Privacy Policy

Last updated: March 25, 2026

This Privacy Policy explains how Gabriel Marchesan Almeida, Freiberufler (“we”, “us”, or “our”) collects, uses, stores, and protects your personal data when you use the Philo mobile application (“the App”) and our website at philoq.app (together, “the Service”). This policy is designed to comply with Regulation (EU) 2016/679 (General Data Protection Regulation — GDPR/DSGVO) and applicable German data protection law.

1. Data Controller

The controller responsible for the processing of your personal data pursuant to Art. 4(7) GDPR is:

  • Gabriel Marchesan Almeida, Freiberufler
  • Wiener Str. 37, 76344 Eggenstein-Leopoldshafen, Germany
  • Email: contact@philoq.app

2. Data We Collect

a) Account Data

When you create an account, we collect your email address, display name, and authentication method (email/password, Google Sign-In, or Apple Sign-In). This data is processed by Firebase Authentication.

b) Usage Data

We collect information about how you interact with the App, including:

  • Quotes viewed, favourited, and shared
  • Screens visited and navigation patterns
  • Session count (number of times the App is opened)
  • Session duration (time spent in each session)
  • Total time spent in the App
  • Number of saved favourite quotes
  • Number of quotes shared

This data helps us understand how the App is used and improve the experience.

c) Device Data

We collect the following technical information about your device each session:

  • Operating system platform (iOS or Android)
  • App version number
  • Device language / locale setting

This data is updated (overwritten) each session rather than historically retained, and is used solely to understand platform usage and diagnose compatibility issues.

d) Location Data

If you enable location-based features, we collect GPS coordinates via the device's location services. Location data is collected only with your explicit consent and only while the feature is in use. You can revoke location permission at any time through your device settings.

e) Payment Data

If you subscribe to Philo Premium, payment transactions are handled entirely by RevenueCat, Apple (App Store), or Google (Play Store). We do not receive or store your credit card number or payment details. We only store your subscription status (premium or free) and subscription period.

f) Preference Data

We store your in-app preferences, including language, theme, notification schedules, and favorite quotes. This data is synced between your device and our cloud service to provide a consistent experience across devices.

3. How We Use Your Data

We process your personal data only when we have a valid legal basis under Art. 6 GDPR. The following table describes each processing activity and its legal basis:

  • Provide the Service (account management, delivering quotes, syncing data across devices) — Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
  • Process payments (managing subscriptions via RevenueCat/App Store/Play Store) — Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
  • Send notification reminders (daily quote notifications as configured by you) — Legal basis: Art. 6(1)(b) GDPR (performance of a contract — user-configured feature).
  • Analytics and improvement (understanding usage patterns to improve the App) — Legal basis: Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest is to maintain and improve the quality of the Service. You may object to this processing at any time (see Section 8).
  • Location-based features (providing content or features based on your location) — Legal basis: Art. 6(1)(a) GDPR (consent). You can withdraw consent at any time by disabling location services in your device settings.
  • Marketing communications — Legal basis: Art. 6(1)(a) GDPR (consent). We do not currently send marketing communications. If we do in the future, we will obtain your explicit consent first.

4. Analytics — First-Party Only

Philo uses first-party analytics only — all usage data described in Section 2 is stored directly in our own Firebase Cloud Firestore database. We do not use any third-party analytics platforms (such as Google Analytics, Mixpanel, or Amplitude), and we do not use advertising identifiers (IDFA on iOS or GAID on Android).

The analytics data we collect is used exclusively for:

  • Understanding how users interact with the App to prioritise improvements
  • Monitoring service health (session lengths, crash patterns)
  • Measuring the impact of new features

Daily aggregated statistics (active users, sessions, shares, upgrades) are anonymised after 90 days. Per-user analytics data (session count, total duration, favourite count) is retained while your account is active and deleted upon account deletion.

The legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interest). You have the right to object to this processing at any time by contacting us at contact@philoq.app.

5. Third-Party Service Providers

We use the following third-party service providers (processors) to operate the Service. Each provider processes data on our behalf and is contractually obligated to protect your data:

  • Firebase Authentication (Google LLC) — User authentication and account management. Privacy Policy
  • Cloud Firestore (Google LLC) — Cloud data storage and synchronization of user preferences, favorites, and account data. Privacy Policy
  • Firebase App Check (Google LLC) — Security and fraud prevention to protect the integrity of the Service. Privacy Policy
  • RevenueCat (RevenueCat Inc.) — Subscription management, in-app purchase validation, and subscription status tracking. Privacy Policy
  • Vercel Inc. — Hosting of our website (philoq.app). Privacy Policy
  • Apple Inc. (App Store) — iOS app distribution and payment processing. Privacy Policy
  • Google LLC (Play Store) — Android app distribution and payment processing. Privacy Policy

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), specifically the United States, by the following providers: Google LLC (Firebase, Play Store), RevenueCat Inc., and Vercel Inc.

These transfers are safeguarded by:

  • The EU-US Data Privacy Framework adequacy decision by the European Commission (July 10, 2023). Google LLC and RevenueCat Inc. are certified participants in the Data Privacy Framework.
  • Standard Contractual Clauses (SCCs) adopted by the European Commission, which provide additional contractual safeguards for the protection of your data.

7. Data Retention

We retain your data for the following specific periods:

  • Account data: Retained while your account is active. Deleted within 30 days of account deletion.
  • Usage and analytics data: Aggregated after 90 days, fully deleted after 12 months.
  • Payment records: Retained for 10 years as required by German tax law (Abgabenordnung §147).
  • Notification preferences: Deleted immediately upon account deletion.
  • Device data: Overwritten each session; not historically retained.

8. Your Rights Under the GDPR

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR) — You have the right to request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16 GDPR) — You have the right to request correction of inaccurate personal data.
  • Right to erasure (Art. 17 GDPR) — You have the right to request deletion of your personal data (“right to be forgotten”).
  • Right to restriction of processing (Art. 18 GDPR) — You have the right to request that we restrict the processing of your data under certain circumstances.
  • Right to data portability (Art. 20 GDPR) — You have the right to receive your data in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21 GDPR) — You have the right to object to the processing of your data based on legitimate interest (Art. 6(1)(f)) at any time.
  • Right to withdraw consent (Art. 7(3) GDPR) — Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before the withdrawal.
  • Right to lodge a complaint (Art. 77 GDPR) — You have the right to lodge a complaint with a supervisory authority if you believe your data has been processed unlawfully.

How to exercise your rights: Send an email to contact@philoq.app. We will respond within 30 days as required by the GDPR.

Supervisory authority: Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg — www.baden-wuerttemberg.datenschutz.de

9. Cookies

The Philo mobile app does not use cookies. Our website (philoq.app) may use essential cookies required for the website to function properly. For detailed information, please see our Cookie Policy.

10. Children's Privacy

Our Service is not directed at anyone under the age of 16, in accordance with Art. 8 GDPR as implemented under German law (§8 TTDSG). We do not knowingly collect personal data from anyone under 16 years of age. If we become aware that a child under 16 has provided us with personal data, we will take immediate steps to delete that data. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at contact@philoq.app.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you through the App or by email before the changes take effect. The “Last updated” date at the top of this page indicates when this policy was last revised. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

12. Contact

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

  • Gabriel Marchesan Almeida, Freiberufler
  • Wiener Str. 37, 76344 Eggenstein-Leopoldshafen, Germany
  • Email: contact@philoq.app