Privacy Policy for Let's Glow

Version 2.19 – Effective: May 29, 2026

Your trust is important to us. This Privacy Policy provides comprehensive information about the personal data we collect, for what purposes, on what legal basis, and what rights you have. Please read it carefully. If you have any questions, you can contact us at any time.

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

Johannes Reusch Heinrich-Heine-Platz 9A 10179 Berlin, Germany

Email: support@lets-glow.de Phone: +49 30 54858929

Josefine Patzelt is co-founder of Let's Glow.

For data protection inquiries, please contact us at the email address above.

2. Overview – Our Principles

Data Minimization: We only collect data that is actually necessary for the operation of the app.
Transparency: You can view at any time what data we have stored about you.
Control: You can edit, export, or completely delete your data at any time.
Security: All data is transmitted encrypted and stored on servers within the EU.
No Selling: We do not sell your data to third parties.

3. Minimum Age

Use of Let's Glow currently requires a minimum age of 18 years. We do not knowingly collect data from individuals under 18. If we become aware that an underage person has created an account, we will promptly delete it.

The minimum age of 18 is a voluntary safeguard during the platform's launch phase. We intend to lower the minimum age once our safety mechanisms and moderation systems are sufficiently mature.

4. What Data We Collect

4.1 Account Data (upon registration)

Email address
Display name
Phone number (when signing in via phone)
Avatar (selectable from predefined avatars, no personal photo)
Authentication method (Google Sign-In, Apple Sign-In, or phone number)
Firebase Auth UID (unique user identifier)
Date of birth (for age verification pursuant to § 24a JuSchG; see § 3 Minimum Age and TOS § 2). The date of birth is not publicly displayed.

4.2 Profile Data (within the app)

Game profile and character:

Character selection and character values
Selected avatar and avatar customization (position, scale, rotation)
Selected background
Interests, interest categories, sub-interests
Strengths (VIA character strengths), Self-Determination Theory types (SDT)
Profile title and short description (free text)
Position on the game map (avatar position, current world, time of last move)

Game progress:

Level, XP (experience points), Karma, Streak
Streak values: current streak, best streak, weekly streak, Spark streak (months as a Spark)
Streak protection shields
Stars (in-game currency; see TOS § 9.4) and energy points
Daily activity counters (e.g. created challenges, rated stacks, "Think-of-You" actions sent) and timestamps of the last respective action
Lists of completed and voted challenges (as challenge IDs)

Account status and roles (internal management):

Onboarding status, account creation status
Personality switch status
Tutorial status (seen yes/no, version seen)
Banned status with reason, timestamp, and expiration date (in case of policy violations)
Roles list (e.g. user, admin, provider, supporter)

Inventory and collection:

Inventory items
Unlocked avatars, backgrounds, worlds
Discovered items, newly acquired items, sort order

Advertising and paid extensions:

Advertising activation status (depends on your ATT/UMP consent; see § 6.6 Google AdMob)
Extended Mode status: activation, activation timestamp, expiration date, auto-renewal, source (e.g. Stars use or advertising)
Spark status (see § 4.10) — subscription activation, platform, chosen display (Glow/Badge)

Settings and preferences:

Language, Dark Mode
Audio settings, text scaling, haptics settings
Display configuration (e.g. inventory options)
Notification preferences (which push notifications + which email types you wish to receive, including newsletter consent — default "off")
Visibility settings (see § 4.2a)

4.2a Visibility and Profile Settings

Let's Glow gives you granular control over who can see your profile and interact with you. The following settings are stored in your user profile and can be changed at any time in the app settings:

Community Visibility: Defines the group of people for whom your profile appears in friend suggestions, the community page and other discovery surfaces. Selectable: Friends Only / Friends of Friends / Entire Community. You can switch to a more restrictive setting at any time; loosening the visibility (e.g. from "Friends" to "Everyone") is, for protective reasons, possible only once per 24 hours.
Panic Mode: For moments when you feel uncomfortable, you can remove yourself from all suggestions, search results and community lists with a single click. The mode is reciprocal: while you are invisible, you also do not see suggestions yourself (symmetry rule). Existing friends remain unaffected. When activating, we offer to create a support ticket so our team can check in with you to make sure everything is okay (checkbox enabled by default, can be unchecked). Panic Mode automatically deactivates after 24 hours but can be ended manually at any time. Activatable once per 24 hours.
Activity Time Display: Your exact activity time ("Online", "Active X minutes ago") is only shown to your friends. Unknown users see only rough buckets ("Active this week", "Active this month").
Block Lists: See § 4.4 and § 9.2.

