Remembly

Privacy Policy

Effective as of: September 12, 2025

This Privacy Policy explains how Remembly, [Esterbergstraße 40, 81377 München], Germany ("Remembly", "we") collects, processes, and uses your personal data when you use the “Remembly” software application (the "App"). Protecting your data is a high priority for us. We process your data solely within the scope of applicable law, in particular the GDPR and the BDSG.

1. What data we collect
  • Account information: Name, email address, passwords (encrypted), and sign-in identifiers. Authentication is handled via Google Firebase; your login credentials are processed there.
  • Usage data: IP address, device information (device type, operating system, browser type), access times, log files, app version, and other technical data required to provide and improve the App.
  • Content: Text, files, links, and other information that you store or upload in the App.
  • Cookies and similar technologies: We use cookies, local storage, and similar technologies to enable your sign-in, improve the user experience, analyze usage, and ensure security. You can restrict their use in your device settings; this may impair functionality.
2. How we use your data
  • To provide and operate the App (set up accounts, enable access, store content, manage subscriptions, provide support).
  • To process payments and subscriptions via app stores and RevenueCat.
  • To improve performance and security of the App, fix errors, and develop new features.
  • To communicate regarding inquiries, important notices, and product updates.
  • To comply with legal obligations (e.g., tax/commercial retention).
3. Legal bases for processing (EU/EEA)

We process personal data depending on the purpose based on performance of a contract (Art. 6(1)(b) GDPR), legal obligations (Art. 6(1)(c) GDPR), our legitimate interests (Art. 6(1)(f) GDPR), or your consent (Art. 6(1)(a) GDPR). You may withdraw your consent at any time with effect for the future.

4. Data storage and international transfers

Authentication and data storage are provided via Google Firebase (Cloud Firestore). Data may be processed in countries outside the EEA, in particular the United States. For transfers to third countries, we use recognized safeguards (e.g., the EU Commission’s Standard Contractual Clauses) to ensure an adequate level of data protection.

5. Data retention

We retain personal data only as long as necessary for the purposes described or as required by law. Account and content data are deleted or anonymized no later than 30 days after you delete your account, unless legal obligations prevent this. Usage data are generally stored for 90 days and then aggregated or anonymized.

6. Data sharing
  • Service providers: We share data with third parties only where permitted by law or with your consent. Recipients include, among others, Google Firebase (Cloud Firestore) for storage/management of data (processor; transfers based on Standard Contractual Clauses), app store operators (Apple App Store, Google Play Store), and RevenueCat for subscription billing and management.
  • Legal requirements: We may share data to comply with laws, regulatory requests, or legal proceedings, or to enforce our rights.
  • Business transfers: In the event of a merger, acquisition, or (partial) sale of assets, data may be transferred; this Privacy Policy will continue to apply to that information.
  • We do not sell or rent your personal data for marketing purposes.
7. Data security

We implement appropriate technical and organizational measures (including encryption in transit, access restrictions, regular security reviews) to protect your data against loss, misuse, or unauthorized access. However, no method is 100% secure; we cannot guarantee absolute security. Please keep your login credentials confidential and notify us if you suspect unauthorized access.

8. Your rights
  • EU/EEA data subjects: You have the rights of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and objection (Art. 21). You may withdraw consent at any time. You also have the right to lodge a complaint with a supervisory authority; the authority competent for our registered office is the Hamburg Commissioner for Data Protection and Freedom of Information.
  • California residents (CCPA): To the extent applicable, you have rights to access, deletion, and to opt out of certain disclosures.
  • Other countries: Depending on your place of residence, additional rights under local law may apply.
  • To exercise your rights, contact us at: contact@remembly.app.
9. Children’s privacy

The App is not directed to individuals under 16. We do not knowingly collect data from minors under 16. If data of minors have been transmitted to us without appropriate consent, we will delete them without delay.

10. Changes to this Privacy Policy

The current version is available in the App and on our website. In the event of material changes, we will inform you by email or within the App. Continued use after the effective date constitutes your acceptance.

11. Contact

Controller: Remembly, [Esterbergstraße 40, 81377 München], Germany. For privacy inquiries, you can reach us by email at contact@remembly.app.

Last updated: September 12, 2025