1. Overview
This privacy policy explains which personal data is collected, processed, and stored when you use the Historyio Android app ("app") and the website historyio.com ("website"). It applies to all versions of the app, including Android Auto mode.
The app requires location permission to function. It can be used without registration (Free mode) or with Google Sign-In (Premium mode).
Kurzfassung (Deutsch)
Diese Datenschutzerklärung informiert Sie umfassend darüber, welche personenbezogenen Daten bei der Nutzung der Historyio Android-App und der Website historyio.com erhoben, verarbeitet und gespeichert werden. Die App erfordert zwingend eine Standortberechtigung. Wir verkaufen keine Daten, verwenden keine Werbetracker und setzen keine Analysedienste Dritter ein.
2. Data Controller (Verantwortlicher gem. Art. 4 Nr. 7 DSGVO)
3. Data Collected in Detail
3.1 Location Data (Required)
The app requires location data to deliver stories about nearby landmarks and cities.
- GPS coordinates: Your current latitude and longitude
- Search radius: A configurable radius around your position
When location is transmitted:
- On each manual or automatic story request
- In auto-play mode: periodically while you are travelling
- Background location is used only when auto-play mode is enabled
Legal basis: Art. 6(1)(b) GDPR — Contract performance
3.2 User Identification
Free users (no registration):
- A random pseudonymous identifier is generated on first app launch and stored locally on your device
- This identifier contains no hardware identifiers or personal information
- It is transmitted with every request to provide the service
- It is removed when you uninstall the app
Premium users (Google Sign-In):
- Your Google account identifier is used for authentication
- A short-lived authentication token is sent with each request; it is not permanently stored
- We do not store your Google name, email address, or profile picture
Legal basis: Art. 6(1)(b) GDPR — Contract performance
3.3 Story Requests
Each time you request a story, the following categories of data are transmitted to our servers:
- Your pseudonymous user identifier
- Your current location
- Your selected story language
- Your content preferences (e.g. kids mode and child age, preferred topics, search radius)
- Minimal context about previously received stories nearby, to avoid repetition
Legal basis: Art. 6(1)(b) GDPR — Contract performance
3.4 Story History
We keep a minimal record of which stories you have already received so that you do not receive the same story twice. This record is linked to your pseudonymous user identifier and is fully deleted upon a GDPR deletion request.
Legal basis: Art. 6(1)(f) GDPR — Legitimate interest (deduplication)
3.5 Ratings
When you rate a story (thumbs up or down), we store the rating value, the story it relates to, your pseudonymous user identifier, and a timestamp.
Legal basis: Art. 6(1)(f) GDPR — Legitimate interest (quality improvement)
3.6 Error Reports
Error reports are sent only when you actively tap the "Report to Historyio" button. They contain:
- Your pseudonymous user identifier
- The type of error and a technical error message
- Basic device information (operating system version, device model)
- Your approximate location at the time of the error, if available
Legal basis: Art. 6(1)(f) GDPR — Legitimate interest (service quality)
3.7 QR Code Redemption (B2B Partner System)
When you scan a QR code from a Historyio partner, we receive the campaign token from the QR code together with your pseudonymous user identifier. Your IP address and (optionally) your location are processed for fraud prevention.
After successful redemption, we keep a record linking your user identifier to the partner campaign and the contingent of bonus stories granted, for as long as needed to provide and account for that benefit.
Legal basis: Art. 6(1)(b) GDPR — Contract performance
3.8 Camera Access
The app uses your device camera exclusively for scanning QR codes. The camera image is processed locally in real time and is never stored or transmitted. Only the decoded QR code content is sent to our server.
Legal basis: Art. 6(1)(a) GDPR — Consent
3.9 Subscription & Payment Data
Premium subscriptions are managed entirely through the Google Play Store. Historyio does not receive or store any payment data (credit card numbers, bank details, etc.). From Google Play we receive only the subscription status and the plan you subscribed to.
