We — Brainlancer GmbH (“Brainlancer” or “we”) — would like to inform you about our processing of your personal data in accordance with the General Data Protection Regulation (“GDPR”).
Our privacy policy is modular. It consists of general information for any processing of personal data (I.) and special information, the content of which relates only to the specific processing situations like our website, app usage, and support (II. ff.).
The person responsible within the meaning of the GDPR and other national data protection laws is:
Brainlancer GmbH
Am Kaiserkai 69
20457 Hamburg
Germany
Email: admin@brainlancer.com
We process your personal data based on the following legal bases:
Personal data will be deleted or anonymized as soon as the purpose for its collection ceases to exist and no statutory retention periods (e.g., under commercial or tax law) require further storage.
Internally, only authorized personnel who require access to fulfill contractual or legal obligations will process your data. We utilize specialized service providers and data processors (e.g., IT hosting, analytics, payment infrastructure). These processors are contractually bound via Data Processing Agreements (DPAs) to handle your data securely and strictly according to our instructions.
In some cases, our service providers process data in countries outside the EU/EEA (e.g., the United States). To ensure an adequate level of data protection, we rely on adequacy decisions by the European Commission (such as the EU-U.S. Data Privacy Framework) or have concluded EU Standard Contractual Clauses (SCCs) with these providers.
As a data subject under the GDPR, you have the following rights against us:
When you visit our website, our servers automatically collect technical data from your device (log files).
Information Processed: Browser type/version, operating system, IP address, time/date of access, referrer URL.
Purpose & Legal Basis: Technical delivery of the website, system security, and troubleshooting. The legal basis is our legitimate interest (Art. 6 (1) (f) GDPR).
Hosting Services: We utilize secure hosting environments and Content Delivery Networks (CDNs) to host our website infrastructure (including modular tools like Webflow or proprietary servers). Appropriate DPAs and security measures are in place to safeguard this data. Log files are automatically deleted or anonymized within 7 days.
Brainlancer is responsible for the processing of your personal data within the bla.app. We utilize the platforms of Apple and Google to distribute the App. Their respective privacy policies apply to the download process.
To use the core features of the App, you must create an account.
Information Processed: Email address, first name, last name, password. If you use Third-Party Logins (e.g., "Sign in with Apple" or "Google Sign-In"), we receive your unique provider ID, name, and email address from the respective platform to set up your account.
Purpose & Legal Basis: To establish and fulfill our user contract with you (Art. 6 (1) (b) GDPR).
The App features an interactive speech trainer where you speak words or sentences to track and verify your pronunciation progress.
Information Processed: To use this feature, the App requires your permission to access your device’s microphone. Audio data (your voice recordings) is captured temporarily.
Groq API Integration: For automated transcription and pronunciation checking, the temporary voice recordings are securely processed via the API of Groq Inc. (Groq Cloud). Groq transcribes the audio into text so the App can analyze the correctness of your speech. The raw audio files are processed only for the immediate purpose of transcription.
Purpose & Legal Basis: The temporary processing of audio is essential for the core functionality of our learning tools (Art. 6 (1) (b) GDPR) and occurs based on your explicit consent when enabling microphone permissions (Art. 6 (1) (a) GDPR).
We offer fee-based premium subscriptions and services within the App.
RevenueCat: We use the service RevenueCat Inc. to manage and track the status of your in-app subscriptions and purchases made via the Apple App Store or Google Play Store. RevenueCat processes technical identifiers (such as an anonymous user ID and transaction receipts) to verify if you have an active subscription. RevenueCat does not store your credit card details or bank information.
Purpose & Legal Basis: Contract fulfillment to unlock paid digital content (Art. 6 (1) (b) GDPR).
Firebase & Google Analytics: To monitor performance, crash logs, and understand general user behavior, the App uses Firebase (Google Ireland Ltd. / Google LLC). IP addresses are automatically anonymized, ensuring no direct personal identification is possible. The legal basis for performance analytics is your consent (Art. 6 (1) (a) GDPR), while critical crash-logging constitutes a legitimate interest (Art. 6 (1) (f) GDPR) to ensure app stability.
Push Notifications: If permitted via your device settings, we process technical tokens to send you updates or learning reminders. Legal basis is contract fulfillment (Art. 6 (1) (b) GDPR).
Information Processed: If you contact us via email or through the contact support form on our website/app, we store the information provided (Email address, name, subject, message content, timestamp).
Purpose & Legal Basis: To process and answer your customer support requests. The legal basis is our legitimate interest in providing high-quality user support (Art. 6 (1) (f) GDPR) or contract fulfillment if your inquiry relates to an active subscription (Art. 6 (1) (b) GDPR).
If you enter into a business relationship with Brainlancer GmbH as a partner or vendor, we process master data (name, company address, contact information) and transaction/billing data. This data is processed exclusively for contract management, billing, and accounting compliance (Art. 6 (1) (b) & (c) GDPR).