Privacy Policy

Last updated: February 19, 2026

This privacy policy explains how Ring Reader ("we", "us", "our") collects, uses, and protects your personal data when you use our web application at ringreader.app. Ring Reader is a shooting target analysis app that helps shooters digitize and analyze their results.

1. Controller

The controller responsible for data processing is:

Olaf Kortlüke
Im Brachmoos 12
88149 Nonnenhorn
Germany

Email: support@ringreader.app

2. Types of Data Processed

Account Data

When you sign in with Google or Apple, we receive and store your Firebase UID, email address, display name, and profile photo URL. This data is provided by your identity provider and processed through Firebase Authentication.

Usage Data (Shooting Sessions)

When you use Ring Reader to analyze targets, we store your shooting session data including scores, shot coordinates, target configurations, and session metadata (date, weapon type, distance). This data is stored locally in your browser (IndexedDB) and, if you are signed in, synchronized to our server (PostgreSQL database).

Payment Data

Payments are processed entirely by Paddle (paddle.com), who acts as the Merchant of Record. We do not collect or store your payment details (credit card numbers, bank account information). We only store your Paddle customer ID and subscription status to manage your access tier.

Technical Data

Our web server automatically logs IP addresses, request timestamps, and user agent strings as part of standard server operation. These logs are used solely for security monitoring and debugging.

3. Purposes of Processing

We process your data for the following purposes:

• Providing and operating the Ring Reader application
• User authentication and account management
• Storing and synchronizing your shooting session data across devices
• Processing payments and managing subscription tiers
• Ensuring the security and stability of our service
• Fulfilling legal obligations (e.g., tax record-keeping)

We do not use any analytics or tracking tools. We do not use Google Analytics or similar services. We do not serve advertisements. We do not create user profiles for marketing purposes.

4. Legal Bases (GDPR Art. 6)

Contract performance (Art. 6(1)(b) GDPR): Processing of your account data and shooting session data is necessary for the performance of our contract with you — providing the Ring Reader service, including cloud synchronization and subscription management.

Legitimate interest (Art. 6(1)(f) GDPR): Processing of server logs and IP addresses is based on our legitimate interest in maintaining the security, availability, and integrity of our service. Our interest in protecting the service and its users outweighs the minimal impact on your privacy, as logs are retained for only 14 days and are not used for any other purpose.

Consent (Art. 6(1)(a) GDPR): Where we offer optional features that require additional data processing, we will obtain your explicit consent before processing. You may withdraw consent at any time.

Legal obligation (Art. 6(1)(c) GDPR): Retention of payment records for 10 years is required under German tax law (AO, HGB).

5. Third-Party Services

Firebase Authentication (Google LLC, USA)

We use Firebase Authentication to handle sign-in via Google and Apple. When you sign in, your authentication data (email, display name, profile photo URL) is processed by Google's Firebase service. Data transfers to the USA are covered by EU Standard Contractual Clauses (SCCs). For more information, see Google's privacy policy at policies.google.com/privacy.

Paddle (Paddle.com Market Limited, UK)

Paddle acts as our Merchant of Record for payment processing. When you purchase a subscription, Paddle collects and processes your payment and billing information directly. We only receive your Paddle customer ID and subscription status. The UK has an adequacy decision from the EU Commission, ensuring adequate data protection. For more information, see Paddle's privacy policy at paddle.com/legal/privacy.

Server Hosting (Germany)

Our application server and database are hosted in Germany. Your shooting session data and account information are stored on servers located within the European Union.

6. Data Retention

• Server logs: Automatically deleted after 14 days.
• Account data: Retained until you delete your account.
• Shooting session data: Retained until you delete individual sessions or your entire account.
• Local data (IndexedDB): Stored in your browser and under your control. Clearing browser data removes it.
• Payment records: Retained for 10 years as required by German tax law (Abgabenordnung, Handelsgesetzbuch).

7. Your Rights

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right of access (Art. 15): You may request information about your stored personal data.
• Right to rectification (Art. 16): You may request correction of inaccurate data.
• Right to erasure (Art. 17): You may request deletion of your personal data.
• Right to restriction (Art. 18): You may request restriction of data processing.
• Right to data portability (Art. 20): You may request your data in a structured, machine-readable format.
• Right to object (Art. 21): You may object to processing based on legitimate interests.
• Right to lodge a complaint: You may file a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

To exercise your rights, contact us at support@ringreader.app.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data. All data transmission between your browser and our server is encrypted using TLS (HTTPS). Access to our server and database is restricted and secured. Authentication tokens are handled securely through Firebase Authentication.

9. Cookies and Local Storage

Ring Reader does not use cookies for tracking or advertising purposes. We use only essential technical storage mechanisms:

• IndexedDB: Used to store your shooting sessions locally for offline access.
• localStorage: Used to store application settings (e.g., language preference, selected weapon type).
• Firebase Auth tokens: Stored locally to maintain your sign-in session.

These storage mechanisms are strictly necessary for the app to function and do not require consent under the ePrivacy Directive.

10. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our data practices or legal requirements. We will notify you of significant changes through the app. The current version is always available at ringreader.app.

11. Contact

If you have questions about this privacy policy or your personal data, please contact us:

Email: support@ringreader.app

Olaf Kortlüke
Im Brachmoos 12
88149 Nonnenhorn
Germany