Data & Privacy

Privacy Policy

How Zeno and this website process and protect your personal data.

This Privacy Policy is divided into two parts: Part 1 covers data processing when you visit our website. Part 2 covers data processing when you use our mobile application 'Zeno'.

Part 1: Privacy Policy for the Website

1. Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally.

Data Collection on this Website

Data processing on this website is carried out by the website operator. You can find their contact details in the section "Notice on the Controller" in this Privacy Policy.

Some of your data is collected because you provide it to us (e.g. by subscribing to a newsletter). Other data is collected automatically or with your consent when you visit the website by our IT systems. This is primarily technical data (e.g. internet browser, operating system, or time of page visit). This data is collected automatically as soon as you enter this website.

2. General Information and Mandatory Disclosures

Notice on the Controller

The party responsible for data processing on this website is:

Systeme Digital GmbH

Wandlhamerstraße 34a

82166 Gräfelfing, Germany

Represented by: Jakob Thiele, Staffan Schilke

Phone: +49 89 416137404

E-Mail: info@systeme-digital.de

The controller is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

Retention Period

Unless a more specific retention period has been stated within this Privacy Policy, your personal data will remain with us until the purpose for data processing ceases to apply. If you assert a legitimate request for erasure or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for retaining your personal data (e.g. statutory retention periods under tax or commercial law).

Your Rights (Access, Erasure, Rectification)

Under the applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin and recipients, and the purpose of data processing, and, where applicable, the right to rectification or erasure of this data. You are welcome to contact us at any time with questions regarding personal data.

3. Data Collection on this Website (Hosting)

External Hosting via Vercel and Domain Management via Strato

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host's servers. This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access data, and other data generated via a website.

We use the following service provider for hosting: Vercel Inc., 440 N Barranca Ave \#4133, Covina, CA 91723, USA.

Our domain is additionally managed by the following provider, through which DNS queries (NS records) are also routed: STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany.

The use of Vercel and Strato serves the purpose of providing our online offering in a secure, fast, and efficient manner through professional providers (Art. 6(1)(f) GDPR).

Part 2: Privacy Policy for the Zeno App

Last updated: April 2026

Protecting your personal data is important to us. In this Privacy Policy, we — Systeme Digital GmbH (hereinafter "we" or "Provider") — inform you about how we collect and use data when you use the Zeno App.

1. Controller for Data Processing

The controller for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

Systeme Digital GmbH

Wandlhamerstraße 34a

82166 Gräfelfing, Germany

Represented by the Managing Directors: Staffan Schilke and Jakob Thiele

Registered in the Commercial Register of the Amtsgericht München under HRB 291589

E-Mail: team@zenostudy.app

2. Registration and Login System (Supabase)

The use of the App requires the creation of an account. For this purpose, we use the services of Supabase (Supabase Inc.).

  • Data collected: Email address. We use a passwordless login method (Magic Link / one-time code).
  • Purpose: Provision of the login system, management of your profile, storage of your learning progress, and compliance with child protection requirements.
  • Data processing: Your account data is stored on Supabase's servers. We have entered into a Data Processing Agreement (DPA) with Supabase to ensure that your data is processed only in accordance with our instructions and in compliance with the GDPR.
  • Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).

3. Child Protection and Consent for Minors

As the App is aimed at learners aged 7 and above, we comply with the specific requirements of Art. 8 GDPR.

For users who have not yet reached the age of 16, the explicit consent of a parent or legal guardian to data processing is mandatory. We ensure this through a corresponding confirmation (checkbox) during the registration process.

4. Use of AI Features (Google Cloud API)

The core features of the App (e.g. homework assistance, creation of summaries) are based on processing your inputs via a technical interface.

  • Input data: Texts, questions, documents, or photos/images that you actively enter into or upload to the App.
  • Processing: This data is transmitted to the Google Cloud API (Google Cloud Platform) in order to respond to your request.
  • Exclusion of AI training: We guarantee that your personal input data will not be used to train or improve Google's AI models. The data is used exclusively for the purpose of responding directly to your specific request.
  • Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).

5. Hosting and Data Storage

The entire infrastructure of the App (databases and server log files) is provided via cloud services from Supabase and the Google Cloud Platform. We ensure that server locations within the European Union are selected (preferably the Frankfurt/Germany region) in order to maintain a high level of data protection.

6. Usage Analytics (PostHog)

To improve our App and fix bugs, we use the analytics tool PostHog (PostHog Inc.). This is done exclusively based on your explicit consent (Art. 6(1)(a) GDPR) upon your first launch of the App. Anonymised data on App usage (e.g. buttons clicked, screens visited) is collected. We host PostHog on servers within the EU (PostHog EU Cloud) to minimise data transfers to third countries. You can withdraw your consent at any time in the App settings.

7. In-App Purchases

Paid subscriptions are processed via the payment systems of Apple (App Store) or Google (Play Store). We do not have access to your full payment details (credit card, bank account information); we only receive a confirmation of a successful purchase in order to unlock the relevant features. To manage subscriptions, we use the RevenueCat service (RevenueCat Inc.). For this purpose, an anonymised identifier and information about your subscription status (purchase receipt) are processed to provide you with the corresponding premium content within the App.

8. Your Rights

Within the scope of the applicable law, you have the following rights:

  • Access: You can find out what data we have stored about you.
  • Erasure: You can delete your account and your data at any time directly in the App settings, or request deletion from us.
  • Rectification: You can have inaccurate data corrected.
  • Withdrawal: You can withdraw any consent you have given at any time.

To exercise your rights, please contact us at the email address stated above. You also have the right to lodge a complaint with the competent supervisory authority (Bayerisches Landesamt für Datenschutzaufsicht – Bavarian State Office for Data Protection Supervision).

9. Security

We use modern encryption technologies (SSL/TLS) to protect your data during transmission between the App, Supabase, and the Google Cloud API against unauthorised access.