Privacy Policy

1. Privacy at a Glance

General Information

The following information provides an overview of what happens to your personal data when you use the mobile application "Novel Romance" (hereinafter "App") and the associated website at novelromance.app (hereinafter "Website"). Personal data is any data that can be used to personally identify you. For detailed information on data protection, please refer to the following sections of this privacy policy.

Data Collection in the App

Your data is collected partly when you provide it to us (e.g. during registration) and partly automatically when you use the App and Website. Automatically collected data includes technical data such as your device type, operating system, and app version, as well as usage data like reading progress and preferences.

What Do We Use Your Data For?

A portion of the data is collected to ensure the proper functioning of the App and Website. Other data may be used to analyze user behavior and improve our services.

What Rights Do You Have?

You have the right at any time to obtain information about your stored personal data, its origin, recipients, and the purpose of the data collection free of charge. You also have the right to request the rectification, restriction, or erasure of this data. You can contact us at any time regarding data protection matters.

2. Responsible Entity (Controller)

The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws as well as other data protection provisions is:

If you have any questions regarding the processing of your personal data, please contact us directly. We are happy to assist with questions and requests related to data protection.

3. Scope of Application

This privacy policy applies to the use of the Novel Romance mobile application (available for iOS and Android), the associated website at novelromance.app, and all services provided in connection with these platforms. The App is currently available in English and German.

4. Data Collection and Processing

4.1 Account Data

When you register an account in the App, we collect the following data:

• Email address – for account creation, login, and communication
• Username – for identification within the App
• Profile picture (optional) – for personalizing your profile
• Password (hashed) – for account authentication; stored exclusively in hashed form and never in plain text

4.2 Usage Data

During your use of the App, we collect the following data to provide our services:

• Reading progress – to allow you to continue reading where you left off
• Favorites and bookmarks – to save your preferred stories
• Reading history – to show previously read stories and provide recommendations
• App settings and preferences – such as language selection (English/German), display preferences, and notification settings
• Search queries – to provide search results and improve search quality

4.3 Technical Data

When you use the App or Website, the following technical data is automatically collected:

• Device information – device type, model, manufacturer
• Operating system – type and version (e.g. iOS 18, Android 15)
• App version – the version of the Novel Romance App you are using
• IP address – collected during communication with our servers; used for security and fraud prevention
• Language and region settings – for displaying content in the correct language
• Crash reports and error logs – for identifying and fixing technical issues
• Access timestamps – date and time of App usage

4.4 Purchase Data

When you make in-app purchases (credits or subscriptions), the following data is processed:

• Purchase type and amount – which product was purchased
• Transaction ID – for assignment and verification of the purchase
• Purchase date – timestamp of the transaction
• Subscription status – whether a subscription is active, expired, or cancelled

Important: The actual payment processing (credit card details, bank information, etc.) is handled exclusively by Apple (App Store) or Google (Play Store). We do not receive or store any payment method details. The privacy policies of Apple and Google apply to the payment processing.

4.5 Website Data

When you visit our Website at novelromance.app, the following data may be automatically collected by the web server:

• IP address
• Date and time of access
• Pages visited
• Referrer URL (the previously visited page)
• Browser type and version
• Operating system

This data is processed on the basis of Art. 6(1)(f) GDPR. The operator has a legitimate interest in the technically error-free presentation and optimization of the Website.

4.6 Communication Data

When you contact us (e.g. via email for support), we collect:

• Your email address
• Content of the message
• Date and time of the inquiry
• Any additional information you voluntarily provide

This data is processed for the purpose of handling your inquiry and is stored as long as necessary to process the request and any follow-up questions.

5. Purpose of Data Processing

We process your personal data for the following purposes:

• Providing the App and its features – displaying stories, saving reading progress, managing favorites
• User account management – creating and managing your account, authentication
• Personalization – adapting content and recommendations based on your reading behavior
• Processing purchases – verifying in-app purchases, managing credits and subscriptions
• Communication – responding to support requests, sending service-related notifications
• Push notifications – sending notifications about new stories, updates, or account-related information (only with your consent)
• App improvement – analyzing usage patterns to improve features and user experience
• Security – detecting and preventing fraud, abuse, and technical issues
• Legal compliance – fulfilling legal obligations and enforcing our Terms of Service

6. Legal Basis for Data Processing

The processing of your personal data is based on the following legal grounds under the GDPR:

• Art. 6(1)(a) GDPR – Consent: For the processing of data where you have given explicit consent, e.g. for receiving push notifications, optional profile data, and the use of analytics services.
• Art. 6(1)(b) GDPR – Contract Performance: For data processing necessary for the provision of our services, including account management, saving reading progress, and processing in-app purchases.
• Art. 6(1)(c) GDPR – Legal Obligation: For data processing required by law, e.g. retention of transaction data for tax and accounting purposes.
• Art. 6(1)(f) GDPR – Legitimate Interests: For processing necessary for our legitimate interests, such as improving the App, ensuring security, preventing fraud, and collecting anonymized usage statistics. Your interests, fundamental rights, and freedoms are carefully weighed against our interests in each individual case.