Legal basis: Art. 6(1)(b) GDPR — Contract performance
4. Local Data Storage on Your Device
4.1 App Settings
The following information is stored only locally on your device and is removed when you uninstall the app:
- Your pseudonymous user identifier
- Your subscription status (Free / Premium)
- Your app preferences (theme, app language, story language, kids mode and child age, auto-play settings, topic preferences)
- Your privacy / consent choices
- Local usage counters (for example, monthly story usage)
- Active partner contingents and any remaining bonus entitlements
Some of these values — for example your story language, kids mode setting, child age and topic preferences — are sent with each story request so that the result matches your preferences. Others (theme, app language, auto-play settings, counters and consent choices) never leave your device.
4.2 Local Story Cache
The app caches a small number of recently received stories on your device so they remain available offline. Each cached story contains the story text and minimal metadata needed to play it back. When the local limit is reached, the oldest cached story is automatically removed.
5. Server-Side Data Processing & Storage
5.1 Infrastructure
Our backend is operated within the European Union (Germany). All data at rest is encrypted, and all transmissions between the app and the backend are encrypted in transit.
5.2 Stored Data Categories
On the server side, we store only the following categories of data:
- User account: your pseudonymous user identifier, subscription status, usage counters and basic activity timestamps
- Generated stories: the story texts and the place / language / topic context they were generated for, together with aggregated rating counts. These do not contain personal data.
- Story history: a minimal record of which stories you have already received, to avoid duplicates
- Ratings: your thumbs-up / thumbs-down ratings linked to your pseudonymous user identifier
- Abuse-protection data: short-term technical information (such as IP-based request counters) needed to prevent misuse of the service
5.3 Story History
The story history is used solely to ensure that you do not receive the same story twice. It is fully deleted upon a GDPR deletion request.
6. Data Sharing with Third Parties
6.1 AI Story-Generation Provider
To create historical stories, we use a third-party AI text-generation API operated by a U.S.-based provider. To generate a story, we share with this provider only the parameters needed to produce the result — in particular your approximate location, language and content preferences (for example kids mode or selected topics) and minimal context to avoid repeating earlier stories.
Not shared: your user identifier, device information, or IP address.
The provider processes this data solely to fulfil the request and is contractually bound not to use it for AI model training.
Legal basis: Art. 6(1)(f) GDPR — Legitimate interest
International transfer: USA — Standard Contractual Clauses (Art. 46(2)(c) GDPR)
6.2 Cloud Text-to-Speech (Premium voice)
For premium voice narration, we use a cloud text-to-speech service hosted in the EU (Germany). The story text is sent to the service, which returns an audio file. The resulting audio is delivered to your device via short-lived URLs.
The Free tier uses your phone's built-in offline TTS engine — no audio data is transmitted in that case.
Legal basis: Art. 6(1)(b) GDPR — Performance of contract (for Premium subscribers); Art. 6(1)(f) GDPR — Legitimate interest (for cached audio reuse)
Processing region: EU — no third-country transfer for TTS
6.3 Google Play Services
- Google Play Billing: Premium subscription management
- Google Sign-In: Authentication for Premium users
- Fused Location Provider: Precise location detection
Google processes this data according to the Google Privacy Policy.
6.4 Cloud Hosting Provider
Our backend and website are hosted by Amazon Web Services EMEA SARL in the EU region eu-central-1 (Frankfurt, Germany). AWS acts as a data processor under Art. 28 GDPR; the AWS GDPR Data Processing Addendum applies automatically to our account and is incorporated into the AWS Customer Agreement.
6.5 No Other Third-Party Sharing
✗ Sell your data to anyone
✗ Use advertising partners or ad trackers
✗ Use third-party analytics (no Google Analytics, no Firebase Analytics)
✗ Integrate social media tracking
✗ Share individual user data with B2B partners
6.6 B2B Partners (QR Code System)
Partners who operate QR code campaigns receive only aggregated, anonymized statistics about their campaigns (number of redemptions, stories consumed). Partners have no access to individual user data, location data, or user IDs.
