DE EN
← Back to homepage
Privacy Policy

Privacy Policy

Last updated: July 2026

1. Privacy at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You will find their contact details in the "Controller" section of this Privacy Policy.

How do we collect your data?

Some data is collected when you provide it to us directly (e.g. via the feedback form or when making a purchase). Other data is collected automatically by our IT systems when you visit the website (e.g. anonymised usage statistics).

What do we use your data for?

Part of the data is collected to ensure the website functions correctly. Other data is used for anonymised analysis of user behaviour in order to improve our website.

2. Controller

The controller for data processing on this website is:

SkillGranum – Samantha de Guzman
c/o IP-Management #8247
Ludwig-Erhard-Str. 18
20459 Hamburg
Germany
Email: info@skillgranum.com

Note: As a freelancer in the education sector, we are subject to German data protection law and process your data exclusively within the EU.

3. Hosting and servers

All-inkl.com (web hosting)

Our website is hosted by ALL-INKL.COM.

Provider: ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany
Privacy policy: https://all-inkl.com/datenschutzinformationen/

Data processed:

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the technical operation of the website)
Server location: Germany (EU)

4. Payment processing via Paddle

Payment processor

Paddle.com Market Limited
Core B, Block 71, The Plaza, Park West
Dublin 12, Ireland
Company registration number: 555277
EU VAT identification number: IE3145897WH

Paddle.com Market Limited acts as Merchant of Record for all purchases made through NumeroGen.

Data processed

The following data is processed during payment via Paddle:

Legal basis

Processing is carried out on the basis of Art. 6(1)(b) GDPR (performance of a contract). Payment processing is necessary to fulfil your purchase contract and provide access to the purchased digital content.

Data transfers

Paddle processes your payment data primarily on servers within the European Union. Transfers to third countries only occur where strictly necessary for payment processing (e.g. when using PayPal or international credit cards). In such cases, Paddle ensures appropriate safeguards in accordance with Art. 46 GDPR.

Retention period

Paddle retains your payment data in accordance with the statutory retention periods for tax and accounting purposes. The email address used to deliver the access token is stored by SkillGranum for the duration of your active access and deleted 90 days after expiry.

Your rights regarding Paddle data

For enquiries about your payment data, please contact:

5. Access tokens for digital content

Purpose of processing

After a purchase you will receive an access token by email, which you can use to download your purchased worksheets.

Data processed

Legal basis

Art. 6(1)(b) GDPR (performance of a contract) – Storing the token is necessary to provide access to the purchased digital content.

Retention period

Your email address and token information are stored for the duration of your active access and deleted 90 days after expiry or exhaustion of your credits.

Terms of use

Access tokens are intended for personal, non-commercial use. Systematic sharing with third parties or commercial use (e.g. in schools or educational institutions) is not permitted and may result in the token being blocked.

For school or commercial use we offer dedicated school licences. Contact us for a quote: info@skillgranum.com

Note on device use: We do not collect device IDs or hardware identifiers. You may use your token on any device, provided the use remains within the scope of personal, non-commercial use. We reserve the right to carry out a review if unusual usage patterns are detected (e.g. >100 worksheets/month on a €5.99 subscription).

6. Database & backend

Supabase (PostgreSQL hosting)

We use Supabase to store user feedback and token information.

Provider: Supabase, Inc.
Server location: Frankfurt, Germany (EU)
Privacy policy: https://supabase.com/privacy

Data stored:

Important: Your generated worksheets are NOT stored. PDF generation is exclusively on-demand and temporary.

Legal basis: Art. 6(1)(f) GDPR (technical provision of the service)
Data processing agreement: A data processing agreement has been concluded with Supabase.

7. Web analytics with Matomo (cookieless)

Scope of processing

We use Matomo to analyse user behaviour on our website. Matomo is privacy-friendly open-source software that runs on our own server.

Key features:

Data processed:

Legal basis

Art. 6(1)(f) GDPR (legitimate interest in analysing user behaviour to improve the website)

Retention period

Data is automatically deleted after 13 months.

Right to object (opt-out)

You can object to analysis by enabling "Do Not Track" in your browser. Matomo respects this signal automatically.

8. Email communication

Transactional emails

After a purchase you will receive an email containing your access token and purchase confirmation.

Data processed:

Legal basis: Art. 6(1)(b) GDPR (performance of a contract)
Retention period: 90 days after access expiry

Support requests

If you contact us by email, we store your message in order to handle your enquiry.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest)
Retention period: 12 months after the enquiry is closed

9. Feedback form

You can voluntarily submit feedback on our website.

Data processed:

Legal basis: Art. 6(1)(a) GDPR (consent by submitting the form)
Retention period: 12 months after processing

10. Your rights as a data subject

Right of access (Art. 15 GDPR)

You have the right to request information about the personal data we process about you.

Right to rectification (Art. 16 GDPR)

You have the right to request correction of inaccurate data.

