Mobile App Privacy Policy

Last Updated: January 14, 2025

Data Controller

The data controller responsible for your personal data under Article 4(7) GDPR is:

BitAutor UG (haftungsbeschränkt)
Vahrenwalder Str. 315A, 30179 Hannover, Germany
Represented by: André Schild
Email: admin [at] best-ai-tools [dot] org
Tel.: +49 157 55331915

Data Protection Officer Contact

For data protection inquiries, please contact:
Email: admin [at] best-ai-tools [dot] org

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. The competent authority for us is:

Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5, 30159 Hannover, Germany
Website: https://lfd.niedersachsen.de

Privacy Policy

BitAutor UG (haftungsbeschränkt) ("we," "us," or "our") operates the Best AI Tools mobile application (the "App"). This Privacy Policy informs you of our policies regarding the collection, use, disclosure, and protection of personal data when you use our App and the choices you have associated with that data.

We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the Digital Services Act (DSA), and app store requirements.

1. Information We Collect

1.1 Information You Provide Directly

When you use certain features of the App, you may voluntarily provide:

• Account Information: Email address, name, username (if you create an account)
• Tool Submissions: Information about AI tools you submit to our directory
• Communications: Messages you send to us via in-app contact forms or email
• Profile Data: Optional profile information you choose to provide

Legal Basis (GDPR Art. 6(1)): (a) Consent, (b) Contract performance

1.2 Information Collected Automatically

When you use the App, we automatically collect:

• Device Information: Device type, operating system version, unique device identifiers (device ID), mobile network information
• App Usage Data: Features used, screens viewed, time spent in the App, app version, crash reports, performance diagnostics
• Technical Data: IP address (anonymized), app errors, system activity, hardware settings

Legal Basis (GDPR Art. 6(1)): (f) Legitimate interest (app security, performance, and improvement)

1.3 Analytics & Tracking

Only with your explicit consent, we collect anonymized analytics data via:

• Firebase Analytics (Google LLC): Anonymous usage statistics, session duration, feature engagement
• Firebase Crashlytics (Google LLC): Crash reports and diagnostic data to identify and fix bugs

You can withdraw consent at any time in the App settings or device settings.

Legal Basis (GDPR Art. 6(1)): (a) Consent

1.4 Information We Do NOT Collect

We explicitly do NOT collect:

• Precise geolocation data
• Camera or photo library access
• Microphone or audio recordings
• Contact lists or address books
• Health or fitness data
• Financial or payment information (unless you make a purchase, handled by secure third-party processors)
• Biometric data

2. How We Use Your Information

We use the collected information for the following purposes:

• Provide and Maintain the App: To operate the App, authenticate users, and provide requested features
• Improve the App: To analyze usage patterns, fix bugs, and enhance user experience
• Security: To detect, prevent, and address technical issues, fraud, and security threats
• Communications: To respond to your inquiries and send important service announcements
• Notifications: To send push notifications (only if you opt-in)
• Legal Compliance: To comply with legal obligations and enforce our Terms of Service

We do NOT use your data for:

• Targeted advertising or ad tracking
• Selling or renting your personal data to third parties
• Profiling or automated decision-making with legal effects

3. Data Sharing & Third-Party Services

3.1 Service Providers

We share data with trusted third-party service providers who process data on our behalf:

• Google Firebase (Google LLC): Analytics, crash reporting, authentication, cloud storage
  • Privacy Policy: https://firebase.google.com/support/privacy
  • Data Processing: EU Standard Contractual Clauses (SCCs)
• Hosting Providers: For app backend and data storage (within EU or under SCCs)

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.2 App Store Providers

When you download the App from Apple App Store or Google Play, those platforms may collect data according to their own privacy policies:

• Apple: https://www.apple.com/legal/privacy/
• Google: https://policies.google.com/privacy

3.3 Legal Requirements

We may disclose your data if required by law, court order, or governmental request, or to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Respond to valid legal process

3.4 Business Transfers

If we are involved in a merger, acquisition, or asset sale, your data may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

3.5 No Data Sales

We do NOT sell, rent, or trade your personal data to third parties for marketing purposes.

4. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our service providers (e.g., Google Firebase) operate.

We ensure adequate protection through:

• EU Standard Contractual Clauses (SCCs): Approved by the European Commission
• Adequacy Decisions: For countries recognized by the EU as providing adequate protection
• Service Provider Certifications: Google is certified under recognized data protection frameworks

You can request a copy of the safeguards we have in place by contacting admin [at] best-ai-tools [dot] org.

5. Data Retention

We retain your data only as long as necessary for the purposes outlined in this Privacy Policy:

• Account Data: While your account is active, plus 30 days after deletion request
• Analytics Data: Up to 24 months (anonymized)
• Crash Logs: Up to 90 days
• Legal Compliance Data: As required by law (e.g., 6-10 years for tax records)
• Marketing Consent: Until you withdraw consent

After the retention period, we will securely delete or anonymize your data.

6. Your Data Protection Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights under GDPR:

6.1 Right of Access (Art. 15 GDPR)

You have the right to request a copy of the personal data we hold about you.

6.2 Right to Rectification (Art. 16 GDPR)

You have the right to correct inaccurate or incomplete personal data.

6.3 Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)

You have the right to request deletion of your personal data when:

• The data is no longer necessary for the purposes for which it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

How to Request Deletion: Send an email to admin [at] best-ai-tools [dot] org with subject "Data Deletion Request – App" and include your account email or device ID. We will confirm deletion within 30 days.

6.4 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request that we limit the processing of your data in certain circumstances.

6.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller.

6.6 Right to Object (Art. 21 GDPR)

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

6.7 Right to Withdraw Consent (Art. 7(3) GDPR)

Where processing is based on consent, you have the right to withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

How to Withdraw Consent:

• Analytics: Disable in App Settings → Privacy → Analytics

6.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the supervisory authority listed at the top of this policy.

How to Exercise Your Rights

To exercise any of these rights, contact us at admin [at] best-ai-tools [dot] org. We will respond within 30 days (or 60 days for complex requests, with notification). We may ask you to verify your identity before processing your request.

7. Children's Privacy

The App is not directed to children under the age of 13 (or 16 in the European Economic Area).

We do not knowingly collect personal data from children under these ages. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at admin [at] best-ai-tools [dot] org. We will promptly delete such data from our systems.

If you are under 18, you confirm that you have obtained parental or guardian consent to use the App.

8. Data Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction, including:

• Encryption: Data in transit is encrypted using TLS/SSL
• Access Controls: Restricted access to personal data on a need-to-know basis
• Secure Storage: Data at rest is stored on secure servers with encryption
• Regular Audits: Security assessments and vulnerability testing
• Incident Response: Procedures to detect and respond to data breaches

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Data Breach Notification

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will:

• Notify the competent supervisory authority within 72 hours of becoming aware of the breach (GDPR Art. 33)
• Notify affected users without undue delay if the breach poses a high risk (GDPR Art. 34)
• Provide information about the nature of the breach, likely consequences, and measures taken

10. App Permissions & Device Access

The App requests the following device permissions:

You can manage permissions at any time in your device settings. Disabling required permissions may limit app functionality.

11. Third-Party Links & Content

The App contains links to third-party AI tools and websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to read the privacy policies of any third-party sites you visit.

Important: Adult content and NSFW AI tools are not displayed in the mobile application.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify you of any material changes by:

• Posting a notice in the App
• Updating the "Last Updated" date at the top of this policy
• Sending an email to your registered email address (if applicable)

We encourage you to review this Privacy Policy periodically. Your continued use of the App after changes are posted constitutes your acceptance of the updated policy.

13. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: What personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale or sharing of personal information (Note: We do NOT sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact admin [at] best-ai-tools [dot] org.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: admin [at] best-ai-tools [dot] org
• Data Protection Officer: admin [at] best-ai-tools [dot] org
• Postal Address: Vahrenwalder Str. 315A, 30179 Hannover, Germany
• Phone: +49 157 55331915

We will respond to your inquiry within 30 days.