These settings implement Privacy by Design and by Default (GDPR Art. 25). The optional support ticket creation triggered by Panic Mode is described in § 4.7 (Support Data).

4.3 User-Generated Content

Posts (text, images) — displayed in the community feed
Challenge photos (taken with your device camera or selected from your photo library – your camera is used exclusively for creating challenge posts). We will inform you in the app about this purpose before the first camera access. When uploading, challenge photos are compressed and re-encoded. This process automatically removes photo metadata (EXIF data such as camera model, capture date, or GPS coordinates).
Team images (avatar/banner for teams, optional). When uploading, team images are compressed and re-encoded like challenge photos — photo metadata (EXIF data such as camera model, capture date, or GPS coordinates) is automatically removed in the process.
Bug-report screenshots — when triggering the auto-bug-report from the Branded Error Screen, a screenshot of the app view is created and transmitted to our support team with your consent (storage path: users/{uid}/uploads/screenshots/). You can cancel the bug report at any time.
Challenges (created and completed)
Comments
Direct messages between users (in-app chat)
Team memberships

4.4 Social Interaction Data

Blocked users (block lists)
Reports about other users or content
Ban status and ban history (in case of policy violations)

4.5 Usage Data (automatically collected)

App usage statistics (Firebase Analytics): page views, interactions, feature usage
Crash and error reports (Firebase Crashlytics): device information, operating system, app version, stack traces
Performance data (Firebase Performance Monitoring): loading times, network latency

4.6 Technical Data

Device type, operating system, app version
IP address (temporary, for authentication and security)
Timestamps of actions
Device ID and device name (SHA-256 hash, for device verification and security, valid for 30 days)

4.7 Support and Optional Diagnostic Data (App Logs)

When submitting support requests, the following data is processed: ticket content (your problem description, contact details), bug reports and feedback messages.

Optional with bug report: Screenshots of the app view (Branded Error Screen auto-bug-report) are created and transmitted with your express consent. You can cancel the bug report at any time.

When you activate Panic Mode (see § 4.2a): with your consent, a support ticket is automatically created so our team can check in with you. The ticket content in this case includes the activation timestamp and a reference to the trigger (Panic Mode); no personal data about the reason is collected. You can opt out of this when activating Panic Mode.

When creating a support ticket, you may optionally also send anonymized diagnostic data (app logs). Before upload, we automatically redact such data (e.g. names, email addresses, IP addresses, and phone numbers are removed). Data is only transmitted if you expressly consent in the app (toggle). Storage: Firebase Cloud Storage, EU only. Retention: 90 days, after which log files are automatically deleted (see section 7.2). Support tickets are retained until resolution + 1 year (documentation obligation).

4.9 Data from Third-Party Sign-In (GDPR Art. 14)

When you sign in via Apple Sign-In or Google Sign-In, we receive certain data directly from Apple Inc. or Google LLC:

Apple Sign-In: Apple ID, email (potentially as anonymized relay email), name (if shared)
Google Sign-In: Google account ID, email, name, profile picture URL (if provided)

This is based on your consent with Apple/Google pursuant to Art. 14 GDPR. The privacy policies of Apple and Google apply additionally.

