Privacy Policy
Last updated: 15 July 2026
01Who is responsible
The controller within the meaning of the EU General Data Protection Regulation (GDPR) is:
Farouk Almsouty
Landeskronstraße 21
02826 Görlitz, Germany
E-mail: support@briefeasy.app
02What BriefEasy does
BriefEasy is a mobile app that photographs German official letters, analyzes them with artificial intelligence, explains their content in your chosen language, and can draft a formal German reply.
03Your scanned documents
- Photos are transient. The photo of your letter is sent over an encrypted connection to our backend, analyzed, and the image file is deleted from the app's cache immediately after analysis. The photo is not stored on our servers.
- Analysis results are yours. Summaries, key points and drafts are shown to you in the app. If you enable the optional history feature, results are stored only locally on your device, never on our servers. You can delete them at any time.
- Processing location. Documents are processed on Google Cloud infrastructure in the European Union (Cloud Functions in Frankfurt, Germany; AI analysis via Google Vertex AI in the EU).
- Special categories of data. Official letters may contain sensitive information (e.g. health or legal matters). You decide which documents you scan; processing takes place exclusively to provide you the analysis you requested (Art. 9(2)(a) GDPR: your explicit consent, given when you accept the in-app disclaimer).
04Account data
- Sign-in. We use Firebase Authentication (Google Ireland Ltd.) with e-mail/password, Google Sign-In or Apple Sign-In. We store your e-mail address and an internal user ID.
- Usage counters. To operate the free tier, we store the number of scans linked to your account and a one-way hash (SHA-256) of your e-mail address to prevent abuse of the free quota. This hash cannot be reversed into your e-mail address.
- Biometric login. If you enable it, your credentials are stored only in your device's secure enclave (Keychain / Keystore). They never leave your phone.
- Deletion. You can permanently delete your account and associated data directly in the app (Settings → Delete My Account & Data).
05Subscriptions
Premium subscriptions are processed by Apple App Store or Google Play; we never see your payment details. Subscription status is validated through RevenueCat (RevenueCat Inc.), which receives a pseudonymous user ID and purchase receipts.
06Advertising
Free users may choose to watch rewarded ads served by Google AdMob. Before any ad is shown, you are asked for consent via Google's certified consent dialog (UMP), as required in the EEA. Without consent, ads are non-personalized or not shown. On iOS, the AppTrackingTransparency prompt is additionally respected. You can withdraw consent at any time in the app.
07Legal bases
- Providing the analysis you request: performance of contract, Art. 6(1)(b) GDPR; for sensitive document content additionally your explicit consent, Art. 9(2)(a) GDPR.
- Abuse prevention and service security: legitimate interest, Art. 6(1)(f) GDPR.
- Personalized advertising: consent, Art. 6(1)(a) GDPR.
08Your rights
You have the right to access, rectification, erasure, restriction of processing, data portability and objection (Art. 15–21 GDPR), and the right to lodge a complaint with a supervisory authority. In Germany, this is the data protection authority of your federal state.
09Processors
- Google Ireland Ltd. / Google Cloud EMEA (Firebase, Cloud Functions, Vertex AI, AdMob)
- RevenueCat Inc. (subscription management)
Data processing agreements pursuant to Art. 28 GDPR are in place with these providers via their standard cloud terms.
10Contact
For any privacy question or to exercise your rights, contact support@briefeasy.app.