English
Niveau wählen
Rechtliches

Datenschutzerklärung

Letzte Aktualisierung:

> **ℹ️ Translation notice:** This is a translation provided for convenience. The legally binding version is the German original at [v-iz.de/de/legal/datenschutz](/de/legal/datenschutz).

Last updated: 1 May 2026

This Privacy Policy describes how V‑IZ ("we", "us") collects, uses and shares your personal data when you visit our website (v-iz.de) and web application (app.v-iz.de), use our mobile app (iOS / Android) or use our Services. Within the meaning of the General Data Protection Regulation (GDPR), V‑IZ is the "Controller".

Controller within the meaning of the GDPR:
V‑IZ Video-Integrationszentrum
Owner: Fuat Karacocuk
S 3, 2A
68161 Mannheim
Germany
E-mail: info@v-iz.de

1. WHAT DATA WE COLLECT
Depending on how you use our Services (website or app), we collect different types of data.

1.1 Data you provide

  • Account information & order data: name, e-mail address, password, as well as shipping and billing address (for physical orders via the web shop).
  • Communication: contents of support requests or feedback.
  • Practice data (AI): texts you enter for correction, audio recordings for pronunciation exercises, photos of handwritten letters (for premium/ultimate).

1.2 Automatically collected data (app & website)

  • Usage data: learning progress, completed lessons, exam results, token balance.
  • Device information & logs: device model, operating system, IP address, time zone, unique device identifiers (device IDs) and crash logs. This data is technically required to provide the app stably and to prevent abuse (e.g. account sharing).
  • Transaction data: purchase history, subscription status and expiry dates.

1.3 Data from payments & in-app purchases
Website (v-iz.de): For orders via our website (V‑IZ Subscription, accompanying books), your payment data (e.g. credit card number, IBAN, PayPal account) is not stored by V‑IZ but processed directly by our payment service provider Stripe (Stripe Payments Europe Limited, Ireland). We receive from Stripe only the information necessary for contract performance, such as a payment confirmation, the subscription status signal and billing data for creating your receipts.
Trial-specific customer metadata: Upon first conclusion of a V‑IZ Subscription with the 7-day trial, we set the metadata had_trial: true on the Stripe customer object. This metadata prevents the same person from using the 7-day trial multiple times (see Section 8 on automated decision pursuant to Art. 22 GDPR). Only the e-mail address and the Stripe customer fingerprint are processed for this.
Mobile app (iOS / Android): If you make in-app purchases (e.g. feature-specific subscriptions, tokens), the payment data is not processed by us but directly by Apple (App Store) or Google (Play Store) as independent controllers. We receive only a technical confirmation via RevenueCat (see Clause 5.2) for synchronising your account status.

1.4 Minors
Our Services are aimed in principle at persons aged 18 and over. For minors, we require the consent of legal guardians.

2. ACCESS TO DEVICE FUNCTIONS (PERMISSIONS)
For the app to function fully, we need access to certain hardware components. You can manage these permissions in the settings of your device.

  • Microphone: Required for pronunciation training and dialogue simulations. Audio recordings are sent to our AI service providers (see Clause 5.2) for speech analysis. The recordings are not permanently stored by us; only the analysis result (e.g. pronunciation rating, correction notes) is associated with your learning progress and stored in our database. At the AI provider, the audio data may remain briefly for abuse detection (see Clause 5.2).
  • Camera/Photo gallery: Required (for premium/ultimate) to upload photos of handwritten letters for correction. The images are stored in our Supabase database and sent to our AI service providers (e.g. Google Gemini) for content analysis. The images remain associated with your account until you delete them or your account.

3. COOKIES AND TRACKING
3.1 On the website: We use cookies and similar technologies to provide the website and the web application (e.g. login, session management, security, cookie settings) and — if you have consented via our cookie banner — for reach measurement and marketing.
3.2 In the mobile app: We use technologies to monitor app stability and to store your learning progress. Tracking for advertising purposes only takes place if you have explicitly consented (e.g. via App Tracking Transparency on iOS).
3.3 Withdrawal: You can revoke or change your consents at any time via the "Cookie Settings" link in the website footer or the system settings of your device.

4. HOW WE USE YOUR DATA (PURPOSE & LEGAL BASIS)
We process your data on the basis of the GDPR for the following purposes:

  • Performance of contract (Art. 6(1)(b) GDPR): provision of the course, shipping of the accompanying books, synchronisation of learning progress, performance of AI corrections, management of your V‑IZ Subscription and payment processing.
  • Legitimate interest (Art. 6(1)(f) GDPR): prevention of fraud and account sharing (device tracking), prevention of trial abuse through multiple registrations (e-mail and Stripe customer fingerprint matching, had_trial metadata check before checkout), improvement of app stability (error logs), IT security.
  • Consent (Art. 6(1)(a) GDPR): for optional marketing newsletters, reach analysis and advertising tracking (see Clause 5.2) as well as specific device access.
  • Legal obligation (Art. 6(1)(c) GDPR): retention of tax data (invoices).

The provision of certain data (in particular account/login data and delivery addresses for physical products) is necessary for the use of the app/Services or for delivery; without this data we cannot provide the Services.

5. SHARING WITH THIRD PARTIES & TECHNICAL INFRASTRUCTURE
We use specialised service providers. Insofar as they process data on our behalf, we have concluded data processing agreements (DPAs) pursuant to Art. 28 GDPR.

5.1 Categories of recipients
Recipients of your data are in particular hosting providers, shipping providers, payment providers, database services, AI providers, analytics and advertising services and e-mail dispatch services.