7. Automatic Data Processing
7.1 Auto-Play Mode
When auto-play is enabled, the app uses your location in the background to automatically request a new story while you are travelling. Background location is only processed for the respective request and not retained beyond what is necessary.
7.2 Speed Detection
The app detects fast movement based on your device's GPS data so it can adapt playback for safety. This calculation happens entirely on your device; no speed data is transmitted to our servers.
7.3 Offline Synchronization
While offline, ratings and error reports may be cached locally and automatically synchronised when you reconnect to the internet.
8. IP Addresses & Rate Limiting
To prevent abuse of the service, we temporarily process your IP address when you make API requests:
- Storage duration: short-term only — typically deleted automatically within a few hours
- Purpose: rate-limiting and protection against automated abuse
- Server logs: IP addresses in operational logs are anonymised after a short retention period
For QR code redemptions: the IP address is retained as part of the redemption record for fraud prevention and for as long as needed to account for partner campaigns.
Legal basis: Art. 6(1)(f) GDPR — Legitimate interest (abuse prevention)
9. App Permissions
| Permission | Purpose | Data Involved |
|---|---|---|
INTERNET | Communication with backend servers | Encrypted API requests |
ACCESS_FINE_LOCATION | Precise GPS position for location-based stories | Coordinates (±5 m) |
ACCESS_COARSE_LOCATION | Approximate location as fallback | Approximate position |
ACCESS_BACKGROUND_LOCATION | Auto-play in background (Android 10+) | GPS coordinates |
ACCESS_NETWORK_STATE | Check internet connectivity | Online/offline status |
FOREGROUND_SERVICE | Background playback & location (Android 9+) | None |
FOREGROUND_SERVICE_LOCATION | Location in foreground service | GPS coordinates |
FOREGROUND_SERVICE_MEDIA_PLAYBACK | Audio playback in foreground service | None |
POST_NOTIFICATIONS | Notifications about new stories | None |
CAMERA | Scanning QR codes | Camera image (local only, never stored) |
10. Your Rights (GDPR / DSGVO)
Under the General Data Protection Regulation (GDPR / DSGVO), you have the following rights:
10.1 Right of Access (Art. 15 GDPR / Auskunftsrecht)
You have the right to request information about your personal data stored by us. Send an email to info@historyio.com. We will provide your data export as a JSON file via a time-limited download link (valid 7 days). The export covers:
- Your user account data
- Your story history
- Your ratings
- Your QR code redemptions (if any)
- Your error reports (if any)
10.2 Right to Rectification (Art. 16 GDPR / Recht auf Berichtigung)
You have the right to have inaccurate data corrected.
10.3 Right to Erasure (Art. 17 GDPR / Recht auf Löschung)
You have the right to request deletion of your personal data. Send an email to info@historyio.com. Deletion covers your user account, your story history, your ratings, your data export requests, your QR code redemptions and any associated feedback you have provided.
Deletion is processed within 30 days. Local data on your device can be removed via the app settings or by uninstalling the app.
10.4 Right to Restriction of Processing (Art. 18 GDPR / Recht auf Einschränkung)
You have the right to request restriction of the processing of your data.
10.5 Right to Data Portability (Art. 20 GDPR / Recht auf Datenübertragbarkeit)
You have the right to receive your data in a structured, commonly used, and machine-readable format (JSON).
10.6 Right to Object (Art. 21 GDPR / Widerspruchsrecht)
You have the right to object to the processing of your data on grounds relating to your particular situation, where processing is based on Art. 6(1)(f) GDPR (legitimate interest).