7. Data Sharing with Third Parties

We only share your personal data with third parties when this is necessary for providing our services, when you have consented, or when we are legally obligated to do so. The following service providers may have access to your data:

7.1 Supabase (Database & Authentication)

We use Supabase as our backend infrastructure for database management and user authentication. Supabase processes and stores your account data, usage data, and reading progress. Supabase operates servers within the European Union (EU). A Data Processing Agreement (DPA) has been concluded with Supabase in accordance with Art. 28 GDPR.

More information: supabase.com/privacy

7.2 Apple App Store (iOS)

If you use the App on an iOS device, Apple Inc. processes data in connection with downloading and updating the App, as well as processing in-app purchases. The privacy policy of Apple applies to this data processing.

More information: apple.com/legal/privacy

7.3 Google Play Store (Android)

If you use the App on an Android device, Google LLC processes data in connection with downloading and updating the App, as well as processing in-app purchases. The privacy policy of Google applies to this data processing.

More information: policies.google.com/privacy

7.4 Analytics Services

We may use analytics services to analyze and improve the use of our App. This data is collected and processed in anonymized or pseudonymized form, so that no conclusions can be drawn about individual users. The use of analytics services is based on Art. 6(1)(a) GDPR (consent) or Art. 6(1)(f) GDPR (legitimate interest in improving our App).

7.5 Hosting (Website)

Our Website is hosted on servers that automatically collect and store information in server log files, which your browser automatically transmits. This data is used solely for technical operation and is not combined with other data sources.

7.6 No Sale of Data

We do not sell, trade, or rent your personal data to third parties.

8. International Data Transfers

We strive to process and store your data within the European Union (EU) and the European Economic Area (EEA). Where data transfers to countries outside the EU/EEA are necessary (e.g. when using services by Apple or Google), we ensure that an adequate level of data protection is guaranteed through appropriate safeguards, including:

• EU adequacy decisions pursuant to Art. 45 GDPR
• Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR
• Binding Corporate Rules (BCRs) of the respective provider

9. Cookies and Local Storage

9.1 Website

Our Website currently does not use cookies or similar tracking technologies. Should this change in the future, we will update this privacy policy accordingly and, where required, obtain your consent before setting non-essential cookies.

9.2 App

The App uses local storage on your device to store settings, authentication tokens, and cached content. This data remains on your device and is necessary for the proper functioning of the App. This local data processing is based on Art. 6(1)(b) GDPR (contract performance).

10. Push Notifications

With your consent, we may send push notifications to your mobile device, for example to inform you about new stories, updates, or account-related events. You can manage or disable push notifications at any time in your device settings or within the App. The legal basis for sending push notifications is Art. 6(1)(a) GDPR (consent).

11. Data Retention

We store your personal data only for as long as necessary for the purposes stated in this privacy policy or as required by legal retention obligations. Specifically:

• Account data: Stored for the duration of your account. After deletion of your account, personal data will be removed within 30 days.
• Usage data: Stored as long as your account is active and deleted together with your account.
• Transaction data: Retained for the legally required period (up to 10 years for tax and accounting purposes under German commercial and tax law, § 147 AO, § 257 HGB).
• Server log files: Automatically deleted after 14 days unless retention is required for security investigations.
• Support inquiries: Stored for up to 3 years after completion of the request, or longer if legally required.

12. Data Security

We take appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration. These measures include, but are not limited to:

• SSL/TLS encryption: All communication between the App, Website, and our servers is encrypted using SSL/TLS protocols.
• Hashed passwords: User passwords are stored exclusively in cryptographically hashed form.
• Access controls: Strict access controls ensure that only authorized personnel can access personal data.
• Regular security updates: Our systems and software are regularly updated to address security vulnerabilities.
• Data minimization: We only collect and process data that is strictly necessary for the stated purposes.

Despite these measures, no method of electronic storage or transmission over the internet is 100% secure. We therefore cannot guarantee absolute security, but we endeavor to implement the highest standards of protection.

13. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR): You have the right to obtain confirmation as to whether personal data concerning you is being processed and, if so, to obtain access to this data and further information.
• Right to rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate personal data and the completion of incomplete data.
• Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data, provided that the conditions of Art. 17 GDPR are met (e.g. data is no longer necessary for its original purpose).
• Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing under the conditions set out in Art. 18 GDPR.
• Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit this data to another controller.
• Right to object (Art. 21 GDPR): You have the right to object to the processing of your personal data at any time on grounds relating to your particular situation, insofar as the processing is based on Art. 6(1)(e) or (f) GDPR.
• Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.