5.2 Specific services

  • Payment service provider (Stripe): Stripe Payments Europe Limited (Ireland) handles all card payments, SEPA Direct Debits, wallet payments (Apple Pay, Google Pay) and recurring subscription payments for us. With regard to payment data, Stripe is an independent controller; we receive technical confirmations, subscription status signals and billing data. Stripe privacy notice: https://stripe.com/de/privacy.
  • Shipping providers: To deliver physical accompanying books, we share your name and delivery address with the contracted shipping company (DHL).
  • Database & authentication (Supabase): Supabase Inc. (USA) provides our backend for user accounts, login (magic-link / password) and learning progress.
  • Hosting (Netlify): Netlify Inc. (USA) hosts our website and web application.
  • In-app subscription management (RevenueCat): RevenueCat Inc. (USA) manages the synchronisation of in-app subscriptions concluded via Apple App Store and Google Play Store with your V‑IZ account. Processed are in particular app-store transaction IDs, subscription status and device identifiers.
  • E-mail dispatch (Resend): Resend (Resend Inc., USA) sends transactional e-mails such as order confirmations, login links, invoices and reminders on our behalf. Processed are your e-mail address, your name and any order information.
  • AI services (e.g. OpenAI): For text and speech analyses in our AI trainer features, we use API interfaces. Your inputs are sent to the respective provider. According to the respective API data policies, the data is in principle not used for training the AI models, but may be stored briefly at the provider for abuse detection.
  • Microsoft Clarity (analytics): To analyse user behaviour and improve our website, we use Microsoft Clarity (Microsoft Ireland Operations Limited). Clarity creates session recordings (mouse movements, clicks, scroll behaviour) and heatmaps. Sensitive input fields are automatically masked. Processing only takes place after your consent via our cookie banner (Art. 6(1)(a) GDPR). More information: https://privacy.microsoft.com/de-de/privacystatement
  • Google Ads & conversion tracking: We use Google Ads (Google Ireland Limited) to advertise our offers and for conversion tracking. When visiting our website via a Google ad, a cookie for conversion measurement is set. Data on click and conversion events as well as on your device and browser environment are transmitted to Google. Processing takes place only after your consent (Art. 6(1)(a) GDPR). More information: https://policies.google.com/privacy
  • Meta Pixel (Facebook/Instagram): We use the Meta Pixel (Meta Platforms Ireland Limited) to measure the effectiveness of our advertising campaigns on Facebook and Instagram and for remarketing. The pixel transmits information about your visit and interactions (e.g. registrations) to Meta. Meta and V‑IZ are joint controllers within the meaning of Art. 26 GDPR with regard to the collection and transmission of this data. Processing only takes place after your express consent (Art. 6(1)(a) GDPR). More information: https://www.facebook.com/privacy/policy

6. INTERNATIONAL DATA TRANSFERS
Some of our service providers (e.g. Supabase, Netlify, Resend, RevenueCat, OpenAI, Google, Meta, Microsoft) are headquartered or have servers in the USA. Stripe processes personal payment data primarily within the EU/EEA; however, individual processing steps may also rely on US servers.

  • Insofar as the provider is certified under the EU-U.S. Data Privacy Framework (DPF), we base the transfer on this adequacy decision.
  • Otherwise, we use the Standard Contractual Clauses (SCCs) of the EU Commission and take, where applicable, additional security measures.

7. RETENTION PERIOD
We store data only as long as necessary for the respective purpose:

  • Purchase receipts & invoices: 10 years (statutory retention period).
  • Account data: until deletion of the account by you.
  • Security logs (IP/device IDs): generally deleted or anonymised after 30 days. In case of justified suspicion of abuse (e.g. unauthorised access, fraud), we retain the relevant logs for a maximum of 90 additional days for clarification; after that, deletion or anonymisation takes place.
  • Audio recordings (pronunciation): not permanently stored by us; only the analysis result is retained.
  • Photo uploads (letter correction): remain associated with your account until deletion by you or upon account deletion.
  • Google Ads conversion data: 30 days storage of session/click events for evaluation; thereafter aggregation or deletion.

8. YOUR RIGHTS
Pursuant to the GDPR you have the following rights:

  • Information (Art. 15), correction (Art. 16), deletion (Art. 17).
  • Restriction of processing (Art. 18) and data portability (Art. 20).
  • Right to object (Art. 21): You can object to processing based on legitimate interests at any time.
  • Right to lodge a complaint: You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).
  • Automated decision (Art. 22 GDPR): We use automated procedures in two contexts:
    • Account-sharing detection: We detect typical patterns of account sharing (e.g. unusually many parallel devices, geographically implausible login patterns). In case of suspicion, the account may be temporarily suspended.
    • Trial-eligibility check: Before concluding a V‑IZ Subscription with a 7-day trial, our system automatically checks whether you have already used a trial. For this, a Stripe customer lookup is performed via your e-mail address and a comparison with the customer metadata had_trial. If a previous trial use is determined, the direct purchase flow with immediate billing is offered to you instead of the free trial.
    You have the right at any time to manual review by our support and to set out your view and to challenge the decision.
  • Withdrawal of consent: Insofar as we process data on the basis of your consent, you can revoke this at any time with effect for the future.

Account deletion: You can delete your account at any time independently in your account area (v-iz.de/konto), in our mobile app under "Profile > Delete account" or by e-mail to info@v-iz.de. After deletion, personal data is treated according to Clause 7; invoices are subject to the statutory retention obligation.

9. CONTACT
Controller within the meaning of the GDPR:
V‑IZ Video-Integrationszentrum
Owner: Fuat Karacocuk
S 3, 2A
68161 Mannheim
Germany
E-mail: info@v-iz.de

A data protection officer has not been appointed; under the currently applicable provisions of § 38 BDSG, V‑IZ is not required to appoint one.