Privacy Policy

Last updated: 11 June 2026

This Privacy Policy explains what personal data zahlhaus.com ("Zahlhaus", "we", "us") collects when you use the Zahlhaus website and listening-practice app, why we collect it, who we share it with, and the rights you have. Zahlhaus is a listening-practice service for German numbers.

Who we are

The service is operated under the name zahlhaus.com. We are the data controller for the personal data described below. You can reach us through the in-app contact form at app.zahlhaus.com (Help / Contact). Where this policy refers to GDPR, it applies to users in the European Economic Area and the United Kingdom.

What we collect, why, and the legal basis

We keep data collection minimal and tied to running the product. The table below maps each category to the system that holds it and the reason we process it.

Account and authentication

Authentication is handled by Google Firebase Authentication. When you create an account or sign in, we process your email address, your display name, and, if you choose Google Sign-In, the basic Google profile fields Google returns (name, email, and profile photo URL). We use this to identify your account, secure sign-in, and send the sign-in links you request. Legal basis: performance of a contract (providing the service you asked for).

Practice and product data

Your in-app activity is stored in Google Cloud Firestore under your account. This includes your practice progress, the mistakes you make (so you can review and retry them), your statistics (streak, accuracy, history), your tier (free or paid), activity timestamps (when your account was created and when you were last active), and any survey or feedback responses you submit inside the app. We use this to run the product, save your progress across visits, and improve the service. Legal basis: performance of a contract; our legitimate interest in improving the product.

Payments

Payments are processed by Stripe. When you buy a pass, Stripe handles your payment details and we store a Stripe customer identifier and the record of what you purchased so we can grant access and provide support. We do not see or store your full card number; card data is handled entirely by Stripe. See Stripe's Privacy Policy for how Stripe processes payment data. Legal basis: performance of a contract.

Advertising measurement (Meta / Facebook Pixel and Conversions API)

We use the Meta (Facebook) Pixel and Meta's server-side Conversions API to measure the performance of our advertising. We want to be specific about what this sends to Meta, because some of it is personal data:

Your IP address is personal data under the GDPR, and it (together with the user-agent) is transferred to Meta, a US-based processor. We are disclosing this plainly rather than hiding it behind a generic "conversion events" line. To be honest about the current state: these tracking calls fire today without a separate cookie or consent banner. We are working on a consent mechanism for tracking, and until it ships you should treat the advertising measurement above as active whenever you use the site or app. Where consent is the basis for this processing, you can object as described under "Your rights" below. Legal basis: consent and our legitimate interest in measuring and improving advertising.

Usage analytics (Google Analytics 4)

We use Google Analytics 4 with two separate data streams: one for the marketing website and one for the app. This helps us understand how pages and features are used so we can improve them. Analytics events are not fired for automated testing traffic. Legal basis: consent and our legitimate interest in understanding usage.

Email

We send transactional email (such as the welcome message and the one-time sign-in links you request) using Zoho Mail's SMTP service. This is send-only service mail tied to actions you take. Legal basis: performance of a contract.

Separately, if you opt in on the sign-in screen, we will send you German number tips and occasional Zahlhaus offers (marketing email). This is opt-in only and you can withdraw your consent at any time. There is currently no marketing email being sent and no automated unsubscribe link yet; to opt out, reply to any marketing message we send, or contact us through the in-app contact form, and we will remove you. Legal basis: consent.

Contact form

When you submit the in-app contact form, the free-text message you write and, if you provide one, the email address for a reply are stored in Firestore and an internal notification is emailed to our support address so we can respond. We use this only to handle your request. Legal basis: our legitimate interest in answering you (and performance of a contract where your request relates to the service).

Local device storage

The app uses your browser's local storage for a small amount of state on your own device: a counter of how many free guest practice rounds you have used, and the email address you entered when requesting a sign-in link (so the link can complete on the same device). This data stays on your device and is not a server-side profile of you.

Sharing and processors

We do not sell your personal data. We share data only with the service providers ("processors") that make the product work, namely Google (Firebase Authentication, Cloud Firestore, Google Analytics, hosting), Stripe (payments), Meta (advertising measurement), and Zoho (email delivery). Each processes data on our behalf under their own terms and security measures.

International transfers

Zahlhaus is operated from Australia and runs on cloud infrastructure located in the United States and other regions. If you are in the EEA or the UK, your personal data is therefore transferred outside your home country. Where such transfers occur, they rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and equivalent UK transfer mechanisms, as provided by the processors listed above.

Retention

We keep your account and practice data for as long as your account is active. If you delete your account, we delete the associated account data (and request deletion of related records from our processors where applicable). Some data may be retained longer where we are required to keep it for legal, accounting, or fraud-prevention reasons (for example, payment records held by Stripe).

Your rights

If the GDPR or UK GDPR applies to you, you have the right to access the personal data we hold about you, to have it corrected, to have it erased, to restrict or object to certain processing (including direct marketing and the advertising measurement described above), and to data portability. Where we rely on consent, you can withdraw it at any time without affecting processing already carried out. To exercise any of these rights, contact us through the in-app contact form. You also have the right to lodge a complaint with your local data protection authority.

Children

Zahlhaus is not directed at children and is intended for use by adults learning German. We do not knowingly collect personal data from children.

Changes to this policy

We may update this Privacy Policy as the product and our processing change. When we do, we will update the "Last updated" date above. Material changes will be communicated through the service where appropriate.

See also our Terms of Service.