Skip to content

Auf Deutsch lesen →

Privacy Policy

Effective date: 2026-06-06 (Deutsche Fassung)

Twistik ("the App") is published by the provider named in the Impressum, based in Germany. This policy covers the Twistik apps on both Android and iOS. It explains what data the App processes and how. We have structured the App to minimise data collection wherever possible. The only data that can leave your device is the telemetry described in Section 6 below; it is switched off by default and is collected only after you give your consent, which you can withdraw at any time in the App's Settings.

1. Summary (TL;DR)

The App's core practice features work entirely offline. Only if you give your consent does the App send anonymised crash reports and basic app-usage events to Google's Firebase service for the purpose of diagnosing bugs and understanding version adoption. This is described in detail in Section 6. Telemetry is off until you opt in, and you can withdraw your consent at any time in Settings → Send crash reports.

  • No account system, no login, no password.
  • No advertising, no tracking for advertising, no third-party analytics beyond what Google Firebase collects.
  • No camera, contacts, location, or other sensitive device data.
  • Microphone access is requested only when you tap the in-app recording control. Audio is captured to your device, never uploaded to any server we operate, and you can delete recordings individually or in bulk from Settings → Manage recordings.
  • Favorites, mastered list, voice recordings, preferences, and streak/goal data are stored only on your device.
  • Crash and usage telemetry are collected only with your prior consent and can be switched off again at any time.

2. Data stored on your device

The App stores the following data exclusively on your device, using your platform's local storage (on Android: Room database and DataStore; on iOS: SwiftData and UserDefaults):

  • Preferences: selected practice language, color scheme, theme (light/dark), daily goal, notification settings, your telemetry-consent choice.
  • Favorites: tongue twisters you have marked as favorites.
  • Mastered list: tongue twisters you have marked as mastered, including the date mastered.
  • Streak and activity counters: for the gamification features (current streak, best streak, practice days, daily completion flags).
  • Voice recordings (optional): when you use the in-app recording feature, audio files (M4A format) are saved on your device, by default in the App's private storage. Each twister keeps up to 5 recordings; older ones must be deleted to record new takes. The recordings index (file paths, durations, take metadata) is stored alongside the audio files in the same private database.

This data is stored locally on your device. Every category above except voice recordings is also included in your platform's standard device backup (on Android: Google Play Auto Backup; on iOS: iCloud Backup — see Section 4), so that uninstalling and reinstalling the App on the same store account restores your progress automatically; you can disable that path in your device's system settings. Voice recordings are explicitly excluded from device backup (see Section 4 for why). We do not run our own server-side storage of any of this data.

3. Notifications

If you enable the daily practice reminder, the App schedules local notifications on your device. No data is sent to any server to deliver these notifications; they are generated entirely on-device.

4. Backup & export

Device backup. The App's local data (favorites, mastered list, streak counters, freeze inventory, daily-goal preference, language preference, and onboarding state) is included in your platform's standard device backup — Google Play Auto Backup on Android, iCloud Backup on iOS. Per Google's and Apple's documentation, this data is encrypted, scoped to your store account, counts against your backup quota, and is not viewable by us. When you reinstall the App on a device tied to the same account, your prior data is restored automatically. You can disable backup globally in your device's system settings, or wipe the App's local data immediately via Settings → Reset App Data within the App.

Voice recordings are excluded from device backup. The audio files in the App's recordings folder are deliberately omitted from the backup payload for two reasons: audio would consume your backup quota disproportionately, and recordings are inherently personal artefacts whose content is intended to stay on the device that produced them. If you reinstall the App on a new device or after a wipe, your prior recordings will not return, but everything else (favorites, mastered list, streak, etc.) does. Recordings are also excluded from the App's manual JSON export.

Note on recording metadata: the small index of recordings (filename, twister ID, duration, date) lives in the App's local database and is included in device backup along with the rest of the database. After a restore on a new install, the App detects that the corresponding audio files are not present and removes those orphan index entries on first launch, so the Recordings tab starts empty rather than showing rows that fail to play. No metadata about your recordings is kept in the cloud once this prune completes.

Manual export. Independently of device backup, you can export your favorites, mastered list, and preferences to a JSON file on your device using Settings → Data & Backup. The App itself does not upload these manual exports to any cloud service; only the device-backup path described above sends data off-device.

5. Children's privacy

The App is not designed for or targeted at children under the age of 16. The telemetry described in Section 6 does not knowingly collect data from children. If you are a parent or guardian and believe a child has used the App, you can disable telemetry in the App's Settings and clear all locally-stored data via Settings → Reset App Data. Users in the United States: this App is not directed at children as defined under the Children's Online Privacy Protection Act (COPPA), i.e. children under 13.