4.8 Data We Do NOT Collect

No fitness or health data
No precise GPS coordinates in your profile — when you use the GPS button on the Glow Map, your position is used once to resolve your city and discarded immediately. We only store your city name and the publicly known city center (details in § 4.11). Additionally, our advertising service provider (Google AdMob) may determine your approximate location via your IP address to show you more regionally relevant advertising (see Section 6.6).
No contact lists or phone books
No biometric data
No credit card or banking details (payments are processed via Apple App Store or Google Play Store; Stripe was fully deactivated as an in-app payment method in May 2026, only legacy data of older Stripe transactions is retained for record-keeping purposes — see §6.9). Subscription metadata such as transaction IDs, purchase status, and subscription tier are stored for managing your Spark status.

4.10 Spark Subscription Metadata (when Spark support is active)

If you choose Spark as voluntary support (see TOS § 9.6), we store the following subscription metadata in your profile to manage your Spark status:

Activation status (active / inactive / grace period)
Platform (Apple In-App Purchase / Google Play Billing; Stripe only for legacy transaction records, deactivated since May 2026)
Activation timestamp and expiration date
Platform identifiers (pseudonymous transaction IDs from the stores: original_transaction_id for Apple, purchase_token for Google; for Stripe legacy: subscription_id and customer_id)
RevenueCat App User ID (= your Firebase Auth UID, see § 6.10)
Selected contribution amount (tier in cents, e.g. 199 for EUR 1.99) for display and for statistical analysis of Spark distribution
Spark streak (consecutive months as a Spark, only for the subscription variant)
Spark display settings (glow intensity, badge display — configurable by you)

What we do NOT store: Credit card numbers, IBAN, cardholder name, billing address — this data is processed exclusively by the respective payment provider (Apple / Google / Stripe) and we do not receive it.

Retention: Spark metadata is retained until account deletion. When you delete your account, your pseudonyms at RevenueCat are also deleted (see § 8.1).

4.11 Location Data from the Glow Map (optional)

When you use the "Detect my location" button in the Glow Map or search for your city manually, we store the following city-level data in your user profile to display you on the map and to compute city-level aggregations (e.g. number of active glowers per city):

City name and country (e.g. "Berlin, Germany")
Place ID (Google Place identifier of your city)
City center coordinates (cityCenterLat, cityCenterLng) — the publicly known geo-coordinates of the city itself, not your location within the city
Source (entered via the GPS button or via manual search) and timestamp

What we do NOT store: Your own GPS coordinates. When you use the GPS button, your coordinates are transmitted once to our Cloud Function, sent to the Google Geocoding API (see § 6.7) to obtain the city name and city center, and discarded immediately afterwards. They are neither stored in your profile nor recorded in our logs.

Change history: We maintain a private audit-trail list of your city changes (users/{uid}/homeLocationHistory) containing the same city-level data plus a timestamp. This history is visible only to you (right of access pursuant to GDPR Art. 15) and is fully deleted with your account.

Frequency limit: You may change your stored city at most once per 24 hours. This protects against abuse and requires no additional data collection.

Legal basis: Art. 6(1)(a) GDPR (consent). You may reset your location data at any time via the Glow Map or remove it completely via account deletion.

5. Purpose and Legal Basis of Processing

5.1 Performance of Contract (Art. 6(1)(b) GDPR)

Purpose	Data
Provision and operation of the app	Account data, profile data
Challenge system (creation, completion, tracking)	Challenges, scores, XP, streaks
Team features	Team memberships
User profiles and community	Posts, comments, display name, avatar
Account management (modification, export, deletion)	All account-related data
Email communication (verification, critical actions)	Email address

5.2 Consent (Art. 6(1)(a) GDPR)

Purpose	Data
Firebase Analytics (app usage statistics)	Usage data, device information
Firebase Performance Monitoring	Performance metrics
Firebase Crashlytics (crash reports)	Crash data, device information
Optional diagnostic data (app logs) when contacting support	Anonymized app logs (PII removed before upload)

You may withdraw your consent at any time by adjusting the corresponding settings in the app or by contacting us. A withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

5.3 Legitimate Interest (Art. 6(1)(f) GDPR)

Purpose	Data	Interest
Security and abuse prevention	Login data, IP address, audit logs	Protection of platform and users
Content moderation (reports, blocking, banning)	Reports, block lists, ban data	Safe community, DSA compliance
Audit logging (admin and system actions)	Admin audit logs, system audit logs	Accountability, compliance
Bug fixes and app improvement	Technical data, anonymized usage data	Quality assurance

Note on Firebase Crashlytics: Crashlytics is disabled by default and is only activated after your express consent in the opt-in screen. This is in accordance with § 25 TTDSG (consent before device access). You can withdraw your consent at any time in the app settings.

