Privacy Policy

1. Controller (Verantwortlicher)

2. Scope and Principles

This privacy policy applies to the mobile application AV Synth – Visual Synthesizer for iOS.

The app does not operate its own backend servers for user data processing. Unless explicitly stated otherwise below, data processing occurs locally on your device or by Apple/RevenueCat as part of iOS and App Store subscription services.

We do not sell personal data and we do not share personal data with third parties for advertising purposes.

3. Data Processing Details

3.1 In-App Purchases & Subscriptions (Apple StoreKit + RevenueCat)

The app offers optional paid features and subscriptions. Payments are processed exclusively by Apple via the App Store and StoreKit. We never receive or store payment details such as credit card numbers.

The app uses RevenueCat as a technical service provider to manage subscriptions, validate receipts, restore purchases, and determine entitlement status. RevenueCat processes personal data strictly as a service provider for subscription infrastructure and does not use this data for advertising purposes.

In this context, the following data may be processed:

• RevenueCat App User ID (pseudonymous identifier, typically “anonymous”, used to associate purchases and restore entitlements across devices)
• Product identifiers
• Purchase and renewal timestamps
• Subscription status (active, expired, cancelled)
• Transaction and receipt information provided by Apple (for validation)
• Technical and request metadata necessary to operate the subscription service (e.g., app version, device/OS information) and to prevent fraud/abuse
• Network metadata such as IP address may be processed by RevenueCat as part of operating and securing the service

RevenueCat acts as a data processor (Art. 28 GDPR) on our behalf for subscription infrastructure and entitlement management. We have concluded a Data Processing Agreement (DPA) with RevenueCat. RevenueCat processes data solely to:

• validate subscriptions and receipts
• restore purchases
• enable premium functionality
• prevent fraud and abuse and ensure system security

Legal bases: Art. 6(1)(b) GDPR (performance of contract) and, where applicable, Art. 6(1)(f) GDPR (legitimate interest in fraud prevention and system security).

RevenueCat Privacy Policy: www.revenuecat.com/privacy

3.2 Media Import (Files / Music / Videos) – Local Processing

The app allows you to import media (e.g., music files and videos) from locations you select (such as the Files app or other provider apps via iOS file picker).

Imported media is processed locally on your device to provide the app’s functionality. We do not upload your imported files to our servers.

Depending on your workflow, the app may create temporary local copies or caches on your device to enable smooth playback, rendering, or export. These temporary files remain on-device and can be removed by deleting the project within the app or by uninstalling the app.

Legal basis: Art. 6(1)(b) GDPR (performance of contract) and § 25(2) No. 2 TDDDG (necessary for providing the requested service).

3.3 Photos Library Access (Optional) – Local Only

If you choose to, you can grant the app access to your Photos library to select images/videos for use in your projects and/or to save exported results back to Photos.

• Read access: only for media you choose to select within iOS permission dialogs and pickers
• Write access: only when you actively export and save content to your Photos library

Photos library content is processed locally on your device. We do not collect, analyze, or transmit your Photos content to us. You can revoke Photos access at any time in iOS Settings.

Legal basis: Art. 6(1)(b) GDPR (performance of contract) and/or Art. 6(1)(a) GDPR (consent via iOS permission prompt, where applicable).

3.4 Export of Videos/Images – To Your Device Only

The app allows you to export videos and images you create. Exports are saved only to locations you choose on your device (e.g., Photos library or Files app). We do not receive exported content.

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

3.5 Local App Data (Presets, Settings, Projects)

AV Synth stores user-created visual settings, presets, and project configurations locally on the device. This data does not leave the device and is not accessible to us.

Legal basis: § 25(2) No. 2 TDDDG (necessary for providing the requested service).

3.6 Diagnostics & Crash Reporting (Apple)

Apple may collect diagnostic data and crash reports depending on your device settings. For App Store and iOS platform services (including diagnostics), Apple typically acts as an independent controller under its own privacy framework.

