ConjuRu
Deutsch English Español

Privacy Policy for ConjuRu

Last updated: 18 July 2026

This English text is a convenience translation. The legally binding version is the German one, available at /privacy.

This privacy policy explains how personal data is processed in the ConjuRu app (the "App").

ConjuRu is a local-first app: you can use it entirely without an account. In that case your learning progress is stored only on your device and is not transmitted to us. We only process personal data on our servers if you voluntarily register and sign in to use the optional cloud synchronisation and premium features.

We show no ads, perform no ad tracking and use no advertising SDKs. To improve the app we only collect anonymous usage statistics without user or device identifiers (see section 2 f).


1. Controller

The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

Buzzword Bingo oHG
Burgstraße 12
80331 Munich
Germany

E-mail: support@conjuru.app


2. What data we process, for what purpose and on what legal basis

a) Use without an account (local only)

If you do not register, your settings, learning progress, statistics and SRS cards are stored on your device only. No transmission to us takes place. The text-to-speech feature, which also runs on your device, works fully offline; no data is sent to us or any third party.

b) User account (registration & sign-in)

To create an account we process:

  • your e-mail address,
  • a password (stored exclusively as a cryptographic hash, never in plain text),
  • an internally assigned account identifier (user ID).

To confirm your e-mail address and for password resets we send you verification codes by e-mail (see processors, section 3).

Sign-in with Google (optional): Alternatively, you can create your account with your Google account or use it to sign in ("Sign in with Google"). In that case Google provides us with your e-mail address and a Google account identifier to link your account; no password is stored with us in this case, and we do not take over any further profile data (e.g. name or profile picture). Google (Google Ireland Ltd. or Google LLC) learns that you sign in to ConjuRu; in addition, Google's privacy policy applies.

Purpose: providing and securing your account. Legal basis: Art. 6(1)(b) GDPR (performance of the user agreement).

c) Cloud synchronisation of your learning data

When you are signed in with an active Premium subscription, we synchronise your learning data across your devices and our server. The following is processed:

  • learning and progress data: statistics, app settings, filters and your daily activity (number of exercises per day),
  • SRS cards: the conjugation forms you practised, with learning metadata (e.g. time of the last review, next due date),
  • each linked to your account identifier.

This data relates exclusively to your learning progress; no special categories of personal data (Art. 9 GDPR) are processed.

Purpose: cross-device synchronisation of your learning state. Legal basis: Art. 6(1)(b) GDPR.

d) Premium subscription / purchases

If you take out a premium subscription, the purchase is handled by the respective app store (Google Play or Apple App Store). The subscription status is managed via our service provider RevenueCat (see section 3). We store your entitlement status (active/inactive), the product identifier, the store, the expiry date and technical event identifiers — linked to your account identifier.

We do not receive full payment data (e.g. credit card numbers); payment processing is handled solely by the respective app store.

Purpose: providing and managing paid features. Legal basis: Art. 6(1)(b) GDPR.

e) Server log data

When accessing our server, log data is generated for technical reasons (e.g. IP address, time of the request, endpoint called) and processed to ensure operation, security and error analysis.

Purpose: secure and stable operation, abuse prevention. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a functional, secure service).

f) Anonymous usage statistics (Aptabase)

To understand which features are used, we collect anonymous usage events (e.g. "app started", "card graded") together with technical context (app version, operating system and its version, language/region setting). Events are recorded without any user or device identifier — only with a random, short-lived session identifier —, contain no learning content and are not linked to your account. Processing takes place on Aptabase's EU instance (see section 3).

Purpose: understanding feature usage, improving the app. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in developing the app). Objection (opt-out): you can disable collection at any time in the app under Settings → Legal → "Anonymous usage statistics"; the setting applies per device and takes effect immediately.


3. Recipients / processors

To provide the service we use carefully selected recipients. They mostly process personal data on our behalf (Art. 28 GDPR); recipients marked as "independent controller" process it under their own responsibility:

Provider Purpose Data processed
Serverpod Cloud (Serverpod, serverpod.space) Hosting of backend and database all server data named in section 2 b–e
AhaSend Sending verification/account e-mails e-mail address, e-mail content
Aptabase (aptabase.com, EU instance) Anonymous usage statistics event data without personal reference (section 2 f)
RevenueCat, Inc. Managing subscriptions/purchases account identifier, purchase/subscription status
Google Ireland Ltd. / Google LLC ("Sign in with Google"; independent controller) Optional sign-in with your Google account e-mail address, Google account identifier
Google LLC (Google Play) / Apple Inc. (App Store) (independent controllers) App distribution and payment processing store-side purchase and device data

Transfer to third countries

Where individual providers process data outside the EU/EEA (in particular US-based providers such as RevenueCat, Google and Apple), this is done on the basis of appropriate safeguards under Art. 44 et seq. GDPR, in particular the EU Standard Contractual Clauses.


4. Retention period

  • Account and synchronisation data: for the duration of your account. If you delete your account, the associated personal data is deleted unless statutory retention obligations apply.
  • Server log data: stored only as long as necessary for the stated purposes and deleted regularly (as a rule within 30 days).
  • Local data on your device remains there until you remove it in the app or by uninstalling.

5. Your rights

Under the GDPR you have the following rights:

  • access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18),
  • data portability (Art. 20),
  • objection to processing based on Art. 6(1)(f) GDPR (Art. 21).

In the app you can also export your data and delete your account. To exercise your rights or for any questions, contact us at support@conjuru.app.

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR), e.g. the Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht).


6. No automated decision-making, no tracking

There is no automated decision-making, including profiling, within the meaning of Art. 22 GDPR. We use no cross-device tracking and no advertising identifiers. The anonymous usage statistics (section 2 f) work without identifiers and do not enable profiling.


7. Minors

The app is not specifically directed at children. Persons under 16 should only create an account with the consent of a parent or guardian.


8. Changes to this privacy policy

We update this privacy policy when the data processing changes. The dated version published here applies in each case.

Privacy Delete account Imprint Contact

© 2026 ConjuRu · Practise Russian verb conjugation.