Privacy Policy for “Creature”
‍Effective date: 24.08.25
‍
This Privacy Policy explains how the mobile application “Creature” (“App”, “we”, “our”, or “us”) collects, uses, and protects your information when you use the app.
By downloading or using the App, you agree to the practices described in this
Privacy Policy.
‍
1. Data Controller
The data controller responsible for the processing of personal data is:
Echomatic
Wörthstraße 7
69115 Heidelberg
info@echomatic.de

2. Information We Collect
We collect and process the following categories of data:Account Information: When you register or log in, we use Firebase Authentication. Depending on your chosen method (email/password, Google Sign-In, etc.), we may collect your email address, name, and authentication tokens.Usage Data: Information related to how you use the App (such as in-app actions, created content, preferences, and interactions). This data may be stored in Firebase Realtime Database or Firestore.Technical Data: We may automatically collect technical information such as device model, operating system version, IP address, and crash logs to ensure app stability and improve performance.Server-Side Processing: Certain features rely on Firebase Cloud Functions, which process user data to enable app functionality (e.g., automated actions, validations, or background processes).We do not knowingly collect personal information from children under 13 years of age (or under 16 in the EU).

3. How We Use Your Information
We use the collected data for the following purposes:To provide core app functionality (authentication, content storage, synchronization).To operate and improve the App’s features and services.To ensure the security and stability of the App.To comply with legal obligations.We do not sell your personal information.

4. Legal Basis for Processing
We process your personal data under the following legal bases (GDPR):Art. 6 (1) lit. b GDPR – Performance of a contract (provision of the App and its functions).Art. 6 (1) lit. f GDPR – Legitimate interest (ensuring secure and efficient service).Art. 6 (1) lit. c GDPR – Compliance with legal obligations.

5. Data Sharing and Transfers
Your personal data may be shared with:Google Firebase (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), as our backend provider. Firebase may process data on servers located within the EU or in the United States. In cases of transfer outside the EU/EEA, appropriate safeguards such as Standard Contractual Clauses (SCCs) are applied.We do not share your data with third parties beyond what is necessary to provide the App, unless required by law.

6. Data Retention
Account data is retained as long as your account is active.You may request deletion of your account at any time, which will remove your personal data from Firebase.Technical and log data may be stored temporarily for security, troubleshooting, and app improvement.

7. Data Security
We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, misuse, or alteration. However, please note that no method of transmission over the Internet is 100% secure.

8. Your Rights (GDPR)
As a user located in the European Union, you have the following rights:Right to access your data (Art. 15 GDPR).Right to rectify inaccurate data (Art. 16 GDPR).Right to erasure (“right to be forgotten”) (Art. 17 GDPR).Right to restrict processing (Art. 18 GDPR).Right to data portability (Art. 20 GDPR).Right to object to processing (Art. 21 GDPR).To exercise your rights, please contact us at [your email address].

9. California Privacy Rights (CCPA)
If you are a California resident, you have the right to request:Disclosure of the categories and specific pieces of personal information collected.Deletion of your personal information.Opt-out of the sale of personal information (note: we do not sell your data).You may exercise your rights by contacting us at [your email address].

10. Children’s Privacy
The App is not directed at children under 13 years of age (or under 16 in the EU). We do not knowingly collect personal information from children. If you believe that a child has provided personal data to us, please contact us, and we will delete such information promptly.

11. Third-Party Services
Our App uses third-party services that may collect information used to identify you. These include:Google Firebase (Authentication, Realtime Database/Firestore, Cloud Functions, Analytics, Crashlytics).You can find more about Firebase’s data practices here:
https://firebase.google.com/support/privacy

‍12. Changes to This Privacy PolicyWe may update this Privacy Policy from time to time. Any changes will be published within the App and/or on our website. Continued use of the App after changes constitute your acceptance of the updated Privacy Policy.

13. Contact
If you have any questions about this Privacy Policy or wish to exercise your privacy rights, you can contact us at:
‍Echomatic
Wörthstraße 7
69115 Heidelberg