app launch, session start, screen view) plus a limited set of app-specific events about your interaction with the learning interface — such as marking a word as "known" or "revisit", playing the speech output, revealing the English translation, and changes to your settings. Each event carries a small set of technical parameters: an internal word identifier referring to a published vocabulary entry (not a person), your CEFR level, the part of speech, and individual UI preferences. No free-text input, no learning content, no self-entered data is transmitted.
- What is not collected: no user account, no sign-in, no email address, no real name, no advertising identifier (no IDFA / no Google AAID), no precise location data. No call to
setUserIdis made; the Firebase Installation ID is an opaque per-install identifier and is not exposed to us outside the Firebase console. - Retention at Google: Crashlytics events are deleted by Google after 90 days. Analytics event-level data is retained for up to 14 months after the event, then deleted; user / installation-level data is deleted after 14 months of inactivity. These figures mirror the retention settings configured in the Firebase console.
- Learning progress (marked words, favourites, today's assignment) still lives exclusively on your device in an SQLCipher-encrypted SQLite database and never leaves it. There is no cloud sync; only the event metadata listed above is sent to Firebase.
- Opt-out: the app's settings include a "Telemetry" toggle. Switching it off immediately propagates
setCrashlyticsCollectionEnabled(false)andsetAnalyticsCollectionEnabled(false)to both SDKs, so no further reports or events are transmitted. The toggle is enabled by default (opt-out model). - International transfer: data is processed on Google infrastructure that may also be located in the United States. See section 7 for the legal basis of the transfer.
- Device permissions: optionally the app requests permission to display local notifications (three reminders per day). These are scheduled locally by the operating system without any push server. You can revoke the permission at any time in your device settings.
- Speech output uses the operating system's built-in text-to-speech services (Android:
TextToSpeech, iOS:AVSpeechSynthesizer). Their data processing is governed by Google's and Apple's respective privacy notices. - Network: besides the Firebase connections above, the app makes no background requests to servers we control. The learning experience itself needs no internet connection; telemetry is buffered and sent when a connection is available.
- App stores: downloading the app from the Apple App Store or Google Play is additionally subject to those stores' privacy practices, over which we have no influence.
Legal bases. The processing of crash and diagnostic data via Firebase Crashlytics is based on our legitimate interest under Art. 6 (1) (f) GDPR in operating a functional, debuggable app; you can exercise your right to object under Art. 21 GDPR at any time via the "Telemetry" toggle. The processing of usage events via Firebase Analytics is based additionally on your consent under Art. 6 (1) (a) GDPR — which you give by leaving the "Telemetry" toggle enabled — together with our legitimate interest under Art. 6 (1) (f) GDPR in improving the app.
§ 25 TDDDG. The Firebase Installation ID is stored on, and read from, your terminal device as a persistent identifier. We rely on your consent expressed via the "Telemetry" toggle within the meaning of § 25 (1) TDDDG (the German implementation of the ePrivacy Directive). We do not invoke the "strictly necessary" exemption under § 25 (2) no. 2 TDDDG.
5. Data sources and in-app content
The words shown in the app are drawn from the frequency lists of the Wortschatz Leipzig corpora of Leipzig University, licensed under Creative Commons Attribution 4.0 International (CC BY 4.0).
Example sentences and English translations were generated once during content production using the Anthropic Claude API and are subsequently shipped statically inside the app. During use of the app there is no data exchange with Anthropic or any other AI provider — all content is materialised into a local database at build time and delivered with the app.
6. Your rights
At any time you have the right to:
- access (Art. 15 GDPR)
- rectification (Art. 16 GDPR)
- erasure (Art. 17 GDPR)
- restriction of processing (Art. 18 GDPR)
- data portability (Art. 20 GDPR)
- object to processing (Art. 21 GDPR)
- withdraw a consent you have given (Art. 7 (3) GDPR) — without affecting the lawfulness of processing carried out beforehand
- lodge a complaint with a supervisory authority (Art. 77 GDPR)
To exercise these rights, an informal email to info@wortodo.de is enough. The fastest way to stop further processing of your data is the in-app "Telemetry" toggle (see section 4); switching it off stops any further event or crash transmission immediately.
For erasure or access requests concerning the Firebase data described in section 4, we need the Firebase Installation ID of your specific app install (visible inside the app under Settings → About). Once you have provided it, we file a deletion request with Google via the Firebase DSR tooling.
Because we operate no user account and keep no server-side session history of our own, this opaque ID is the only way we can single out a specific installation. If you cannot provide it — for example because you have already uninstalled the app — under Art. 11 GDPR we are not obliged to maintain additional information for the sole purpose of identifying you, and under Art. 12 (2) sentence 2 GDPR we will inform you accordingly. Practical alternatives are: (a) switch the in-app "Telemetry" toggle off, which immediately stops any further transmission; (b) uninstall and reinstall the app, which generates a fresh Installation ID and orphans the old one; or (c) wait for the retention windows in section 4 to elapse, after which Google purges the data automatically.
The supervisory authority responsible for our seat is the Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin, Germany, www.datenschutz-berlin.de. You may also contact the supervisory authority responsible for your habitual residence.
7. Third-party services and international transfers
This website is delivered via Cloudflare Pages, operated by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare processes technical connection data on our behalf as a processor under Art. 28 GDPR.
Within Cloudflare's global infrastructure, personal data may be transferred to third countries, in particular the United States. To our knowledge Cloudflare is certified under the EU-US Data Privacy Framework; in addition, Cloudflare offers Standard Contractual Clauses pursuant to Art. 46 (2) (c) GDPR, which our transfer relies on. Details are set out in Cloudflare's privacy policy and in its Data Processing Addendum.
The app additionally uses Firebase Crashlytics and Firebase Analytics, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, with an EU representative: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. Google processes the data described in section 4 as a processor under Art. 28 GDPR; the processing is governed by the Firebase Data Processing and Security Terms.
Within the Firebase infrastructure, personal data may be transferred to third countries, in particular the United States. To our knowledge Google is certified under the EU-US Data Privacy Framework; in addition, Standard Contractual Clauses under Art. 46 (2) (c) GDPR apply, on which the transfer relies. Further detail on Google's data processing is available in Firebase's privacy and security documentation.
Beyond that, we use no other third-party services — no Google Analytics on the website, no Meta pixel, no external fonts from Google Fonts, no ad networks, no CDN-loaded scripts.
8. Security
The website is served exclusively over HTTPS (TLS). The app stores its learning content locally in an SQLCipher-encrypted SQLite database on your device. All transmissions to Firebase (see section 4) are encrypted over HTTPS / TLS.
9. Children
The app and this website are not directed at children under 16. We do not knowingly collect personal data from children under 16; the telemetry described in section 4 can be disabled at any time via the "Telemetry" toggle. If a child nevertheless contacts us by email, we retain that message only as long as is needed to answer the request and delete it afterwards.
10. No automated decision-making
The app carries out no automated decision-making within the meaning of Art. 22 GDPR — including profiling — that produces legal effects on you or similarly significantly affects you. The selection of the three daily words is computed deterministically and entirely on your device based on your chosen CEFR level, your prior word markings, and the current local-time slot. No further profile leaves your device.
11. Changes to this policy
We may update this policy to reflect changes in law or in the website / app. The current version is always available at this URL. Material changes are reflected by an updated "Last updated" date.