5.4 Legal Obligation (Art. 6(1)(c) GDPR)

Purpose	Data
Retention of audit logs (documentation obligation)	Admin audit logs, system audit logs
Compliance with regulatory requests	Data required by the specific request

6. Processors and Third-Party Services

We use the following service providers who process personal data on our behalf:

6.1 Google / Firebase (Google Ireland Ltd.)

Service	Purpose	Data
Firebase Authentication	User login (Google/Apple Sign-In)	Email, name, Auth UID
Cloud Firestore	Database (user profiles, challenges, posts, etc.)	All app data
Cloud Storage for Firebase	Media storage (post images, challenge images)	Image files
Firebase Analytics	App usage statistics	Anonymized usage data
Firebase Crashlytics	Crash reports	Crash data, device information
Firebase Performance Monitoring	Loading time and performance analysis	Performance metrics
Firebase Remote Config	Feature flags and configuration	Device ID (anonymized)
Firebase Cloud Functions (Gen2)	Server-side logic	Processing data
Firebase Hosting	Serving web applications	Access data
Firebase Cloud Messaging (FCM)	Push notifications	Device push token, notification payload
Firebase App Check	Device verification and abuse prevention	Device ID (IDFV/DeviceCheck on iOS, Play Integrity on Android)

Storage Location: Region europe-west3 (Frankfurt, Germany) and europe-west1 (Belgium) – both EU Legal Basis for Third-Country Transfer: EU-US Data Privacy Framework (DPF); Standard Contractual Clauses (SCC) DPA: Google Cloud Data Processing Amendment

6.2 Email and SMS

Service	Purpose	Data
Firebase Extension "Trigger Email from Firestore" (via ALL-INKL SMTP, German host)	Transactional emails (verification, PIN codes, notifications)	Email address, email content
Twilio Verify (Twilio Inc., via Firebase Phone Auth)	SMS verification for phone sign-in	Phone number, SMS verification code

Note: Emails are sent via a German host (ALL-INKL). SMS verification runs via Twilio servers in the EU (Ireland). Legal Basis for Third-Country Transfer (Twilio): EU-US Data Privacy Framework (DPF); Standard Contractual Clauses (SCC) DPA: ALL-INKL.COM – Neue Medien Münnich (Data Processing Agreement for email delivery); Twilio Data Protection Addendum (for SMS service)

6.3 AI Service Providers (OpenAI, Anthropic, Google)

We use AI services from OpenAI (OpenAI, L.L.C.), Anthropic (Anthropic PBC), and Google (Google Ireland Ltd. / Google LLC) for content review, categorization, text generation, and image generation. No personal user data is transmitted to these services.

Provider	Purpose	Data
OpenAI	Content review, categorization, text generation	No personal data
Anthropic (Claude)	Content review, categorization	No personal data
Google (Gemini, Imagen)	Content review, image generation	No personal data

Note: No personal user data is transmitted to any of these services. Legal Basis for Third-Country Transfer: EU-US Data Privacy Framework (DPF); Standard Contractual Clauses (SCC) DPA: Respective Data Processing Addendums of each provider

Contractual safeguards against training on user data:

OpenAI: We use store: false in API calls — transmitted data is not used for model training and is deleted after processing.
Anthropic: Default retention 30 days (Anthropic Enterprise Agreement) — exclusively for safety and abuse-prevention purposes.
Google (Gemini, Imagen): API calls are not used for model training (Google Cloud Vertex AI Terms).

