Privacy Policy - App

Privacy Policy - App

Privacy Policy - App

Effective Date: June 2025



Data Controller:

Max Mader, Austria

Contact: contact@sayitfastapp.com



§1 General Principles

This Privacy Policy outlines the nature, scope, and legal basis of the collection, processing, and storage of personal data in connection with the use of the mobile application “SayItFast” (“Application”) and its associated services. The processing is carried out in accordance with the General Data Protection Regulation (GDPR) and applicable Austrian data protection legislation.



§2 Data Controller

The party responsible for data processing in accordance with Article 4(7) GDPR is:


Max Mader

Email: contact@sayitfastapp.com

Website: www.sayitfastapp.com

Registered in: Austria



§3 Categories of Data Processed

The following categories of data may be collected, stored, and processed:


• Identification data (e.g., email address, username)

• Language selection and proficiency level

• Learning history and swipe-based activity

• AI chat input and system-generated responses

• Device metadata (e.g., operating system, model, app version)

• IP address and diagnostic usage data



§4 Purpose and Legal Basis of Processing

(1) Data is processed for the purpose of providing, maintaining, and improving the Application and its features, including personalized learning plans and AI-powered interactions.

(2) Processing is based on the following legal grounds:


• Art. 6(1)(b) GDPR – performance of a contract (e.g., account creation, content delivery)

• Art. 6(1)(a) GDPR – consent (where explicitly obtained, e.g., analytics or marketing features)

• Art. 6(1)(f) GDPR – legitimate interest (e.g., technical diagnostics, abuse prevention)



§5 Third-Party Services and International Data Transfers

(1) SayItFast utilizes external services, including but not limited to:


• Google Firebase (Authentication, Firestore, Analytics, Crashlytics)

• Google Cloud Vertex AI (for language generation and chat-based interactions)


(2) Data may be transmitted to and processed on servers located in jurisdictions outside the European Union, notably the United States. These transfers occur under the standard contractual clauses (SCCs) approved by the European Commission to ensure adequate protection of personal data.



§6 Storage Duration

Personal data is retained only as long as necessary for the fulfillment of the aforementioned purposes, or until a legitimate deletion request is received. Inactive user accounts may be deleted or anonymized after a defined period of inactivity, unless statutory retention obligations apply.



§7 AI Content and User Input

The AI-powered chat component operates using probabilistic language models. User input and associated AI responses may be stored for the purpose of performance optimization and error mitigation. While internal safeguards exist to limit undesired outputs, semantic accuracy cannot be universally guaranteed.



§8 Data Subject Rights

In accordance with Chapter III of the GDPR, users are entitled to the following rights:


• Right of access (Art. 15)

• Right to rectification (Art. 16)

• Right to erasure (“right to be forgotten”, Art. 17)

• Right to restriction of processing (Art. 18) • Right to data portability (Art. 20)

• Right to object (Art. 21)

• Right to withdraw consent at any time (Art. 7(3))


To exercise any of these rights, please contact us at contact@sayitfastapp.com.



§9 Account Deletion and User Requests

Users may request deletion of their account or export of their personal data at any time by contacting the data controller directly via email. Automated self-deletion within the app interface is currently not available.



§10 Security Measures


We implement appropriate technical and organizational measures pursuant to Article 32 GDPR to ensure a level of security appropriate to the risk, including encryption, access control, and regular audits of data handling processes.



§11 Changes to this Policy

The Operator reserves the right to modify this Privacy Policy in accordance with evolving legal, technical, or organizational requirements. The latest version is always accessible within the Application and on the official website.



§12 Supervisory Authority

Should you believe that your data is being processed unlawfully, you may lodge a complaint with the competent supervisory authority:


Austrian Data Protection Authority (Datenschutzbehörde)

Barichgasse 40–42,

1030 Vienna

Website: www.dsb.gv.at