Privacy Policy
Last updated: July 9, 2026
General Information
This Privacy Policy explains which personal data is processed when using writhentic, for what purposes it is processed, and what rights users have.
writhentic collects and processes personal data to the extent necessary to provide the app, operate the website, ensure technical security, process payments, provide platform services, and comply with legal obligations.
Owner and Data Controller
The Data Controller responsible for processing personal data is:
Andreas Stein
c/o Block Services
Stuttgarter Str. 106
70736 Fellbach
Germany
Controller's email address: a.s@andreas-stein.tech
Types of Data Collected
writhentic processes the following categories of personal data, either directly or through third parties:
- Usage Data
- Various types of Data
- Payment Data
- Device Information
Provision of Data
Complete details on each category of personal data processed are provided in the relevant sections of this Privacy Policy or through specific notices displayed before the data is collected.
Personal data may be voluntarily provided by the user or, in the case of Usage Data, collected automatically while using writhentic.
Unless otherwise specified, all personal data requested by writhentic is mandatory. Failure to provide such data may make it impossible for writhentic to provide its services.
Where personal data is explicitly indicated as optional, users may choose not to provide such data without affecting the availability or functionality of the service.
Users who are uncertain about which personal data is mandatory are welcome to contact the Data Controller.
Any use of Cookies or other tracking technologies by writhentic or by third-party services is intended to provide the service requested by the user and for the additional purposes described in this Privacy Policy.
Data Concerning Third Parties
Users are responsible for any personal data of third parties obtained, published, or shared through writhentic and confirm that they have the right to provide such data.
Method and Place of Processing
Methods of Processing
The Data Controller processes personal data securely and takes appropriate technical and organizational measures to prevent unauthorized access, disclosure, modification, loss, or destruction of personal data.
Processing is carried out using computers and information technology systems following organizational procedures directly related to the purposes described in this Privacy Policy.
Place of Processing
Personal data is processed at the Data Controller's operating offices and at any other places where the parties involved in the processing are located.
Depending on the user's location, personal data may be transferred to a country other than the user's own. Further information is provided in the relevant sections of this Privacy Policy.
Retention Period
Personal data is processed and stored only for as long as necessary to fulfill the purposes for which it was collected.
Personal data processed for the performance of a contract is retained until the contract has been fully performed.
Personal data processed based on legitimate interests is retained for as long as required to fulfill those interests.
Where processing is based on consent, personal data may be retained until consent is withdrawn.
A longer retention period may be required where necessary to comply with legal obligations or to establish, exercise, or defend legal claims.
Once the applicable retention period has expired, personal data will be deleted. After deletion, rights such as access, rectification, erasure, or data portability can no longer be exercised.
Purposes of Processing
Personal data concerning the user is collected to allow the Data Controller to provide the service, comply with legal obligations, respond to enforcement requests, protect its own rights and interests or those of users or third parties, and detect malicious or fraudulent activity.
Personal data is processed in particular for the following purposes:
- Platform Services and Hosting
- Data Transfer Outside the European Union
- Handling Payments
- Hosting and Backend Infrastructure
- Analytics
Detailed Information on the Processing of Personal Data
Analytics
The services described in this section enable the Data Controller to monitor and analyze web traffic and user behavior.
Anonymous Usage Statistics
Anonymous usage data is processed for technical analysis and statistical evaluation of the use of this website.
The processed information may include the selected language, the user's country based on anonymized IP geolocation at country level, and timestamps of page views and redirects.
IP addresses are not stored. All data is processed exclusively in aggregated and anonymous form for statistical and technical purposes. Individual users are not identified.
Hosting and Backend Infrastructure
This type of service hosts data and files required for operating writhentic or provides the technical infrastructure necessary for specific features of the service.
Some of these services may operate through geographically distributed servers, making it difficult to determine the exact location where personal data is stored.
STRATO
When visiting the website, the hosting provider STRATO automatically processes access information through server log files.
- Anonymized IP address of the visitor
- Date and time of access
- Browser type and version
- Visitor's operating system
- Referrer URL or previously visited website
- Name of the requested web page and file
- Amount of data transferred
Purpose and Retention Period at STRATO
This information is stored exclusively to ensure the technical operation, stability, and security of the website and to detect and prevent misuse or attacks.
IP addresses are anonymized by STRATO immediately after collection. The anonymized information is retained for a maximum of seven days and then permanently deleted.
Further information: STRATO Privacy Policy
Platform Services and Hosting
These services enable the hosting and operation of the core components of writhentic so that the application can be delivered through a unified platform.
Such platforms may provide tools for analytics, user management, database management, application distribution, e-commerce, and payment processing. Using these services may involve the processing of personal data.
Some of these services operate through geographically distributed servers, making it difficult to determine where personal data is actually stored.
App Store Connect
writhentic is distributed through Apple's App Store. App Store Connect is a platform provided by Apple Inc. that allows the Data Controller to manage the application in the App Store.
Depending on the configuration, App Store Connect provides statistical information about user engagement, app discovery, marketing campaigns, sales, in-app purchases, and payments to help the Data Controller evaluate the performance of writhentic.