6.4 Apple (Apple Inc.)

Service	Purpose	Data
Sign in with Apple	Authentication	Apple ID, email (optional relay), name
Apple In-App Purchase	Payment processing for subscriptions and in-app purchases via the App Store	Transaction ID, purchase receipt. Payment data (credit card etc.) is processed exclusively by Apple — we do not receive any payment data.

Note: Apple may provide an anonymized relay email address. We only receive the data released by the user. For App Store purchases, we only receive a purchase confirmation — no credit card or banking details. Legal basis: Art. 6(1)(b) GDPR (contract performance) Legal basis for third-country transfer: Apple Inc. (USA) is certified under the EU-US Data Privacy Framework (DPF).

6.5 Google (Google Ireland Ltd.)

Service	Purpose	Data
Google Sign-In	Authentication	Google account, email, name
Google Play Billing	Payment processing for subscriptions and in-app purchases via the Google Play Store	Transaction ID, purchase confirmation (Purchase Token). Payment data is processed exclusively by Google — we do not receive any payment data.

Legal basis: Art. 6(1)(b) GDPR (contract performance) Legal basis for third-country transfer: Google LLC (USA) is certified under the EU-US Data Privacy Framework (DPF).

6.6 Google AdMob (Google Ireland Ltd.)

Service	Purpose	Data
Google AdMob	Advertising (banner, interstitial, rewarded ads)	Advertising ID (IDFA/GAID), IP address, approximate location (via IP geolocation), device information, app usage data

Note: AdMob may display personalized or non-personalized ads, depending on your consent. You can disable personalized advertising at any time in the app settings. On iOS, we ask for your permission before using advertising identifiers (App Tracking Transparency). Legal basis: Art. 6(1)(a) GDPR (consent) for personalized advertising; Art. 6(1)(f) GDPR (legitimate interest) for non-personalized advertising Legal basis for third-country transfer: EU-US Data Privacy Framework (DPF) DPA: Google Ads Data Processing Terms

6.7 Google Maps Platform (Google Ireland Ltd.)

Service	Purpose	Data
Google Maps SDK	Map display in the community feature ("Glow Map")	Map tiles, IP address (processed by Google)
Geocoding API (server-side)	Converting coordinates to city names	Coordinates (only when actively using the GPS button)

Note: Google Maps is used exclusively for the optional community map feature. GPS coordinates are only collected when you actively use the location button. Google processes your IP address when loading map tiles. When the Geocoding API is used, our Cloud Function transmits your GPS coordinates once to Google, receives the city name and city center back, and discards your original coordinates afterwards in our backend — they are neither stored in your profile nor logged (see § 4.11). Legal basis: Art. 6(1)(a) GDPR (consent) for the GPS collection; Art. 6(1)(b) GDPR (performance of contract) for the map display Legal basis for third-country transfer: EU-US Data Privacy Framework (DPF)

6.8 Cloudflare (Cloudflare Inc.)

Service	Purpose	Data
Cloudflare Turnstile	Bot protection for web forms (e.g. support request, account deletion on lets-glow.de)	Processing for verification only (no advertising cookies, minimal data); e.g. IP, device signals for risk assessment

Note: Turnstile is used solely for abuse prevention. No personal data is used for advertising purposes. Storage / Legal basis: Cloudflare (US/EU); EU-US Data Privacy Framework (DPF); purpose: legitimate interest (fraud/spam protection, Art. 6(1)(f) GDPR).

6.9 Stripe (Stripe, Inc.) — Transition Phase

Service	Purpose	Data
Stripe Payments	Payment processing during the transition phase before the Open Beta release. Being replaced by Apple In-App Purchase (iOS) and Google Play Billing (Android).	Email address, payment information (credit card/SEPA — processed by Stripe, not stored by us), transaction data, IP address