Depending on your settings, diagnostics may include:

• device model
• iOS version
• crash logs and stack traces

We do not receive personally identifiable crash data from Apple. Where Apple provides diagnostics to developers, it is typically provided in aggregated and/or pseudonymized form and is used solely to improve stability and fix bugs.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in ensuring technical stability, security, and error-free operation of the app.

3.7 Support Communication

If you contact us via email, we process your email address and message content to handle your request. Data subject requests under GDPR can also be submitted via info@mkgames.org.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in customer support) and, where applicable, Art. 6(1)(b) GDPR (contract-related inquiries).

3.8 External Links (e.g., Apple Standard EULA)

The app may include links that open external websites (for example, Apple’s Standard EULA or legal information pages). When you open an external link, you leave the app. The provider of the linked site is responsible for data processing on that site. We do not control and are not responsible for their content or privacy practices.

Depending on your device and network configuration, opening external links may result in the external provider receiving technical data (such as your IP address, device/browser information, referrer, and timestamp) as part of normal web delivery.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing required legal information and improving transparency).

3.9 Automated Decision-Making

No automated decision-making within the meaning of Art. 22 GDPR takes place.

4. Data We Do NOT Collect

• Advertising identifiers (IDFA)
• Tracking under App Tracking Transparency (ATT)
• Location data
• Contacts
• Biometric or health data
• Behavioral tracking or profiling
• Third-party analytics (Firebase Analytics, AppsFlyer, Mixpanel, etc.)
• Third-party crash reporting SDKs (e.g., Sentry, Crashlytics)
• Meta SDK and similar advertising/attribution SDKs
• Apple Search Ads attribution data (we do not integrate ASA attribution in this app)
• YouTube import / YouTube account access
• User accounts / login
• Email capture inside the app (no newsletter signups or in-app forms)
• Cloud synchronization operated by us

Note: iOS permissions (Photos / Files) are used only to enable features you actively request.

5. Third-Party Services

• Apple – App Store purchases (StoreKit), platform services, optional diagnostics
• RevenueCat – subscription infrastructure and receipt validation (processor)
• External websites you open via links – e.g., Apple Standard EULA pages or other legal information

These providers process data under their own privacy frameworks and applicable data protection law.

Apple Privacy Policy: www.apple.com/legal/privacy

6. International Data Transfers

Apple and RevenueCat may process data on servers outside the EU/EEA, in particular in the United States. Transfers are based on appropriate safeguards such as Standard Contractual Clauses (Art. 46 GDPR), adequacy decisions where applicable, and/or other valid transfer mechanisms under GDPR (for example the EU-U.S. Data Privacy Framework, where applicable). Where required, additional safeguards such as encryption in transit and strict access controls are applied.

• Apple Inc. (USA) – App Store / iOS services
• RevenueCat, Inc. (USA) – subscription infrastructure

Note: External websites opened via links may also process data outside the EU/EEA depending on the provider.

7. Data Retention

• Support emails: up to 12 months, unless a longer retention is required to resolve a request or due to legal obligations
• Subscription data (RevenueCat/Apple): retained for the duration of the subscription lifecycle and as needed for entitlement validation, purchase restoration, system security, and fraud prevention
• Local app data (projects/presets): stored on-device until deleted by you or upon uninstall
• Temporary media caches: stored on-device as needed for app functionality; removable by deleting projects and/or uninstalling

Data may be retained longer where necessary to establish, exercise, or defend legal claims, or where statutory retention obligations apply.

8. Your Rights

You have rights under GDPR including access, rectification, erasure, restriction of processing, data portability, and the right to lodge a complaint with a supervisory authority.

Supervisory authority (Berlin):
Berliner Beauftragte für Datenschutz und Informationsfreiheit
www.datenschutz-berlin.de

9. Children

The app is not directed to children under the age of 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal data from children.

10. Security

We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Access to any personal data is restricted to the extent necessary and protected using industry-standard safeguards. However, no method of transmission or storage is 100% secure.

11. Changes

This policy may be updated when the app or legal requirements change. The current version is available within the app and/or on our website.