App Store Connect only processes such information for users who have agreed to share it with the Data Controller.
Personal Data processed: Usage Data.
Service provider: Apple Inc. (United States).
Further information: Apple Privacy Policy
Handling Payments
Unless otherwise specified, all payments in writhentic are processed by third-party payment service providers.
As a rule, users provide their payment details directly to the relevant payment provider. writhentic does not normally collect or process this information but only receives confirmation that the payment has been completed.
Payments Processed via the Apple App Store
writhentic uses a payment service provided by Apple Inc. to enable purchases of the application and in-app purchases.
Personal data required to process purchases is handled by Apple in accordance with the App Store Privacy Policy.
Personal Data processed: Email, Device Information, Usage Data, and Payment Data.
Service provider: Apple Inc. (United States).
Further information: Apple App Store Privacy Policy
Transfer of Personal Data Outside the European Union
Personal data may be processed outside the European Union in connection with the services used, particularly where a service provider is established in a third country or uses servers located there.
Transfers Based on Standard Contractual Clauses
Where personal data is transferred to third countries, such transfers may take place based on the Standard Contractual Clauses adopted by the European Commission.
In such cases, recipients are required to process personal data in accordance with the data protection standards applicable within the European Union.
Further information may be obtained by contacting the Data Controller using the contact details provided in this Privacy Policy.
Legal Basis for Processing
Personal data is processed only where an appropriate legal basis exists. Depending on the circumstances, processing may be based on one or more of the following legal grounds:
Article 6(1)(a) GDPR – the data subject has given consent.
Article 6(1)(b) GDPR – processing is necessary for the performance of a contract or to take pre-contractual steps.
Article 6(1)(c) GDPR – processing is necessary to comply with a legal obligation.
Article 6(1)(e) GDPR – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
Article 6(1)(f) GDPR – processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject.
Upon request, the Data Controller will provide information about the specific legal basis applicable to a particular processing activity and whether providing personal data is a legal or contractual requirement or necessary to enter into a contract.
Users' Rights
Users may exercise certain rights regarding their personal data, subject to the conditions set out in applicable data protection laws.
Right of Access
Users have the right to obtain confirmation as to whether personal data concerning them is being processed, to access that data, to receive information about the processing, and to obtain a copy of their personal data.
Right to Rectification
Users have the right to request the correction of inaccurate personal data and the completion of incomplete personal data.
Right to Erasure
Users have the right to request the deletion of their personal data where the legal requirements for doing so are met.
Right to Restriction of Processing
Users have the right to request restriction of the processing of their personal data in the circumstances provided for by applicable law.
Right to Data Portability
Users have the right to receive their personal data in a structured, commonly used, and machine-readable format and, where technically feasible, to have that data transmitted to another controller.
Right to Object
Users have the right to object to the processing of their personal data where such processing is based on the Data Controller's legitimate interests.
Where personal data is processed for direct marketing purposes, users may object at any time. In such cases, the personal data will no longer be processed for direct marketing purposes.
Withdrawal of Consent
Where processing is based on consent, users have the right to withdraw their consent at any time with effect for the future.
Right to Lodge a Complaint
Users have the right to lodge a complaint with the competent data protection supervisory authority.
Exercising These Rights
Requests to exercise the above rights may be submitted to the Data Controller using the contact details provided in this Privacy Policy.
Such requests will be handled free of charge and as quickly as possible, and in any event within one month.
Any rectification, erasure, or restriction of processing will be communicated to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.
Additional Information for Users in Switzerland
This section applies to users residing in Switzerland and replaces any conflicting or inconsistent provisions of this Privacy Policy for such users.
Further details regarding the categories of personal data processed, the purposes of processing, recipients of personal data, retention periods, and other relevant information can be found in the respective sections of this Privacy Policy.
Rights under Swiss Data Protection Law
Users residing in Switzerland have the right, subject to applicable law, to request access to their personal data, have inaccurate data corrected, request the deletion or destruction of personal data, object to the processing of personal data, and request the release or transfer of certain personal data.
These rights may be exercised by contacting the Data Controller using the contact details provided in this Privacy Policy.
Additional Information for Users in Brazil
This section supplements the remaining provisions of this Privacy Policy for users residing in Brazil in accordance with the Lei Geral de Proteção de Dados (LGPD). Where this section conflicts with other parts of this Privacy Policy, this section shall prevail.
Within this section, the term "personal data" has the meaning assigned to it by the LGPD.
Legal Bases under Brazilian Law
Personal data is processed only where a valid legal basis exists, including consent, compliance with legal or regulatory obligations, performance of a contract or pre-contractual measures, the exercise of rights in judicial or administrative proceedings, protection of life or physical safety, legitimate interests provided that the user's fundamental rights do not prevail, or credit protection.
Further information about the specific legal basis applicable to a particular processing activity may be obtained by contacting the Data Controller using the contact details provided in this Privacy Policy.
Rights under the LGPD
Under the LGPD, users in Brazil have the right to obtain confirmation of the existence of processing, access their personal data, correct incomplete, inaccurate, or outdated data, request anonymization, blocking, or deletion of unlawfully processed data, exercise the right to data portability, receive information about the sharing of personal data, withdraw consent, lodge a complaint with the ANPD, and object to unlawful processing.