Note (as of May 2026): Stripe was fully deactivated as an in-app payment channel in May 2026. All in-app payments are processed exclusively via Apple In-App Purchase (iOS) and Google Play Billing (Android). There are no active Stripe-based Spark subscriptions anymore. Stripe is still listed in this Privacy Policy because legacy data of older Stripe transactions remains for retention reasons (§ 147 AO — 10-year invoice retention obligation). Note: We do not store any credit card or bank details. Stripe processes this data as an independent payment service provider. We only receive confirmation of payment status and a customer ID. Legal basis: Art. 6(1)(b) GDPR (contract performance) Legal basis for third-country transfer: EU-US Data Privacy Framework (DPF); Standard Contractual Clauses (SCC)

6.10 RevenueCat (RevenueCat, Inc.)

Service	Purpose	Data
RevenueCat	Management and validation of in-app purchases (Apple In-App Purchase, Google Play Billing) and subscription status	Pseudonymous user ID (Firebase Auth UID), Apple/Google transaction IDs (`original_transaction_id`, `purchase_token`), purchase status (active/expired), app version, device platform (iOS/Android)

Note: We use RevenueCat exclusively for managing in-app purchases via Apple App Store and Google Play Store. Purchases via our website (Stripe) are NOT transmitted to RevenueCat. RevenueCat does not receive any plain names, email addresses, credit card or bank details — only pseudonymous identifiers and transaction metadata. Legal basis: Art. 6(1)(b) GDPR (contract performance) Legal basis for third-country transfer: RevenueCat, Inc. (USA) — secured by Standard Contractual Clauses (SCC) pursuant to Art. 46 GDPR; if certified under the EU-US Data Privacy Framework (DPF), Art. 45 GDPR additionally applies. DPA: RevenueCat Data Processing Addendum (DPA)

7. Data Storage and Retention Periods

7.1 Storage Location

All data is stored in the EU:

Cloud Firestore: europe-west3 (Frankfurt, Germany)
Cloud Storage: europe-west3 (Frankfurt, Germany)
Cloud Functions: europe-west1 (Belgium, EU)

7.2 Retention Periods

Data Category	Retention Period
Account data	Until account deletion
Profile data and user-generated content	Until account deletion
Firebase Analytics	14 months (Google default)
Firebase Crashlytics	90 days (Google default)
Admin audit logs	3 years (evidence for regulatory requests pursuant to § 24 BDSG), then anonymization by hash replacement of user IDs
System audit logs (consent records)	Duration of membership + 3 years (evidence for Art. 7 GDPR)
Content reports	Until reviewed + 1 year (verification obligation)
Ban history	Duration of ban + 1 year (verification obligation)
Account deletion queue	30 days grace period (standard) or immediate deletion (Immediate Mode with MFA confirmation)
Account deletion MFA PIN hash (SHA-256)	max. 15 minutes (token TTL); automatic invalidation thereafter
Email delivery logs	90 days
Uploaded diagnostic logs (support)	90 days, then automatic deletion (GDPR Art. 5(1)(e))
Device verification data (Device Trust)	30 days after last verification

8. Account Deletion and Data Export

8.1 Account Deletion (GDPR Art. 17)

You can delete your account at any time directly within the app or via our website at https://lets-glow.de/account-loeschen. This way, you always have the option to fully delete your account, even without the app.

Two deletion modes to choose from:

Grace Mode (default, recommended): After your deletion request, you have 30 days to reverse the deletion. During this period your account is deactivated but recoverable.
Immediate Mode (instant deletion): At your explicit request we waive the grace period and delete immediately. This option requires two additional security steps (see "MFA confirmation" below) and is not reversible.

MFA confirmation (email PIN, both modes): Before we initiate the deletion process, we send a one-time 6-digit security code to your registered email address. You enter this PIN in the app to confirm that the deletion request actually originates from you. Security parameters: token TTL 15 minutes, max. 5 entry attempts per token, rate limit of 3 PIN requests per 10 minutes. The PIN is stored exclusively as a SHA-256 hash (no plaintext) and automatically removed after confirmation or expiry. Legal basis: Art. 32 GDPR (security of processing) + Art. 6(1)(b) GDPR (contract performance as part of account lifecycle management).