6. Third-party data processing (Firebase)

The App uses two Firebase services operated by Google LLC (United States) and Google Ireland Limited (for EEA users):

6.1 Firebase Crashlytics (crash reporting)

When the App crashes or hangs unresponsively, Firebase Crashlytics sends a report to Google for us to diagnose and fix the issue. Each report contains:

  • The crash stack trace and exception type.
  • Device model, manufacturer, and OS version.
  • The App version and build date.
  • A random, per-install Firebase Installation ID (not linked to your store account or other identifiers).
  • Approximate timing of the crash relative to app start.
  • IP address (used transiently for delivery; not stored long-term by Crashlytics).

Crashlytics does not collect: your name, email address, phone number, precise location, contacts, photos, microphone audio, clipboard content, or any tongue twister content from your favorites / mastered list.

6.2 Firebase Analytics (aggregate usage events)

Firebase Analytics collects a minimal set of automatic events so we can scope crash data to specific app versions and understand retention. The events logged are standard mobile-app signals:

  • first_open: the first time the App is launched on a device.
  • session_start / app_open: foreground/background transitions.
  • Device info (model, OS version, App version) and approximate country-level geography derived from the IP address at the time of the event.

The App does not log any custom events, does not track specific screen views, and does not enable any of Firebase Analytics' advertising-related signals. If you withdraw consent in the App's Settings, automatic Analytics collection is disabled via the same Firebase collection flag.

6.3 Legal basis (GDPR & TDDDG)

Because Firebase Crashlytics and Firebase Analytics store and read information on your device (in particular a per-install Firebase Installation ID), this telemetry is not strictly necessary to provide the App, and we therefore obtain your consent before any data is collected, in accordance with § 25 (1) TDDDG (the German transposition of the ePrivacy Directive). The corresponding processing of personal data is based on Article 6 (1)(a) of the GDPR (consent).

Telemetry is switched off on first launch and stays off until you actively opt in. You can withdraw your consent at any time with effect for the future via Settings → Send crash reports; withdrawal does not affect the lawfulness of processing carried out before withdrawal, and it does not affect any of the App's core practice features.

6.4 International data transfer

Firebase servers are operated by Google LLC (United States) and Google Ireland Limited. Where you are in the European Economic Area (EEA) or the United Kingdom, data is transferred to Google's infrastructure including the United States under the European Commission's adequacy decision for the EU-U.S. Data Privacy Framework and Google's Standard Contractual Clauses. Google's privacy policy is available at policies.google.com/privacy.

6.5 Data retention

Crash reports are retained by Firebase Crashlytics according to Google's policies (typically up to 90 days for raw crash data, longer for anonymised aggregated statistics). Firebase Analytics event-level data is retained for a rolling period configured at up to 14 months. We do not request or store any of this data outside of the Firebase console.

6.6 Withdrawing consent

Telemetry is collected only after you opt in (Section 6.3). You can withdraw that consent and switch off Firebase crash reporting and usage events at any time:

  • In the App: Settings → Send crash reports → toggle off. The change takes effect immediately without an app restart.
  • At the device level: you can also control your platform's usage-data collection via your device privacy settings.

Withdrawing consent does not affect any of the App's core practice features.

7. In-app purchases (tips, via RevenueCat)

The App offers optional "tips" — one-time, consumable in-app purchases through which you can voluntarily support development. Tips unlock no features and grant no premium content; the entire App is and remains free. You are never required to buy anything. The purchase itself is processed by Google Play Billing (Android) or Apple StoreKit (iOS): Google or Apple acts as the seller of record, receives the payment, and handles your payment details. We never see or store your payment data (card number, billing address, etc.).

To process the purchase and let a tip survive a reinstall, the App uses RevenueCat, a third-party purchase service operated by RevenueCat, Inc. (United States). When the App initialises and when you make a purchase, the RevenueCat SDK reads:

  • The store's purchase token / receipt.
  • An anonymous user ID generated locally on first launch, not linked to your store account, App email, or any other identifier.
  • Platform identifiers (operating system, app version, device language).

Legal basis. The RevenueCat SDK initialises on every app launch to verify your in-app purchase and entitlement state. This processing is necessary for the performance of the contract for your tip purchase (Art. 6 (1)(b) GDPR). Where no purchase has been made, the minimal platform identifiers sent are processed on the basis of our legitimate interest in maintaining purchase-restore functionality (Art. 6 (1)(f) GDPR).

