Privacy Policy

Last Updated: November 27, 2025
App: SecretSanta Shuffle
Version: 1.0.4

1. Data Controller

4WIN Creators GmbH
Telemannstraße 7a
85057 Ingolstadt
Germany

Commercial Register: HRB 12498, District Court Ingolstadt
Managing Director: Thomas Winkelmeyr
Email: privacy@app.4wincreators.com
Website: www.4wincreators.com

2. Introduction

We take the protection of your personal data seriously. This Privacy Policy explains what data we collect in our "SecretSanta Shuffle" app, how we use it, and what rights you have.

3. Data Collection

3.1 Locally Stored Data

Important: The following data is stored exclusively locally on your device and is not transmitted to our servers:

Group names and descriptions
Participant names and email addresses
Secret Santa assignments and exclusions
App settings (language, theme preferences)

This data is stored in the device's local SQLite database and can be completely deleted at any time by uninstalling the app.

3.2 Email Sending

When you use the automatic Secret Santa notification feature, the following data is processed:

Participant email addresses (for sending)
Group names and assignments (email content)

Important: This data is processed via Firebase Cloud Functions but is not permanently stored. Emails are sent via an SMTP server (IONOS). Data is not stored after sending.

3.3 Firebase Services

We use Firebase for the following optional features:

Firebase App Check: Protection of Cloud Functions from abuse
Firebase Cloud Functions: Sending Secret Santa emails

Firebase may collect technical data such as IP address, device type, and app version for functionality. This data is processed according to the Google Privacy Policy.

3.4 Google AdMob (Advertising)

The app displays advertisements via Google AdMob to finance free usage. AdMob may collect:

Device information (device type, operating system)
Advertising IDs
IP address (anonymized)
App usage data (for personalized ads)

GDPR Compliance: On first launch, you will be asked for consent for personalized advertising (according to GDPR). You can change your consent at any time in your device settings.

More Information:

4. Purpose of Data Processing

We process your data exclusively for the following purposes:

App Functionality: Managing Secret Santa groups and assignments
Email Sending: Notifying participants of their Secret Santa partners (optional)
Advertising: Funding the free app through ads
App Security: Protection from abuse via Firebase App Check

5. Legal Basis (GDPR)

The processing of your data is based on the following legal grounds:

Article 6 (1) lit. b GDPR: Contract fulfillment (providing app functions)
Article 6 (1) lit. a GDPR: Consent (personalized advertising)
Article 6 (1) lit. f GDPR: Legitimate interest (app security and operation)

6. Data Sharing with Third Parties

We do not share your data with third parties, except in the following cases:

Google/Firebase: For Cloud Functions and AdMob
IONOS: SMTP server for email sending (email addresses for transmission only, no storage)

There is no sharing with other third parties or for marketing purposes outside of the mentioned services.

7. Data Retention

Local Data: Until app uninstallation or manual deletion
Email Data: Not stored (only processed for transmission)
Firebase Logs: Automatically deleted after a maximum of 30 days
AdMob Data: According to Google policies (see Google Privacy Policy)

8. Your Rights under GDPR

You have the following rights regarding your personal data:

Access (Art. 15 GDPR): You can request information about the data we process
Rectification (Art. 16 GDPR): You can request correction of incorrect data
Erasure (Art. 17 GDPR): You have the "right to be forgotten"
Restriction (Art. 18 GDPR): You can request restriction of processing
Data Portability (Art. 20 GDPR): You can request an export of your data
Objection (Art. 21 GDPR): You can object to data processing
Withdrawal (Art. 7 GDPR): You can withdraw your consent at any time

Contact for Data Protection Inquiries:
Email: privacy@app.4wincreators.com

Right to Lodge a Complaint:
You also have the right to lodge a complaint with a data protection authority:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach, Germany
www.lda.bayern.de

9. Data Security

We implement technical and organizational measures to protect your data:

Local Storage: Secret Santa data remains on your device and is not stored in the cloud
Encrypted Transmission: All network connections use HTTPS/TLS encryption
Firebase App Check: Protection from unauthorized API access and abuse
Minimal Data Collection: We only collect data necessary for app functionality

10. Children

The app is intended for users aged 13 and above. We do not knowingly collect data from children under 13. If we discover that we have inadvertently received data from children under 13, it will be deleted immediately.

11. International Data Transfer

By using Google services (Firebase, AdMob), data may be transferred to countries outside the EU/EEA. Google uses Standard Contractual Clauses approved by the EU Commission and complies with GDPR requirements.

More information: Google EU Data Protection

12. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy as needed to reflect changes in the app or legal requirements. The current version is always available in the app and on our website. You will be notified in the app of any significant changes.

13. Contact

For questions about data protection or to exercise your rights, please contact us:

4WIN Creators GmbH
Data Protection
Telemannstraße 7a
85057 Ingolstadt
Germany

Email: privacy@app.4wincreators.com
Website: www.4wincreators.com

Version: 1.0.0 | Date: November 27, 2025