The deletion process works as follows:

Grace Period (default mode): After your deletion request, you have 30 days to reverse the deletion.
Complete Deletion: After the grace period (or immediately in Immediate Mode), all your data will be irreversibly deleted:
- Account data (Firebase Auth)
- Profile data (Firestore)
- Posts, comments, challenges
- Uploaded media (Storage)
- Team memberships and references

The technical completion of full deletion may take up to 90 days after the grace period (e.g., for removal from backups and cache systems). During this time, your data is no longer accessible. 3. Automated Cleanup: A scheduled cleanup process (scheduledPrivacyCleanup) ensures that expired deletion requests are fully executed.

Exceptions to Deletion:

Audit logs are anonymized, not deleted (legal documentation obligation, 10 years).
Aggregated, anonymized statistics are retained.

8.2 Data Export (GDPR Art. 15 / Art. 20)

You can request an export of your stored data at any time within the app. The export includes:

Account and profile data
Posts and comments
Challenges and scores
Team memberships

The export is provided as a JSON file and is available for download for 7 days.

9. Content Moderation and Community Safety

9.1 Reporting

Users can report other users, posts, or challenges. The following data is processed:

Reason for the report and details
Type of reported content (user, post, challenge)
Timestamp of the report
Anonymized reporter ID (for internal tracking only)

9.2 Blocking

You can block other users. Block lists are stored in your user profile and are visible only to you.

9.3 Banning

If you violate the community guidelines, your account may be suspended by an administrator. The following information is stored:

Reason and date of the ban
Duration of the ban (temporary or permanent)
Reviewing administrator (anonymized)
Ban history

9.4 Complaint and Appeal Mechanism (DSA Art. 20)

If your account is suspended or your content is moderated, you have the right to appeal. Contact us at support@lets-glow.de.

10. Email Communication

We use emails for the following purposes:

Transactional Emails: Account verification, PIN codes for critical actions, security notifications, confirmation emails for tester applications, account deletion confirmations
System Notifications: Information about account changes, processing status of tester applications
Internal Processing: When you submit a tester application, our team mailbox (support@lets-glow.de) automatically receives a notification with the application data and your email address as Reply-To, so we can contact you directly. This internal email stays within the team and is not forwarded.

Emails are sent via a German host (ALL-INKL SMTP). We do not send marketing emails without your explicit consent.

11. AI Features (Artificial Intelligence)

11.1 Use of AI

Challenges on Let's Glow are created by the community or set up as personal/team challenges – not by AI. We use AI-powered features in a supporting role:

Content Review: All challenges – whether community, personal, or team challenges – are automatically reviewed for community guideline compliance (first check before human review)
Categorization: Automatic classification and tagging of challenges
Text Generation: AI-assisted creation of descriptive texts and summaries

AI services from OpenAI, Anthropic, and Google are used for this purpose (see §6.3). No personal user data is transmitted to these services.

11.2 Automated Decision-Making (Art. 22 GDPR)

The AI-assisted content review at Let's Glow is structured as follows:

Temporary holds are not decisions: When our AI holds back content for human review, this does not constitute a decision within the meaning of Art. 22 GDPR, as no legal effect or comparable significant impact arises.
Permanent measures only after human review: Content removals, account suspensions, and bans are issued exclusively after human review by our moderation team.
Legal bases for AI processing:
- Art. 6(1)(f) GDPR (legitimate interest): Safe community, protection from illegal content, fraud prevention
- Art. 6(1)(b) GDPR (contract performance): Enforcement of Community Guidelines (part of the usage agreement)
Your rights: You may at any time request human review, express your point of view, and appeal any moderation decision (see Community Guidelines Section 6).

12. Cookies and Tracking

12.1 Flutter App (iOS / Android)

The mobile app uses no cookies. Tracking in the mobile app is performed exclusively via Firebase Analytics (with your consent). Google Tag Manager is not used in the mobile app.

