HEIDI
Sign in

Privacy Policy

Last updated: 1 June 2026

1. Who we are (data controller)

Heidi German by The European Trader (Matthew Reynolds), Feuerbachstrasse 38, 60325 Frankfurt am Main, Germany, is the controller responsible for your personal data under the EU General Data Protection Regulation (GDPR). You can contact us at Theeuropeantrader@outlook.com.

2. What data we collect

Account data: your email address and an encrypted password (we never see your password in plain text). Learning profile: optional information you choose to give us, such as your level, goals, motivation, target exam, daily study target and how you heard about us. Payment data: your purchase status and non-sensitive billing details (card brand, last four digits, expiry, and a Stripe customer reference). We never store full card numbers — these are handled by Stripe. Consent records: a log of the consents you give or withdraw, including the date, the wording shown to you and how you consented. Technical data: limited information such as IP address and browser type, used for security and to operate the service.

3. Why we use it, and our legal basis

To provide the app, your account and your purchase, we process account and payment data on the basis of our contract with you (Art. 6(1)(b) GDPR). To send you marketing emails (learning tips and product news), we rely on your separate, explicit consent (Art. 6(1)(a) GDPR), which you can withdraw at any time. To keep the service secure and prevent abuse, we rely on our legitimate interests (Art. 6(1)(f) GDPR). To meet legal and accounting obligations, we rely on Art. 6(1)(c) GDPR.

4. Marketing emails and double opt-in

If you opt in to marketing, we first send you a confirmation email and only add you to our list once you click the confirmation link (double opt-in, as required in Germany). Every marketing email contains a one-click unsubscribe link, and you can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

5. Who we share data with (processors)

We use trusted service providers who process data on our behalf under data processing agreements: Supabase (database and authentication, hosted in the EU), Stripe (payment processing), Resend (sending email), and Netlify (website hosting and content delivery). Some of these providers may process data outside the EU; where they do, the transfer is protected by appropriate safeguards such as the European Commission's Standard Contractual Clauses.

6. How long we keep it

We keep account and learning data for as long as your account exists. If you delete your account, we delete or anonymise your personal data, except where we must keep certain records (for example, invoices) to meet legal retention obligations. Consent records are kept as evidence of compliance for as long as necessary.

7. Your rights

Under the GDPR you have the right to access your data, to rectify it, to erase it, to restrict or object to processing, to data portability, and to withdraw consent at any time. To exercise any of these, email us at Theeuropeantrader@outlook.com. You also have the right to lodge a complaint with a supervisory authority — for us this is the Hessian Commissioner for Data Protection and Freedom of Information (Der Hessische Beauftragte für Datenschutz und Informationsfreiheit).

8. Cookies

We use a single strictly-necessary cookie to keep you signed in to the paid app. We do not use advertising or third-party tracking cookies.

9. Changes

We may update this policy from time to time. We will post the new version here and update the date above.

Terms of Service · Impressum

Heidi · Learn German, Beautifully
Privacy · Terms · Impressum