Last updated: July 2026
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified.
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You will find their contact details in the "Controller" section of this Privacy Policy.
How do we collect your data?
Some data is collected when you provide it to us directly (e.g. via the feedback form or when making a purchase). Other data is collected automatically by our IT systems when you visit the website (e.g. anonymised usage statistics).
What do we use your data for?
Part of the data is collected to ensure the website functions correctly. Other data is used for anonymised analysis of user behaviour in order to improve our website.
The controller for data processing on this website is:
SkillGranum – Samantha de Guzman
c/o IP-Management #8247
Ludwig-Erhard-Str. 18
20459 Hamburg
Germany
Email: info@skillgranum.com
Our website is hosted by ALL-INKL.COM.
Provider: ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany
Privacy policy: https://all-inkl.com/datenschutzinformationen/
Data processed:
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the technical operation of the website)
Server location: Germany (EU)
Paddle.com Market Limited
Core B, Block 71, The Plaza, Park West
Dublin 12, Ireland
Company registration number: 555277
EU VAT identification number: IE3145897WH
Paddle.com Market Limited acts as Merchant of Record for all purchases made through NumeroGen.
The following data is processed during payment via Paddle:
Processing is carried out on the basis of Art. 6(1)(b) GDPR (performance of a contract). Payment processing is necessary to fulfil your purchase contract and provide access to the purchased digital content.
Paddle processes your payment data primarily on servers within the European Union. Transfers to third countries only occur where strictly necessary for payment processing (e.g. when using PayPal or international credit cards). In such cases, Paddle ensures appropriate safeguards in accordance with Art. 46 GDPR.
Paddle retains your payment data in accordance with the statutory retention periods for tax and accounting purposes. The email address used to deliver the access token is stored by SkillGranum for the duration of your active access and deleted 90 days after expiry.
For enquiries about your payment data, please contact:
After a purchase you will receive an access token by email, which you can use to download your purchased worksheets.
Art. 6(1)(b) GDPR (performance of a contract) – Storing the token is necessary to provide access to the purchased digital content.
Your email address and token information are stored for the duration of your active access and deleted 90 days after expiry or exhaustion of your credits.
Access tokens are intended for personal, non-commercial use. Systematic sharing with third parties or commercial use (e.g. in schools or educational institutions) is not permitted and may result in the token being blocked.
For school or commercial use we offer dedicated school licences. Contact us for a quote: info@skillgranum.com
We use Supabase to store user feedback and token information.
Provider: Supabase, Inc.
Server location: Frankfurt, Germany (EU)
Privacy policy: https://supabase.com/privacy
Data stored:
Legal basis: Art. 6(1)(f) GDPR (technical provision of the service)
Data processing agreement: A data processing agreement has been concluded with Supabase.
We use Matomo to analyse user behaviour on our website. Matomo is privacy-friendly open-source software that runs on our own server.
Key features:
Data processed:
Art. 6(1)(f) GDPR (legitimate interest in analysing user behaviour to improve the website)
Data is automatically deleted after 13 months.
You can object to analysis by enabling "Do Not Track" in your browser. Matomo respects this signal automatically.
After a purchase you will receive an email containing your access token and purchase confirmation.
Data processed:
Legal basis: Art. 6(1)(b) GDPR (performance of a contract)
Retention period: 90 days after access expiry
If you contact us by email, we store your message in order to handle your enquiry.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest)
Retention period: 12 months after the enquiry is closed
You can voluntarily submit feedback on our website.
Data processed:
Legal basis: Art. 6(1)(a) GDPR (consent by submitting the form)
Retention period: 12 months after processing
You have the right to request information about the personal data we process about you.
You have the right to request correction of inaccurate data.
You have the right to have your data deleted, provided the legal requirements are met.
You can request that we restrict the processing of your data.
You have the right to receive your data in a structured, machine-readable format.
You can object to the processing of your data at any time where that processing is based on legitimate interest (Art. 6(1)(f) GDPR).
