# Privacy Policy for ThinkPool Last Updated: 2025-09-13 1. Introduction Welcome to ThinkPool! This Privacy Policy explains how Roman Koch ("we," "us," or "our") collects, uses, and discloses information about you when you use our mobile application and website (collectively, the "Service"). We are committed to protecting your privacy. We encourage you to read this policy carefully to understand what we do with your information. 2. Data Controller The data controller responsible for your information is: Roman Koch Martin-Opitz-Str. 14 13357 Berlin, Germany Email: apps@romankoch.online 3. Information We Collect We collect the following types of information to provide and improve our Service: - Information You Provide Directly:** - - Voice Recordings and Transcriptions:** When you use the voice capture feature, we process your voice recordings to create transcriptions. This may include any personal information you voluntarily speak. - - User Content:** We collect the notes, tasks, and shopping lists you create and manage within the app. - Information We Collect Automatically:** - - Anonymized Usage Data:** We collect anonymized and aggregated data about your interactions with the Service. This includes information like session duration, features used, and crash reports. This data does not contain the content of your voice recordings, notes, tasks, or shopping lists and cannot be used to identify you personally. 4. How We Use Your Information We use the information we collect for the following purposes: - To Provide and Maintain the Service:** We use your voice recordings and transcriptions to provide the core functionality of the app, such as converting your speech into organized notes and lists. - To Improve the Service:** We use the anonymized usage data to understand how our users interact with ThinkPool, which helps us to improve the user experience, develop new features, and fix errors. - To Provide Customer Support:** If you contact us for support, we may use your information to respond to your inquiries. 5. Legal Basis for Processing We process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR): - Consent (Art. 6(1)(a) GDPR):** We process your voice recordings and transcriptions based on your explicit consent, which you provide when you use the voice capture feature. - Legitimate Interest (Art. 6(1)(f) GDPR):** We process anonymized usage data for our legitimate interest in improving and maintaining our Service. We have balanced this interest against your rights and freedoms and have determined that our use of this data has a minimal impact on your privacy. 6. Data Retention We retain your personal data for the following periods: - Voice Recordings:** We delete your voice recordings immediately after they have been transcribed. - User Content:** We retain your notes, tasks, and shopping lists for as long as you use the Service or until you delete them. - Anonymized Usage Data:** We retain anonymized usage data for a maximum of 24 months. 7. Data Security We take the security of your data seriously and have implemented appropriate technical and organizational measures to protect it from unauthorized access, disclosure, alteration, and destruction. These measures include: - Encryption:** We encrypt your data in transit and at rest. - Access Controls:** We restrict access to your personal data to authorized personnel only. 8. Third-Party Processors We may use third-party service providers to assist us in providing and improving the Service. These providers may have access to your personal data but are contractually obligated to protect it and use it only for the purposes for which we have engaged them. We may use third-party providers for the following services: - Transcription Services** - Cloud Storage** - Analytics Services** 9. International Data Transfers If we transfer your personal data to a third party located outside of the European Economic Area (EEA), we will ensure that the transfer is lawful and that your data is adequately protected. We will do this by using Standard Contractual Clauses (SCCs) as approved by the European Commission. 10. Your Rights Under the GDPR, you have the following rights with respect to your personal data: - Right of Access:** You have the right to request a copy of the personal data we hold about you. - Right of Rectification:** You have the right to have any inaccurate or incomplete personal data corrected. - Right to Erasure (“Right to be Forgotten”):** You have the right to request that we delete your personal data. - Right to Restrict Processing:** You have the right to request that we restrict the processing of your personal data. - Right to Data Portability:** You have the right to receive your personal data in a structured, commonly used, and machine-readable format. - Right to Object:** You have the right to object to the processing of your personal data. - Right to Withdraw Consent:** Where we process your data based on your consent, you have the right to withdraw that consent at any time. 11. How to Exercise Your Rights You can exercise your rights by contacting us at apps@romankoch.online. We will respond to your request within one month. 12. Children’s Privacy Our Service is not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information. 13. Changes to This Privacy Policy We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this policy. We encourage you to review this Privacy Policy periodically for any changes. ## 14. Contact Us If you have any questions about this Privacy Policy or our data practices, please contact us at: Email: apps@romankoch.online