12.2 Public Web Apps (lets-glow.de Landing + Marketing)

The public websites at lets-glow.de use Google Tag Manager (container ID GTM-W4ZKWGNJ, provider Google Ireland Ltd., see §6.1) to manage optional analytics and tag tools (e.g. Google Analytics 4, conversion tags). GTM and the tools loaded through it are activated exclusively after your explicit consent (Consent Mode v2). Without consent, analytics_storage, ad_storage, ad_user_data, and ad_personalization are disabled by default. You can withdraw your consent at any time via the cookie settings on the website. Details in our Cookie Policy.

13. Security Measures

We protect your data through technical and organizational measures (TOMs):

Encryption: TLS 1.2+ for all connections, AES-256 for data at rest (Firebase standard)
Access control: Role-based access management (Firebase Security Rules v5.0), two-factor authentication for admin access
Abuse protection: Firebase App Check (DeviceCheck/Play Integrity), Cloudflare Turnstile on web forms
Code security: CI/CD security gates, dependency audits before each deployment, regular penetration reviews
Audit trails: All admin and system actions are logged in systemAuditLogs
Incident response: Documented plan for data breaches pursuant to Art. 33 GDPR (72-hour deadline)

14. Your Rights (Art. 15–21 GDPR)

You have the following rights regarding your personal data:

Right	Description	Implementation
Access (Art. 15)	You can find out at any time what data we store about you.	Data export in the app or via email request
Rectification (Art. 16)	You can have incorrect data corrected.	Profile editing in the app or via email
Erasure (Art. 17)	You can request the deletion of your data.	Account deletion in the app (see Section 8.1)
Restriction (Art. 18)	You can request the restriction of processing.	Via email request
Data Portability (Art. 20)	You can receive your data in a common format.	Data export in the app (JSON)
Objection (Art. 21)	You can object to processing based on legitimate interest.	Via email to support@lets-glow.de

For all requests, contact: support@lets-glow.de

We will process your request within 30 days (pursuant to GDPR Art. 12(3)).

15. Third-Country Transfers

Your data is predominantly processed and stored in the EU:

Processing in the EU:

Google / Firebase: Firestore, Storage, Cloud Functions — region europe-west3 (Frankfurt) and europe-west1 (Belgium)
Twilio: SMS verification via Twilio servers in the EU (Ireland) — only the phone number and a verification code are transmitted
ALL-INKL: Email delivery via German host

Services based in the USA (safeguarded by DPF and/or SCC):

AI services (OpenAI, Anthropic, Google): API calls for content review — no personal data is transmitted (see §6.3)
Apple (Sign in with Apple, Apple In-App Purchase): Processing of authentication and purchase data in the USA — Apple is DPF-certified
Google (Sign-In, Play Billing, AdMob, Maps Platform): Processing partly in the USA — Google is DPF-certified
Stripe: Payment processing — we do not store any credit card or banking details
Cloudflare: Bot protection (Turnstile) for web forms
Google / Firebase (partial): For certain platform services (e.g. push notifications, authentication), processing in the USA may occur

All named US providers are certified under the EU-US Data Privacy Framework (DPF) and/or Standard Contractual Clauses (SCC) pursuant to Art. 46 GDPR are in place.

16. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy in the event of legal or technical changes. For material changes (e.g. new data categories, new processors, modified retention periods), we will notify you at least 30 days before they take effect via an in-app notification or via our consent system, which requests your express agreement. This gives you sufficient time to review the changes.

For minor editorial corrections or clarifications that do not materially affect your rights and obligations, we may adjust the Privacy Policy without separate notification — an update to the version identifier in the app suffices.

The current version is available at any time in the app under Settings > Privacy and on our website at https://lets-glow.de/datenschutz.

17. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your data violates the GDPR.

Competent supervisory authority:

Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit) Friedrichstraße 219, 10969 Berlin, Germany Phone: +49 30 13889-0 Email: mailbox@datenschutz-berlin.de Website: https://www.datenschutz-berlin.de

18. Contact

If you have questions about this Privacy Policy or the processing of your data, please contact:

Johannes Reusch Heinrich-Heine-Platz 9A 10179 Berlin, Germany

Email: support@lets-glow.de Phone: +49 30 54858929 Website: www.lets-glow.de

Last updated: May 29, 2026 (Version 2.19)