You have the right to lodge a complaint with a data protection supervisory authority.
To exercise your rights, please contact:
Federal Commissioner for Data Protection and Freedom of Information (BfDI)
Graurheindorfer Str. 153
53117 Bonn
Germany
Phone: +49 (0)228 997799-0
Email: poststelle@bfdi.bund.de
Website: https://www.bfdi.bund.de
For security reasons this website uses SSL/TLS encryption to protect confidential content. You can recognise an encrypted connection by "https://" in the address bar and the padlock symbol in your browser.
| Data type | Deletion period |
|---|---|
| Access tokens (email address) | 90 days after expiry / cancellation |
| Feedback forms | 12 months after processing |
| Support emails | 12 months after closure |
| Server logs | 7 days |
| Matomo analytics | 13 months |
| Generated PDFs | Immediately deleted after download |
You may request deletion of your data at any time. Contact:
info@skillgranum.com
Deletion is carried out within 30 days.
The following information applies additionally to use of the SkillGranum iOS App, available via the Apple App Store. The controller is the same as indicated in Section 2 above.
The app is intended exclusively for parents or guardians, who create a parent account and set up child profiles for children aged 5 to 11. Children use the app exclusively through such a child profile. It is technically not possible for children to create an account independently.
The following data is processed when registering and using the parent account:
Legal basis: Art. 6(1)(b) GDPR (performance of a contract) for data necessary to manage the account; Art. 6(1)(a) GDPR (consent) for obtaining GDPR consent at registration.
Child profiles are created exclusively by the parent or guardian. Processing of child profile data is based solely on the explicit consent of the parent, obtained during account registration.
The following data is stored for each child profile:
Legal basis: Art. 6(1)(b) GDPR (performance of a contract – provision of the personalised learning experience) in conjunction with the explicit parental consent pursuant to Art. 8 GDPR.
The app contains neither third-party analytics services nor advertising of any kind. Aggregated usage statistics (e.g. number of app installations, crash reports) are collected exclusively through Apple's own App Analytics system, which transmits no personal data to SkillGranum and remains entirely within Apple's infrastructure. Learning progress data is stored exclusively in the Supabase infrastructure described in Section 6 and is used solely to provide the service.
Subscriptions concluded within the iOS app are processed exclusively through Apple's In-App Purchase system (StoreKit). SkillGranum does not receive any payment data (credit card numbers, bank details, etc.).
Payment processor: Apple Inc., One Apple Park Way,
Cupertino, CA 95014, USA
Apple Privacy Policy:
https://www.apple.com/legal/privacy/
SkillGranum stores only the subscription status (active / free / cancelled) and a transaction ID provided by Apple, for the purpose of access control and proof of entitlement when switching devices or reinstalling the app.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract)
Subscription access is available exclusively through the password-protected parent section of the app. Child profiles have no technical access to purchase or account management functions.
All app data (parent accounts, child profiles, learning progress) is stored in the Supabase infrastructure described in Section 6 (server location: Frankfurt, Germany, EU). No personal data is transferred to countries outside the EU in the course of regular app use. The data processing agreement concluded with Supabase applies equally to app data.
| Data type | Deletion period |
|---|---|
| Parent account (email, password, settings) | Immediately upon account deletion by the parent |
| Child profiles and learning progress data | Immediately upon account deletion (automatic cascade deletion) |
| Subscription status and transaction ID | Immediately upon account deletion |
Account deletion, including all child profiles and learning progress data, can be requested at any time in the app settings (Parent Area → Account → Delete Account) or by email to info@skillgranum.com. Deletion is carried out within 30 days.
Consent to processing of child profile data is given exclusively by the parent or guardian during account registration. Children have no independent access to account, subscription, or privacy settings. All privacy- and purchase-related sections of the app are protected by a separate password to prevent access by children.
We reserve the right to update this Privacy Policy to reflect changes in the legal framework or in our services.
Current version: July 2026