Privacy Policy

Last Updated

04/09/2025
  1. Privacy Information for the “Langdon” App
  1. Scope
  1. Controller
  1. Questions about Data Protection
  1. Third-Party Services
  1. Your Rights
  1. Security of Processing
  1. Downloading the Mobile App
  1. Access Data When Using the App
  1. Hosting
  1. Registration in the App and Creation of a User Account
  1. Google Sign-In
  1. Apple Sign-In
  1. Interaction with an Artifact
  1. Sharing the App
  1. Contacting Our Company
  1. Data Transfers to Switzerland / the EU
  1. Firebase Analytics
  1. Amendments to this Privacy Policy

1. Privacy Information for the “Langdon” App


This Privacy Policy explains how Langdon, Schönleinstraße 23, 10967 Berlin (hereinafter “Langdon”, “us” or “we”) processes your personal data in connection with the use of our app.

Compliance with statutory data-protection requirements is a matter of course for us. In addition, we feel obliged to protect and respect your privacy to the best of our ability. We therefore inform you below of the manner and scope in which we use and process personal data of our users. Please read this text carefully so that you understand our position and our handling of your personal data. For terms such as “personal data” or “processing”, the statutory definitions in Art. 4 GDPR apply.

2. Scope


This Privacy Policy applies to all functions of the “Langdon” app. It does not extend to any linked websites or apps of other providers.

3. Controller


The controller responsible for processing your personal data is Langdon.

4. Questions about Data Protection


If you have any questions about data protection, you can contact us at Langdon, Schönleinstraße 23 10967 Berlin, privacy@langdon.guide.

5. Third-Party Services

We may share your information with trusted third parties, such as payment processors or analytics providers, to enhance our services. These third parties are required to keep your data confidential.

6. Your Rights

You have the right to:

  • Right of access (Art. 15 GDPR) – you may request information about the personal data concerning you that we process.

  • Right to rectification (Art. 16 GDPR) – if information concerning you is (no longer) correct you may request rectification; if your data are incomplete you may request completion.

  • Right to erasure (Art. 17 GDPR) – you may request erasure of your personal data.

  • Right to restriction of processing (Art. 18 GDPR) – you may request restriction of processing of your personal data.

  • Right to object (Art. 21 (1) GDPR) – you have the right, on grounds relating to your particular situation, to object at any time to processing of your personal data that is based on Art. 6 (1) sentence 1 lit. e or lit. f GDPR; we will then no longer process the data unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

You also have the right, under Art. 21 (2) GDPR, to object at any time to processing of your personal data for direct-marketing purposes; this applies likewise to any profiling connected with such direct marketing.

  • Right to withdraw consent (Art. 7 (3) GDPR) – if you have given consent, you may withdraw it at any time.

  • Right to data portability (Art. 20 GDPR) – you have the right to receive the personal data you provided to us in a structured, commonly used, machine-readable format and to have those data transmitted to another controller, provided the conditions of Art. 20 (1) lit. a, b GDPR are met.


You can exercise your rights by contacting us using the details listed under “Controller”.

If you believe that the processing of your personal data infringes data-protection law, you also have the right to lodge a complaint with a supervisory authority of your choice (Art. 77 GDPR). The authority responsible for us is: Berlin Commissioner for Data Protection and Freedom of Information Further information on your rights can be found, for example, on the European Commission’s website: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_de.


7. Security of Processing


We have implemented comprehensive technical and organizational measures to protect your personal data against unauthorized access, misuse, loss and other external interference. We review these security measures regularly and adapt them to the state of the art.

8. Downloading the Mobile App


When you download the mobile app, the required information is transmitted to the app store you select (Google Play: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland; or Apple App Store: Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, USA), in particular user name, e-mail address, account number, time of download, payment information and the individual device ID. We have no influence on this data processing by Apple or Google and are not responsible for it. We process data only insofar as necessary for downloading the app to your mobile device. Apple and Google may also process your data in the USA. The EU Commission’s adequacy decision under the Trans-Atlantic Data Privacy Framework applies; both Apple and Google hold an active certification.


Further information, especially regarding storage periods, can be found at Apple (https://www.apple.com/legal/privacy/de-ww/) and Google (https://policies.google.com/privacy?hl=de&gl=de).



9. Access Data When Using the App


In the course of using the app we automatically process certain data necessary for its operation, particularly to enable Internet access. These include: IP address, date and time of the server request, time-zone difference to Greenwich Mean Time (GMT), content of the request (specific app function), access status, amount of data transferred, the app from which the request originates, device type, operating-system version and interface (Android or iOS), language and version of the operating system, device identifiers.

These data are automatically transmitted to us but are not stored, and are processed solely to provide the service and associated functions and to prevent and rectify misuse and malfunctions. Processing (e.g. of your IP address) is necessary for the duration of the session. Legal basis: Art. 6 (1) sentence 1 lit. f GDPR. Access data are not used to identify individual users and are not merged with other data sources. Data are stored only as long as required to achieve the purpose of processing; for provision of the app and Internet access, this is when you exit the app.

You may object to processing on grounds relating to your particular situation by contacting us as specified under “Controller”.

10. Hosting

We use external hosting services that provide: infrastructure and platform services, computing capacity, storage resources and database services, security and technical maintenance services. All data necessary for operating and using our mobile app are processed. Legal basis: Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest lies in efficient and secure provision of our app. Storage periods correspond to those indicated within the functionalities described.

You may object to processing on grounds relating to your particular situation by contacting us as specified under “Controller”.

11. Registration in the App and Creation of a User Account


You may use our app without registration by entering only a user name. To use the app in full you must register a user account with your e-mail address and a secure password.