Right to erasure (Art. 17 GDPR)

You have the right to have your data deleted, provided the legal requirements are met.

Right to restriction of processing (Art. 18 GDPR)

You can request that we restrict the processing of your data.

Right to data portability (Art. 20 GDPR)

You have the right to receive your data in a structured, machine-readable format.

Right to object (Art. 21 GDPR)

You can object to the processing of your data at any time where that processing is based on legitimate interest (Art. 6(1)(f) GDPR).

Right to lodge a complaint (Art. 77 GDPR)

You have the right to lodge a complaint with a data protection supervisory authority.

Contact for data protection enquiries

To exercise your rights, please contact:

Competent supervisory authority

Federal Commissioner for Data Protection and Freedom of Information (BfDI)
Graurheindorfer Str. 153
53117 Bonn
Germany
Phone: +49 (0)228 997799-0
Email: poststelle@bfdi.bund.de
Website: https://www.bfdi.bund.de

11. SSL/TLS encryption

For security reasons this website uses SSL/TLS encryption to protect confidential content. You can recognise an encrypted connection by "https://" in the address bar and the padlock symbol in your browser.

12. Deletion and retention periods

Automatic deletion periods

Data type Deletion period
Access tokens (email address) 90 days after expiry / cancellation
Feedback forms 12 months after processing
Support emails 12 months after closure
Server logs 7 days
Matomo analytics 13 months
Generated PDFs Immediately deleted after download

Deletion on request

You may request deletion of your data at any time. Contact: info@skillgranum.com
Deletion is carried out within 30 days.

13. SkillGranum iOS App

The following information applies additionally to use of the SkillGranum iOS App, available via the Apple App Store. The controller is the same as indicated in Section 2 above.

Purpose and user structure

The app is intended exclusively for parents or guardians, who create a parent account and set up child profiles for children aged 5 to 11. Children use the app exclusively through such a child profile. It is technically not possible for children to create an account independently.

Data processed in the parent account

The following data is processed when registering and using the parent account:

Legal basis: Art. 6(1)(b) GDPR (performance of a contract) for data necessary to manage the account; Art. 6(1)(a) GDPR (consent) for obtaining GDPR consent at registration.

Data processed in child profiles

Child profiles are created exclusively by the parent or guardian. Processing of child profile data is based solely on the explicit consent of the parent, obtained during account registration.

The following data is stored for each child profile:

Not collected: Device IDs, hardware identifiers, location data, biometric data, or full legal names of children. No behavioural tracking and no behavioural advertising takes place.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract – provision of the personalised learning experience) in conjunction with the explicit parental consent pursuant to Art. 8 GDPR.

No third-party analytics or advertising

The app contains neither third-party analytics services nor advertising of any kind. Aggregated usage statistics (e.g. number of app installations, crash reports) are collected exclusively through Apple's own App Analytics system, which transmits no personal data to SkillGranum and remains entirely within Apple's infrastructure. Learning progress data is stored exclusively in the Supabase infrastructure described in Section 6 and is used solely to provide the service.

In-app purchases and subscription management

Subscriptions concluded within the iOS app are processed exclusively through Apple's In-App Purchase system (StoreKit). SkillGranum does not receive any payment data (credit card numbers, bank details, etc.).

Payment processor: Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA
Apple Privacy Policy: https://www.apple.com/legal/privacy/

SkillGranum stores only the subscription status (active / free / cancelled) and a transaction ID provided by Apple, for the purpose of access control and proof of entitlement when switching devices or reinstalling the app.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract)

Subscription access is available exclusively through the password-protected parent section of the app. Child profiles have no technical access to purchase or account management functions.

Data storage and data processing agreement

All app data (parent accounts, child profiles, learning progress) is stored in the Supabase infrastructure described in Section 6 (server location: Frankfurt, Germany, EU). No personal data is transferred to countries outside the EU in the course of regular app use. The data processing agreement concluded with Supabase applies equally to app data.

Retention and deletion

Data type Deletion period
Parent account (email, password, settings) Immediately upon account deletion by the parent
Child profiles and learning progress data Immediately upon account deletion (automatic cascade deletion)
Subscription status and transaction ID Immediately upon account deletion

Account deletion, including all child profiles and learning progress data, can be requested at any time in the app settings (Parent Area → Account → Delete Account) or by email to info@skillgranum.com. Deletion is carried out within 30 days.

Parental control and consent

Consent to processing of child profile data is given exclusively by the parent or guardian during account registration. Children have no independent access to account, subscription, or privacy settings. All privacy- and purchase-related sections of the app are protected by a separate password to prevent access by children.

Apple App Store – Kids Category: The SkillGranum app is intended for listing in the Kids Category of the Apple App Store (age group 9–11) and has been designed from the ground up accordingly. It meets Apple's enhanced privacy requirements for children's apps: no third-party advertising, no third-party analytics, no access to external content without parental approval, no transfer of children's data to third parties.

14. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy to reflect changes in the legal framework or in our services.

Current version: July 2026