Privacy Policy – TRAININGG

Quick note: This Privacy Policy explains how Nico Ettlinger – Digital Solutions (“we”, “us”, or “Service Provider”) collects, uses, and protects personal data when you use the TRAININGG mobile application (“App”).
The App is offered as a Freemium Software-as-a-Service (SaaS) product distributed exclusively through the Apple App Store and Google Play Store.
It is intended for use as is, without separate registration or web purchase flow.

Controller: Nico Ettlinger – Digital Solutions (sole proprietorship)
Address: Am Seeacker 19, 93326 Abensberg, Germany
Email: [email protected]
Effective Date: 1 November 2025

1. Data We Collect

1.1 Automatically collected data

When you install or use the App, certain technical information is automatically collected:

Device model, operating system version, language, and time zone
App version, screens visited, session length, crash logs, and performance metrics
IP address (short-term, for security and analytics)
Approximate device location (country-level only, no precise GPS tracking)

This information is processed in aggregated or pseudonymized form and cannot directly identify you.

1.2 No account data

TRAININGG does not require registration or user accounts. No names, emails, or payment data are collected directly by us.
All payments and billing information are handled solely by Apple or Google under their respective privacy policies.

1.3 Third-party SDKs

The App uses the following third-party services for functionality and diagnostics:

Provider	Purpose	Policy
Google Firebase Analytics	Anonymous usage analytics	firebase.google.com/support/privacy
Firebase Crashlytics	App stability & crash diagnostics	firebase.google.com/support/privacy
Expo Services	Build and update delivery	expo.dev/privacy
RevenueCat	Subscription validation (App Store / Play Store)	revenuecat.com/privacy

Each provider acts as a data processor on our behalf under GDPR-compliant agreements.

Purpose	Legal Basis	Details
App functionality, subscription validation	Art. 6 (1)(b) GDPR – performance of a contract	Required to deliver core App features you request.
Analytics & crash diagnostics	Art. 6 (1)(f) GDPR – legitimate interest	Helps improve reliability and usability; minimal privacy impact.
Security and fraud prevention	Art. 6 (1)(f) GDPR – legitimate interest	Detect and prevent misuse or unauthorized access.
Legal compliance	Art. 6 (1)(c) GDPR	Where necessary to comply with EU or national law.

We do not send marketing communications or perform profiling or automated decision-making.

3. Children’s Privacy

The App is not directed to children under 16 in the EU (or under 13 in the U.S.).
We do not knowingly collect personal data from minors.
If you believe your child has provided information, please contact [email protected] and we will promptly delete it.

We may share limited data:

With processors listed in § 1.3 for analytics, crash logs, and subscription validation
With authorities, where required by law or court order
For business continuity, in case of merger, acquisition, or restructuring (with same privacy safeguards)

We do not sell or rent personal data to any third party.

5. International Transfers

Firebase, Expo, and RevenueCat may process data on servers located outside the EU/EEA (e.g., in the U.S.).
Transfers occur under appropriate safeguards such as EU Standard Contractual Clauses (SCCs) and Google’s Data Processing Addendum.
By using the App, you acknowledge that such cross-border transfers may occur in compliance with applicable law.

6. Retention Periods

Data Type	Retention
Crash & analytics logs	≤ 14 months (Firebase default)
Subscription validation data	For the duration of your active purchase + 90 days
Device information	Rotated / aggregated after 30 days
Support inquiries (if any)	Up to 12 months after resolution

After these periods, data is deleted or anonymized.

You have the right to:

Access your personal data (Art. 15 GDPR)
Rectify inaccurate data (Art. 16)
Erase your data (“right to be forgotten”, Art. 17)
Restrict / Object to processing (Art. 18–21)
Data Portability (Art. 20)
File a complaint with a data protection authority (e.g., Bavarian DPA or your local authority)

For LGPD (Brazil) users, equivalent rights apply under Arts. 17–22 LGPD.
Requests can be sent to [email protected]; we respond within 30 days.

8. California Privacy (CCPA / CPRA)

For residents of California:

We do not sell personal information.
You may request access or deletion of information we hold about your device.
We will not discriminate against you for exercising your rights.

Submit requests by emailing [email protected] with the subject “CCPA Request”.
We will verify the request before fulfilling it.

9. Data Security

We use industry-standard safeguards including:

Encrypted network transport (HTTPS / TLS)
Access controls and authentication within Firebase
Limited staff access to aggregated data only
Regular security patching and SDK updates

While we strive for full protection, no system can guarantee absolute security.
In case of a data incident, we will notify affected users and authorities as required by law.

10. Data Deletion & Opt-Out

You may stop all collection by uninstalling the App.
If you wish to delete residual diagnostic data, contact [email protected] specifying your device ID or purchase ID.
We will erase identifiable records within 30 days unless retention is required by law.

11. Updates to this Policy

We may update this Privacy Policy from time to time (for example, if we add SDKs or change processors).
The updated version will be published at https://www.trainin.gg/app/privacy.
Where required by law or if changes are material, we will notify you in-app or by email before the new policy takes effect.

Last updated: 1 November 2025

12. Contact

Questions, requests, or complaints regarding privacy can be sent to:

Nico Ettlinger – Digital Solutions
Am Seeacker 19 • 93326 Abensberg • Germany
Email: [email protected]

If you believe your data protection rights have been violated, you also have the right to contact your local supervisory authority.