Privacy Policy

Effective date: 2026-05-28 · Last updated: 2026-05-28

This Privacy Policy explains how we handle information when you use the LLLock mobile app (the "App"). We have written it for users in the European Union (GDPR) and the United States (including California, CCPA/CPRA).

1. Who we are

The provider of the App and the data controller (Art. 4 No. 7 GDPR) is:

Andre Beimler
Sonnenweg 37
38518 Gifhorn
Germany

Contact for any privacy questions, data-subject requests, or complaints: lllockapp@gmail.com

2. Short summary

We do not require an account.
We do not collect your name, email, phone number, or contact list.
Almost all data the App generates (vocabulary cards, settings, statistics) stays on your device only.
We use Google Play Billing (via the Adapty SDK) to handle subscriptions. Google and Adapty receive the data necessary to process the purchase.
If you use the AI-flashcard feature, the text you enter is sent directly to OpenAI so cards can be generated for you.
We do not sell your personal data. We do not show ads.

3. What we collect and why

3.1 Data stored locally on your device

The following stays on your device and is never sent to us unless you actively use a sync feature (none exists today):

Your vocabulary cards, decks, and progress
Quiz statistics, streaks, and achievements
App settings (dark mode, language, vibrations, etc.)
The list of apps you have chosen to block

If you uninstall the App, this data is removed by Android.

3.2 Permissions the App requests

To deliver the core feature — blocking distracting apps — Android requires the App to request several sensitive permissions. We use them strictly for the purpose stated below and for nothing else:

Permission	What it is used for
Usage Access (`PACKAGE_USAGE_STATS`)	Detect which app is currently in the foreground so we can intercept blocked apps.
Accessibility Service	Detect the moment a blocked app opens, so the quiz screen appears instantly. We do not read passwords, form fields, or screen content.
Display over other apps (`SYSTEM_ALERT_WINDOW`)	Show a black shield over the blocked app while the quiz is launching, so you do not see the blocked content.
Foreground Service	Keep the monitor running while the App is in the background.
Notifications (`POST_NOTIFICATIONS`)	Show a persistent system notification indicating the shield is active.
Query all packages (`QUERY_ALL_PACKAGES`)	Show you the list of apps installed on your phone, so you can choose which ones to block. We read only the package name, app label, and launcher icon.

The data read via these permissions is processed on your device and is not transmitted to us or to any third party.

3.3 Data processed when you subscribe

Subscriptions are handled by Google Play Billing. To activate your subscription and check premium status across reinstalls, we use Adapty (Adapty.io Inc.) as a billing-management layer. The following data is processed in that flow:

Anonymous user/device identifier generated by Adapty
Google Play purchase token, product ID, and subscription state
Country, language, IP address (received automatically when the SDK contacts the server), device model, OS version, App version

Legal basis (GDPR): performance of the subscription contract you enter into (Art. 6 (1) (b)).
For US users: this processing is necessary to provide the service you purchased.

3.4 Data processed when you use AI flashcards

If you use the AI-card or photo-to-card feature, the text or image you submit is sent directly to OpenAI (OpenAI, L.L.C., 1960 Bryant Street, San Francisco, CA 94110, USA) only for the duration of the request needed to generate the cards. We do not operate our own backend for this feature and do not store these requests ourselves. Processing and retention at OpenAI are governed by their privacy policy: openai.com/policies/privacy-policy.

Legal basis (GDPR): performance of the contract / your active request (Art. 6 (1) (b)).

3.5 Crash and diagnostic data

We do not currently operate our own analytics or crash-reporting SDK. Google Play itself collects crash data from devices on which Google Play Services are installed; this is governed by Google's privacy policy.

4. Recipients of your data

We share data only with the providers strictly needed to operate the App:

Google LLC / Google Play Billing — to process your subscription
Adapty.io Inc. — to manage subscriptions and entitlements
OpenAI, L.L.C. (USA) — to process AI-flashcard requests when you use the AI feature
Cloudflare, Inc. — delivery of static assets (videos, website) and the lllock.app domain
Authorities — if we are legally required to disclose data

We do not sell or rent personal data. We do not share data for cross-context behavioral advertising.

5. International transfers

Adapty and OpenAI servers may be located in the US. Where personal data is transferred outside the EEA/UK, we rely on the EU Standard Contractual Clauses or equivalent safeguards.

6. Retention

Data on your device: kept until you delete the App or clear its storage.
Subscription data at Adapty: kept for the duration of your subscription plus the period required by tax and accounting laws.
AI requests at OpenAI: retained according to OpenAI's privacy policy; we do not store these requests ourselves.

7. Your rights

7.1 Users in the EU / UK (GDPR / UK GDPR)

You have the right to:

Access (Art. 15) — request a copy of the personal data we hold about you
Rectification (Art. 16) — correct inaccurate data
Erasure (Art. 17) — have your data deleted
Restriction (Art. 18)
Data portability (Art. 20)
Object (Art. 21)
Withdraw consent at any time, where processing is based on consent
Lodge a complaint with a supervisory authority. In Germany, the competent authority is the data protection authority of the federal state in which you reside.

Because we do not require an account, we will need additional information (e.g. your Google Play order ID) to identify your data when you exercise these rights.

7.2 Users in California (CCPA / CPRA)

California residents have the right to:

Know what categories of personal information we collect and the purposes of processing
Access the specific pieces of personal information we hold
Delete personal information we have collected
Correct inaccurate personal information
Opt out of sale or sharing — we do not sell or share personal information as defined by the CCPA, so no opt-out is required, but you may still submit a request
Limit the use of sensitive personal information — we do not collect sensitive personal information beyond what is necessary to provide the service
Non-discrimination — we will not deny service, charge a different price, or provide a lesser quality of service because you exercised a CCPA right

To exercise any right, email lllockapp@gmail.com.

7.3 Right of withdrawal for subscriptions (EU consumers)

For EU consumers: subscriptions purchased through the App are digital services. By starting the subscription, you expressly consent to immediate performance and acknowledge that you lose your statutory right of withdrawal once the service starts (§ 356 (5) BGB). Refunds are handled by Google Play under Google's refund policy.

8. Children

The App is not directed at children under 13 (or under 16 in the EU, depending on the local age of digital consent). We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us and we will delete it.

9. Security

We use TLS for all network traffic between the App, Adapty, and OpenAI. Local data is stored in standard Android app-private storage, which is sandboxed by the operating system.

No system is 100% secure. If we ever suffer a personal-data breach, we will notify users and the competent authority as required by Art. 33–34 GDPR.

10. Changes to this Policy

We may update this Policy when the App changes or the law changes. The "Last updated" date at the top will reflect any update. Material changes will be highlighted in the App.

11. Contact

For any question or to exercise your rights:

lllockapp@gmail.com

Andre Beimler, Sonnenweg 37, 38518 Gifhorn, Germany

Also available in: Deutsch