|

Privacy Policy – LexiLock

Last Updated: March 30, 2026

1. Responsible Party

Empressia d.o.o – Branch Office Germany
Diemshoff 38, 48282 Emsdetten, Germany
E-Mail: lexilock.app@gmail.com

Website: lexilock.com

Register Entry:
Registered in the Commercial Register of the Commercial Court of Split (Croatia)
Registration number: (HR) 060305839

Responsible for content according to § 55 Abs. 2 RStV:
Marvin Vrdoljak, Diemshoff 38, 48282 Emsdetten

2. Overview: What LexiLock Does (and Doesn't Do)

LexiLock is designed so that learning content and usage data for vocabulary queries are generally stored locally on your device. We do not receive vocabulary answers, learning progress, or content you edit in the app on our own servers.

However, there are three technical areas where data may be transmitted to service providers:

  • Tracking/Analytics via PostHog (for usage statistics and product improvement)
  • Error monitoring & diagnostics via Sentry (for technical app stability)
  • Subscription/Purchase Management via RevenueCat (for assignment of in-app purchases/subscriptions)

3. Local Data Processing on Your Device

The app stores in particular (depending on usage) locally:

  • Selected decks / settings
  • Learning progress / history (e.g. which vocabulary items have already been seen)

This data remains on your device and can be deleted by uninstalling the app or via the system settings.

4. Tracking & Usage Analytics (PostHog)

We use PostHog (posthog.com) to statistically evaluate app usage and improve the product.

What data do we process?
We only collect data categories that are needed for product analytics and onboarding:

  • Learning profile data you provide: age range, learning language, native language, learning-language proficiency, and your stated motivation/goals for using LexiLock.
  • PostHog technical default metadata: for example app/device information, operating system, screen size, timezone, approximate IP-based location (e.g. country/city), and a technical event/device ID.

We do not collect your vocabulary-answer content, user-entered learning content, or special-category sensitive data for analytics.

Purpose: Usage analytics, troubleshooting, quality improvement, and better product decisions.

Legal basis: Art. 6 Para. 1 lit. f GDPR (legitimate interest in app optimization) or – if required by design/integration – consent according to Art. 6 Para. 1 lit. a GDPR in connection with § 25 TTDSG.

Recipient: PostHog (service provider).
Third country transfer: Depending on the PostHog setup, processing in third countries cannot be fully excluded.

Objection/Opt-out:
If you do not want analytics tracking, contact us at lexilock.app@gmail.com. We can restrict or disable future analytics processing where technically possible.

5. Error Monitoring & Diagnostics (Sentry)

We use Sentry (sentry.io) to detect and resolve technical errors and crashes.

What data is processed?

  • Technical error information (error messages, stack traces)
  • Device information (operating system, app version, device type)
  • An anonymous session ID

We use Session Replay exclusively in error cases. All text and user input is masked by default — no vocabulary content or user input is transmitted.

Purpose: Technical error diagnosis and app stability improvement.

Legal basis: Art. 6 Para. 1 lit. f GDPR (legitimate interest in stable app operation).

Recipient: Functional Software, Inc. (Sentry), USA.
Third country transfer: Sentry processes data in the USA. Transfer is based on EU Standard Contractual Clauses (Art. 46 Para. 2 lit. c GDPR).

6. Subscriptions & In-App Purchases (RevenueCat)

We use RevenueCat to manage subscriptions.

What data is processed?

  • An (by default) anonymous App User ID / Customer ID for subscription recognition
  • Store information (Apple App Store / Google Play) and subscription status (e.g. active/cancelled)
  • Country/Region: RevenueCat shows "Country" based on the last determined IP country, with IP not being permanently stored according to documentation.
  • Payment data: Payment processing is handled via Apple/Google. We do not receive complete payment data (e.g. credit card numbers).

Purpose: Contract performance, subscription status, entitlements/unlocks.
Legal basis: Art. 6 Para. 1 lit. b GDPR (contract performance).

7. Permissions (Screen Time & Push)

LexiLock may (optionally) request permissions:

  • Screen Time / Usage Restrictions: only required if you use the blocking/focus function.
  • Push Notifications: only if you enable reminders/notifications.

You can revoke permissions at any time in your device settings. Without permissions, the app remains basically usable, but individual features may be limited.

8. Website (lexilock.com) & Hosting

The website is hosted with Hostinger. When you access a website, server log data is technically generated (e.g. IP address, time, requested page, user agent) to ensure operation and security.

Cookies/Tracking on the website: You indicate that no tracking tools are used and no cookies are set for analytics/marketing purposes.

Legal basis: Art. 6 Para. 1 lit. f GDPR (legitimate interest in secure operation of the website).

9. Data Sharing

Data is only shared to the extent necessary for the described purposes, in particular to:

  • PostHog (Analytics)
  • Sentry (Error monitoring/diagnostics)
  • RevenueCat (Subscription management)
  • Apple / Google (App Store, purchase processing)

10. Storage Duration

  • Local app data: Until deletion by you (e.g. app uninstallation).
  • Analytics data: According to PostHog retention settings and only as long as required for the purposes listed above.
  • Diagnostic data: According to Sentry retention settings and only as long as required for error diagnosis.
  • Subscription data: As long as required for contract processing/documentation (RevenueCat/Stores).

11. Rights of Data Subjects

You have the right at any time to:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction (Art. 18 GDPR)
  • Data Portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR)

Contact: lexilock.app@gmail.com

12. Child Data Protection

LexiLock can be used by children. If processing must be based on consent (e.g. depending on tracking configuration), parental consent may be required in certain cases.

13. Changes

We may modify this Privacy Policy (e.g. due to feature changes or new service providers). The current version will be made available in the app or on the website.