International transfer. RevenueCat, Inc. is based in the United States. Transfers from the EEA are covered by Standard Contractual Clauses (SCCs) under Art. 46 (2)(c) GDPR. See RevenueCat's privacy policy for details: revenuecat.com/privacy.

Retention. RevenueCat retains purchase and entitlement records for as long as necessary to support purchase restoration. Consult RevenueCat's privacy policy for their full retention schedule.

RevenueCat returns to the App only the purchase/entitlement state it derives from that receipt. RevenueCat does not receive: your name, email, address, payment details, App content (twisters mastered, recordings, streak history), or any analytics events about how you use the App.

Tips are consumable digital content delivered immediately. A Restore purchases option in Settings re-runs the RevenueCat lookup. Refunds and chargebacks are handled by Google Play / the App Store directly under their respective policies; we have no access to your payment instrument. The consumer-law information on these purchases, including your statutory right of withdrawal and how it lapses on immediate delivery, is set out in the Terms of Service (§ 2).

RevenueCat's privacy policy: https://www.revenuecat.com/privacy.

8. In-app review

The App may invoke your platform's in-app review flow (Google Play In-App Review on Android, Apple's SKStoreReviewController on iOS) so you can rate the App without leaving it. This happens in two situations:

  • Manual: when you tap Settings → Rate this app.
  • Automatic prompt: after sustained use, the App may show a small in-app sheet asking whether you're enjoying it. Only users who indicate enjoyment are taken to the store review flow; users who indicate frustration are offered an email feedback path instead. The prompt has a cooldown after dismissal and stops appearing once you've engaged with either branch. The decision is gated entirely by counters stored on your device (install age, lifetime mastered count, current streak, dismissal count), none of which are sent off-device.

The review flow itself is rendered by the platform store, not by us. Your interaction with that flow (the star rating and any written review) is handled by Google or Apple and visible to us only as part of the aggregate store rating distribution. We do not receive individual ratings or review text linked to a user. The store provider's privacy policy applies to your use of the review flow.

9. AI-generated content

Some tongue twister content (particularly in Japanese) was generated during App development using artificial intelligence (Claude by Anthropic), following structured linguistic templates derived from traditional phonetic patterns. This generation happened offline during the development process. No AI service is contacted while you use the App, and no user data was involved in the content generation.

10. Your rights under GDPR

Where the GDPR applies, you have the following rights with respect to your personal data:

  • Access (Art. 15): request a copy of the data we process about you. Because the App does not maintain any user identifier beyond the per-install Firebase Installation ID, we cannot correlate crash reports to an individual by name or email, but we will provide whatever is linked to the Installation ID if you send it to us.
  • Rectification (Art. 16): request correction of inaccurate data. In practice this applies only to data you have provided, which is minimal.
  • Erasure (Art. 17): request deletion. You can delete all locally-stored data via Settings → Reset App Data. For data held by Firebase, contact us (see Section 12) with your Firebase Installation ID and we will request deletion via the Firebase console.
  • Restriction (Art. 18), portability (Art. 20), objection (Art. 21): contact us to exercise these rights.
  • Withdraw consent (Art. 7(3)): where processing is based on your consent (Section 6.3), you can withdraw it at any time with effect for the future via the Settings toggle (Section 6.6), which is the most effective way to stop all telemetry collection immediately.
  • Complaint to a supervisory authority: you have the right to lodge a complaint with your local data protection authority if you believe the processing is unlawful.

10a. California residents (CCPA/CPRA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA). We do not sell your personal information. Crash and usage telemetry (Section 6) is collected only with your consent and is not used for cross-context behavioral advertising. To exercise CCPA rights, contact: contact@twistik.app.

10b. Online dispute resolution (EU)

The European Commission provides an online dispute resolution (ODR) platform: https://ec.europa.eu/consumers/odr. Our email address: contact@twistik.app. We are neither willing nor obliged to participate in dispute resolution proceedings before a consumer arbitration board.

11. Changes to this policy

If we make material changes to this privacy policy, the updated version will be included in a future App update and published here, and the effective date at the top of this page will be revised accordingly.

12. Contact

If you have questions about this privacy policy or wish to exercise your data-subject rights, please contact:
Email: contact@twistik.app

13. Website infrastructure

The Twistik website (twistik.app) is served via Cloudflare Workers (Cloudflare, Inc., United States). When you visit the website, your IP address is processed by Cloudflare's network infrastructure for the purpose of delivering pages to you. Cloudflare acts as a data processor under a Data Processing Agreement with us. No cookies are set by this website. Cloudflare's privacy policy: cloudflare.com/privacypolicy.

Last updated: 2026-06-06