To exercise your rights, please contact us at: digitalappgroupde@gmail.com

We will respond to your request within 30 days in accordance with the GDPR. In complex cases, this period may be extended by a further two months.

14. Automated Decision-Making

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR that would produce legal effects concerning you or similarly significantly affect you. Story recommendations are based on your reading behavior but do not constitute automated decision-making in the legal sense.

15. Children’s Privacy

The App is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data without parental consent, we will take steps to delete this data as quickly as possible. If you believe a child has provided us with personal data, please contact us at: digitalappgroupde@gmail.com

16. Right to Lodge a Complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR (Art. 77 GDPR).

17. Changes to This Privacy Policy

We reserve the right to update this privacy policy from time to time to reflect changes in our data processing practices or legal requirements. In the event of material changes, we will notify you through the App or via email. The current version is always available in the App and on our Website. We recommend reviewing this privacy policy regularly.

18. Offline Mode and Data Caching

The Novel Romance App allows you to read certain content offline. To enable this feature, content may be temporarily cached on your device. This cached data includes:

• Story content – text content of stories you have accessed or downloaded for offline reading
• Images and media – cover images and other visual elements associated with stories
• Reading position – your current position within each story

Cached data is stored locally on your device and is not transmitted to our servers unless you reconnect to the internet and synchronize your reading progress. You can clear cached data at any time through the App settings or by deleting the App from your device.

19. Mobile Device Permissions

The App may request the following permissions on your mobile device:

• Internet access – required for downloading stories, syncing reading progress, and communicating with our servers
• Push notifications – to send you notifications about new stories and updates (optional, requires your consent)
• Storage / file access – for caching story content for offline reading
• Camera / photo library – only if you choose to upload a profile picture (optional)

You can manage these permissions at any time through your device settings. Denying certain permissions may limit the functionality of the App. We only request permissions that are necessary for the specific features you use.

20. Account Deletion

You have the right to delete your account at any time. You can initiate account deletion:

• Directly in the App via the account settings
• By contacting us at digitalappgroupde@gmail.com

When you delete your account, the following actions are taken:

• Your personal data (email, username, profile picture) will be permanently deleted within 30 days
• Your reading progress, favorites, and reading history will be permanently deleted
• Unused credits will expire and cannot be refunded after deletion
• Transaction data may be retained for up to 10 years as required by German tax and commercial law (§ 147 AO, § 257 HGB)
• Anonymized and aggregated data that cannot be linked to you may be retained for statistical purposes

Please note that account deletion is irreversible. We recommend exporting any data you wish to keep before deleting your account.

21. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with Art. 34 GDPR. We will also notify the competent supervisory authority within 72 hours of becoming aware of the breach, as required by Art. 33 GDPR.

The notification will include:

• A description of the nature of the data breach
• The categories and approximate number of data subjects affected
• The likely consequences of the breach
• The measures taken or proposed to address the breach and mitigate its effects

22. Third-Party Links

The App and Website may contain links to third-party websites or services (e.g. Apple App Store, Google Play Store). We are not responsible for the privacy practices or content of these third-party services. We encourage you to read the privacy policies of any third-party service before providing personal data. This includes, but is not limited to:

• Apple App Store and its associated services
• Google Play Store and its associated services
• Any external websites linked from story content or the App

23. Marketing and Service Communications

We may send you service-related communications that are necessary for the operation of your account, such as:

• Account verification and security alerts
• Purchase confirmations and receipts
• Important changes to our services or terms
• Responses to your support inquiries

These service communications are sent on the basis of Art. 6(1)(b) GDPR (contract performance) and cannot be opted out of while maintaining an active account.

With your consent (Art. 6(1)(a) GDPR), we may also send promotional communications such as:

• New story releases and recommendations
• Special offers and promotions
• App feature updates and announcements

You can withdraw your consent to promotional communications at any time by adjusting your notification settings in the App, clicking the unsubscribe link in any marketing email, or contacting us at digitalappgroupde@gmail.com.

24. Applicable Law and Jurisdiction

This privacy policy and all matters relating to data protection are governed by the laws of the Federal Republic of Germany and the applicable provisions of the European Union, in particular the General Data Protection Regulation (GDPR). The place of jurisdiction for all disputes is, insofar as legally permissible, the registered office of Digital App Group GmbH.

25. Contact

If you have any questions, concerns, or requests regarding this privacy policy or the processing of your personal data, please contact us:

We endeavor to respond to all data protection inquiries within 30 days. For complex requests, this period may be extended by up to two additional months, in which case we will inform you of the extension and the reasons for the delay.