10.7 Right to Lodge a Complaint (Beschwerderecht)
You have the right to lodge a complaint with a data protection supervisory authority. The competent authority is:
Promenade 18
91522 Ansbach, Germany
Phone: +49 (0) 981 180093-0
Email: poststelle@lda.bayern.de
Website: www.lda.bayern.de
11. Security Measures
11.1 Transmission Security
- HTTPS / TLS: All data transmissions between app and server are encrypted using current standards
- Authenticated requests: Every request is validated before being processed
- Input validation: Server-side validation of all input data
11.2 Server-Side Security
- Encryption at rest: Data stored on the server is encrypted
- Access control: Strict role-based access following the Principle of Least Privilege
- Monitoring: Continuous monitoring with anomaly detection
- Rate limiting: Protection against excessive or automated requests
- Backups: Regular backups so that data can be restored in case of emergency
11.3 Privacy by Design (Art. 25 GDPR)
- Data minimisation: Only data necessary for the service is collected
- Pseudonymisation: Free users are identified only by a random pseudonymous identifier
- Automatic deletion: Temporary data is automatically removed once it is no longer needed
- No tracking libraries: No Google Analytics, Firebase Analytics, or advertising SDKs
12. Data Retention Periods
| Data Category | Retention | Deletion |
|---|---|---|
| Location data (within story requests) | Processed immediately | Not retained as personal data after the request is completed |
| User account | For as long as you use the service | On GDPR request, or after a prolonged period of inactivity |
| Story history | For as long as you use the service | On GDPR request |
| Ratings | For as long as you use the service | On GDPR request |
| Error reports / server logs | Short-term (a few weeks) | Automatic |
| Rate-limit data (IP-based) | Short-term (a few hours) | Automatic |
| Pending requests | Short-term (typically up to 24 hours) | Automatic |
| QR code redemptions | For as long as needed for the partner relationship | On request, where billing/accounting permits |
| GDPR data exports | Available for 7 days | Automatic |
| Local app data | Until uninstall | On app uninstall or manual deletion |
| Premium TTS audio | For as long as the related story exists | When the related story is deleted |
13. Special Notes
13.1 Kids Mode (Kindermodus)
When kids mode is enabled:
- Stories are adapted to be age-appropriate (configurable: ages 8–16)
- The child's age is transmitted with each story request to customize content
- No additional data about children is collected
Hinweis: Die App richtet sich an Nutzer ab 8 Jahren. Bei Nutzung durch Kinder unter 16 Jahren ist die Einwilligung der Erziehungsberechtigten erforderlich (Art. 8 DSGVO).
13.2 Location Permission
- The app cannot function without location permission — it is essential for its core functionality
- If permission is denied, an information dialog is displayed
- Background location permission is required only for auto-play mode
13.3 Android Auto
When using the app via Android Auto, the same privacy policy applies. No additional data is collected. Driving-mode restrictions (e.g., disabled rating buttons) serve traffic safety, not data protection.
13.4 International Data Transfer (Drittlandtransfer)
To generate stories, certain processing data is transmitted to a U.S.-based AI text-generation provider. The transfer is based on EU Standard Contractual Clauses (Art. 46(2)(c) GDPR). Only the parameters needed to produce a story are shared; your user identifier is not included.
Der Transfer personenbezogener Daten in die USA erfolgt auf Grundlage von EU-Standardvertragsklauseln (Art. 46 Abs. 2 lit. c DSGVO).
14. Website historyio.com
14.1 Hosting
The website is delivered via a content delivery network with edge locations worldwide. When you visit the website, technical request data such as your IP address, the date and time of the request, the requested page, the HTTP status code, your browser type and the referrer URL may be processed in standard server logs. IP addresses are anonymised after a short retention period.
Legal basis: Art. 6(1)(f) GDPR — Legitimate interest
14.2 Cookies
The website does not set any tracking, marketing or third-party cookies. Where strictly necessary technical cookies are used, they serve only to remember your choices (such as your selected language or your cookie preference) and contain no analytics or advertising identifiers.
15. Changes to This Privacy Policy
We reserve the right to update this privacy policy. The current version is always available at https://www.historyio.com/privacy.html. We will notify you of material changes via the app.
16. Contact
For questions about data protection or to exercise your rights:
This privacy policy (Version 2.2) covers all current data processing in the Historyio Android app, the backend service and the website, including the QR code system, story history, topic selection, AI story generation, Google Sign-In and server-side text-to-speech.