Registration uses a double-opt-in process: after entering your e-mail address we send a message asking you to confirm registration by clicking a confirmation link. If confirmation is not received within 24 hours, we block the transmitted information and delete it automatically after one month. After successful registration, a user ID is assigned to manage the user profile. For evidence purposes, we also process your IP address and the date and time of registration.

Processing serves to initiate and perform the usage contract for the app. Legal basis: Art. 6 (1) sentence 1 lit. b GDPR. Provision of your data is required for contract conclusion; without registration the contract cannot be concluded/performed. Data are stored as long as necessary for processing or until statutory retention obligations (e.g. commercial and tax law) expire. For data collected during registration, this is when the user account is cancelled or changed in the app. If you remove the app from your device, we delete the data collected for app use.

12. Google Sign-In


You can register in our app using Google Sign-In. This allows you to log in with your Google account instead of creating a new one. Google transmits to us your name, e-mail address, profile picture and language settings; Google may in turn collect information about your user behavior within our app. Google LLC may process data in the USA; an adequacy decision exists and Google is certified under it. Legal basis: Art. 6 (1) lit. f GDPR – our legitimate interest is to simplify your use of the app. Google deletes all data at the latest when you delete your Google account (https://policies.google.com/technologies/retention?hl=de). Further details: https://policies.google.com/privacy?hl=de.

You may object as described under “Your Rights”.

13. Apple Sign-In


We integrate “Sign in with Apple” (Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA) so that you can log in with your Apple ID instead of creating a separate account. When you choose this option, Apple transmits to us only the data you authorize—normally your name, an app-specific Apple user identifier and an email address, which can be a randomly generated “Hide My Email” relay address—together with a secure authentication token.

Apple states that Sign in with Apple is designed for privacy: data collection is limited to those fields, the service does not track you across our app or others, and Apple uses minimal account- and device-information solely to prevent fraud. Processing by Apple may take place in the United States; Apple has self-certified under the EU–U.S. Data Privacy Framework, for which the European Commission has issued an adequacy decision, thereby ensuring an adequate level of protection for your data (Art. 45 GDPR).

Our legal basis for using Sign in with Apple is Art. 6 (1) lit. f GDPR—our legitimate interest in simplifying registration and enhancing user convenience without requiring another password. You can revoke our app’s access or change the relay address at any time in your Apple ID settings (Settings › [your name] › Sign in with Apple on iOS/macOS, or at account.apple.com); doing so stops further data sharing.

According to Apple’s “Sign in with Apple & Privacy” notice, authentication logs and any related personal data are retained only as long as needed to provide and secure the service or as required by law, and are deleted if you remove your Apple ID. You may object to this processing at any time as described under “Your Rights”; note that doing so will prevent you from signing in with your Apple ID. Finally, Apple requires developers who offer other third-party single-sign-on options also to provide Sign in with Apple, so including it helps us meet App Store guidelines while offering you the most privacy-forward choice.

14. Interaction with an Artifact

When you photograph an artifact you can interact with it in various ways. If you select FAQs, AI-generated answers (e.g. via large language models such as ChatGPT) are provided. None of your usage data are shared with the respective provider; no connection is made to third-party servers.

Legal basis: Art. 6 (1) sentence 1 lit. b GDPR. Providing your data (at least a user name) is required; without it scanning cannot start. Data are stored only as long as necessary for processing or statutory retention. If you remove the app from your device, we delete the data collected for app use.

15. Sharing the App

The app offers a share function so you can recommend it. This uses the device’s built-in share feature (iOS/Android) to send a link to our app in the Apple App Store or Google Play Store via, for example, a messenger or e-mail app of your choice. We do not process any user data in this context and are not responsible for processing by the third-party service. Please check the respective provider’s privacy information.

16. Contacting Our Company


If you contact us (e.g. by e-mail) we process the personal data you provide in order to answer your enquiry. Legal basis: Art. 6 (1) sentence 1 lit. f GDPR. Data are used solely for processing the conversation and deleted when no longer necessary, or processing is restricted to comply with legal retention duties. You may object as described under “Your Rights”.

17. Data Transfers to Switzerland / the EU


If users in Switzerland use the app, data transfers to EU member states – and vice versa to Switzerland – occur to provide the app. Transfers to Switzerland are based on the European Commission adequacy decision 2000/518/EC (Art. 45 GDPR). Transfers to the EU are based on the Swiss Federal Data Protection and Information Commissioner’s list of countries with adequate protection.

18. Firebase Analytics


We use Firebase Analytics (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland) to tailor our “Langdon” app to user interests. Google’s Firebase SDK accesses the user ID and device information such as the advertising ID (IDFA/GAID) to enable statistical analysis (e.g. average use, sessions per user, button clicks, number of wins/losses/draws, shared games, usage preferences). We can thereby understand behavior across devices, optimize functionality, detect programming errors and prevent fraud. For fraud prevention and analysis Google processes device info (advertising ID, IP address) and supplies us with anonymous statistics.

Legal basis: Art. 6 (1) sentence 1 lit. f GDPR – our legitimate interests are to store user preferences concerning SDK use and evaluate usage data. You may object as described under “Your Rights”. Google may process data in the USA; an adequacy decision exists and Google is certified under the Trans-Atlantic Data Privacy Framework. Details: https://policies.google.com/privacy.

19. Amendments to this Privacy Policy


We keep this Privacy Policy up to date and therefore reserve the right to amend it with effect for the future, particularly in the event of further development of the app, use of new technologies, or changes in the legal basis or case-law.


Last amended: 14 July 2025.