Such requests may be submitted free of charge using the contact details provided in this Privacy Policy. Where a more comprehensive response is required, it will be provided within fifteen days in accordance with the LGPD.
International Transfers of Personal Data
Personal data may be transferred outside Brazil where permitted under the LGPD, including to comply with legal obligations, perform a contract, facilitate international cooperation, following approval by the ANPD, or where appropriate safeguards have been implemented.
Additional Information for Users in the United States
This section supplements the remaining provisions of this Privacy Policy for users residing in U.S. states with applicable privacy legislation, including California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Nevada, Delaware, Iowa, New Hampshire, New Jersey, Nebraska, Tennessee, Minnesota, Maryland, Indiana, Kentucky, Rhode Island, and Montana.
For these users, this section prevails over any conflicting provisions of this Privacy Policy. The terms "personal information" and "sensitive personal information" shall be interpreted in accordance with the applicable laws of the relevant U.S. state.
Notice of Collection of Personal Information
During the preceding twelve months, identifiers, commercial information, and internet or other electronic network activity information may have been collected or disclosed.
The processed information may include Usage Data, Email, Device Information, Various Types of Data, and Payment Data, which may be classified as sensitive personal information under applicable law.
This information is processed solely for the purposes described in this Privacy Policy.
No Sale, No Sharing, and No Targeted Advertising
writhentic does not sell personal information, does not share personal information for cross-context behavioral advertising as defined by applicable U.S. law, and does not process personal information for targeted advertising unless expressly stated otherwise in this Privacy Policy.
Additional Information about the Collection and Processing of Personal Data
Protection of Personal Data
writhentic processes personal data only to the extent necessary to provide the service and works exclusively with service providers that ensure an appropriate level of data protection.
Legal Action
The Data Controller may process users' personal data for the purpose of establishing, exercising, or defending legal claims, including in connection with judicial or administrative proceedings arising from the use of writhentic.
Users acknowledge that the Data Controller may be required to disclose personal data in response to lawful requests by public authorities.
Additional Information about Personal Data
In addition to the information contained in this Privacy Policy, writhentic may provide users with supplementary information concerning specific services or the collection and processing of personal data upon request.
System Logs and Maintenance
For operation and maintenance purposes, writhentic and third-party services may collect system logs recording interactions with the service or use other personal data, such as IP addresses, for these purposes.
Information Not Contained in this Privacy Policy
Further information regarding the collection or processing of personal data may be requested from the Data Controller at any time using the contact details provided in this Privacy Policy.
SSL/TLS Encryption
This website uses SSL/TLS encryption to protect the transmission of confidential information. A secure connection is indicated by the "https://" prefix in the browser's address bar and the padlock icon.
Changes to this Privacy Policy
The Data Controller reserves the right to amend this Privacy Policy at any time. Any changes will be published on this page and, where technically and legally possible, users will be notified through writhentic or via the available contact details.
Users are encouraged to review this page regularly, paying particular attention to the date of the latest update.
Where changes affect processing based on consent, the Data Controller will obtain renewed consent where required by applicable law.
Definitions and Legal References
Personal Data
Personal Data means any information that directly or indirectly identifies, or can be used to identify, a natural person.
Sensitive Personal Information
Sensitive Personal Information means personal information that is not publicly available and is subject to enhanced protection under applicable data protection laws.
Usage Data
Usage Data refers to information collected automatically by writhentic or third-party services. This may include IP addresses or domain names of users' devices, URI (Uniform Resource Identifier) addresses, the date and time of requests, the method used to submit requests to the server, the size of response files, server status codes, country of origin, browser and operating system information, visit duration, pages visited, and other technical parameters relating to the user's device and IT environment.
User
A User is any natural person using writhentic and, unless otherwise specified, is also the Data Subject.
Data Subject
The Data Subject is the natural person to whom the Personal Data relates.
Data Processor
A Data Processor is any natural or legal person, public authority, agency, or other body that processes Personal Data on behalf of the Data Controller.
Data Controller
The Data Controller is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
writhentic
writhentic refers to the application, website, or digital service through which Personal Data is collected and processed.
Service
The Service refers to all functions, content, and services provided by writhentic as described in this Privacy Policy.
Sale
Sale means the transfer of Personal Information by the Data Controller to a third party in exchange for monetary or other valuable consideration, as defined under applicable U.S. privacy laws.
Sharing
Sharing means disclosing, transferring, or otherwise making Personal Information available to a third party for cross-context behavioral advertising, as defined by applicable law.
Targeted Advertising
Targeted Advertising means advertising selected based on Personal Information obtained from a user's activities over time across different websites, applications, or online services that are not operated by the same organization.
Tracker
A Tracker is any technology, such as Cookies, unique identifiers, web beacons, embedded scripts, E-tags, or device fingerprinting, that enables users to be recognized or tracked by storing or accessing information on their devices.
European Union
Unless expressly stated otherwise, any reference to the European Union (EU) in this Privacy Policy also includes the European Economic Area (EEA).