Privacy Policy

for thermik.cloud and the associated mobile apps

Version: december 2025

Protecting your personal data is very important to us. We process your data exclusively in accordance with the applicable legal regulations, in particular the GDPR and the Austrian Telecommunications Act (TKG 2003).
This Privacy Policy explains how we collect, process, and protect personal data when you use the website thermik.cloud, our mobile applications, and related digital services (“Platform”).

Platform operator:

THERMIK Verlag e.U.
Stelzhamerstraße 18
A-4600 Wels, Austria
VAT ID: ATU40024503
Email: cloud@thermik.at
Content responsible: Norbert Aprissnig

1. Data Controller

The responsible entity for data processing is:

THERMIK Verlag e.U.
Email: cloud@thermik.at

2. Purpose of Data Processing

We process personal data for the following purposes:

  1. Providing the Platform, content, and features

  2. Registration and management of user accounts

  3. Subscription management and payment processing

  4. Improving and analyzing the Platform

  5. Ensuring technical operation and preventing misuse

  6. Fulfilling legal obligations

3. Data We Process

3.1 Data you provide voluntarily

  • First and last name (optional)

  • Email address (required)

  • Password (never stored in plain text)

  • Subscription and purchase information

  • Settings and preferences

3.2 Data collected automatically

  • Device type, operating system, app version

  • IP address (shortened for security purposes)

  • Log files and technical usage data

  • Access details (e.g., which issues have been opened)

3.3 Data from third-party services

Depending on usage:

  • Firebase Authentication: email, login timestamps

  • Stripe: payment metadata (not full card details)

  • RevenueCat: subscription status, product IDs, purchase history

  • Firebase / Analytics: usage statistics and device data

  • Hosting providers: technical logs

We do not receive sensitive data such as full payment information or password content.

4. Registration and Login (Firebase Authentication)

User accounts are created and managed via Firebase Authentication, provided by Google Ireland Ltd.

Data processed:

  • Email address

  • Hashed password

  • Technical login metadata

Your data may be processed on Firebase servers outside the EU.
Legal basis: Art. 6(1)(b) GDPR (contract performance).

5. Payment Processing (Stripe)

Payments for web-based subscriptions are handled by:

Stripe Payments Europe Ltd.
The One Building, 1 Grand Canal Street Lower, Dublin, Ireland.

Data processed:

  • Name (optional)

  • Email

  • Payment method details (partially masked)

  • Billing information

  • Transaction ID

We do not store any credit card information on our servers.

Legal basis:

  • Art. 6(1)(b) GDPR (contract performance)

  • Art. 6(1)(f) GDPR (fraud prevention)

6. Subscription Management (RevenueCat)

For subscription handling across iOS, Android, and the web, we use RevenueCat, operated by RevenueCat, Inc.

Data processed:

  • Firebase UID or app-store user ID

  • Purchase history

  • Active subscription status

  • Expiration dates

RevenueCat does not store personal payment data, only subscription metadata.

Legal basis: Art. 6(1)(b) GDPR

7. Hosting and Technical Infrastructure

Our services use hosting providers and CDNs to securely and reliably operate the Platform.

Technical information such as IP addresses or log files may be processed.

Legal basis:

  • Art. 6(1)(f) GDPR (legitimate interest in secure operation)

8. Cookies and Similar Technologies

We use cookies and similar technologies on thermik.cloud for:

  • enabling essential functionality (login, session management)

  • improving performance

  • security and error diagnostics

  • optional analytics (with consent)

Legal basis:

  • Necessary cookies: Art. 6(1)(f) GDPR

  • Analytics cookies: Art. 6(1)(a) GDPR (consent)

9. Analytics and Usage Data

We use privacy-friendly analytics tools, including:

  • Firebase Analytics

  • internal statistics

These data are pseudonymized and used solely for improving the Platform.

10. Data Sharing with Third Parties

We do not sell or share personal data with third parties except:

  • when required to fulfill contractual obligations (payment providers, subscription management)

  • when necessary for technical operation (hosting, Firebase)

  • when legally required

  • for fraud prevention and security purposes

No data is shared for external advertising or marketing purposes.

11. Data Retention

We store personal data:

  • for the duration of the user account

  • as long as legally required (e.g., invoices for 7 years under Austrian law)

  • as long as necessary to fulfill the purposes listed above

After deletion of the account, data will be permanently deleted or anonymized unless legal retention obligations apply.

12. Your Rights under GDPR

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to object (Art. 21 GDPR)

  • Right to withdraw consent (Art. 7(3) GDPR)

To exercise your rights, contact us at:
cloud@thermik.at

13. Data Security

We take appropriate technical and organizational measures to protect your data, including:

  • encrypted data transmission (HTTPS)

  • secure login and authentication processes

  • restricted access controls

  • regular security updates

  • secure password storage via Firebase

14. International Data Transfers

Because we use Firebase, Stripe, and RevenueCat, personal data may be transferred outside the EU, particularly to the United States.

All providers rely on valid EU Standard Contractual Clauses (SCCs) to ensure GDPR-level protection (Art. 46 GDPR).

15. Children’s Privacy

Our services are not intended for children under 16 years.
We do not knowingly collect personal data from minors.

16. Changes to this Privacy Policy

We may update this Privacy Policy to reflect technical changes, new services, or legal requirements.
The latest version will always be available on the Platform.

17. Contact

If you have questions regarding data protection, you may contact us at:

THERMIK Verlag e.U.
Stelzhamerstraße 18
A-4600 Wels, Austria
Email: cloud@thermik.at