Mobile App Privacy Policy

Last Updated: May 25, 2026

Data Controller

The data controller responsible for your personal data under Article 4(7) GDPR is:

BitAutor UG (haftungsbeschränkt)
Vahrenwalder Str. 315A, 30179 Hannover, Germany
Represented by: André Schild
Email: admin [at] best-ai [dot] org
Tel.: +49 157 55331915

Data Protection Contact

We have not appointed a mandatory data protection officer. For data protection inquiries, please contact:
Email: admin [at] best-ai [dot] org

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. The competent authority for us is:

The State Commissioner for Data Protection of Lower Saxony
Prinzenstraße 5, 30159 Hannover, Germany
Website: https://lfd.niedersachsen.de

Privacy Policy

BitAutor UG (haftungsbeschränkt) ("we," "us," or "our") operates the Best-AI.org mobile application (the "App"). This Privacy Policy informs you of our policies regarding the collection, use, disclosure, and protection of personal data when you use our App and the choices you have associated with that data.

We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the Digital Services Act (DSA), and app store requirements.

1. Information We Collect

1.1 Information You Provide Directly

When you use certain features of the App, you may voluntarily provide:

• Account Information: Email address, name, username (if you create an account)
• Tool Submissions: Information about AI tools you submit to our directory
• Communications: Messages you send to us via in-app contact forms or email
• Profile Data: Optional profile information you choose to provide

Legal Basis (GDPR Art. 6(1)): (a) Consent, (b) Contract performance

1.2 Information Collected Automatically

When you use the App, we automatically collect:

• Device Information: Device type, operating system version, app version, and basic technical identifiers needed for compatibility and security
• Diagnostics: App errors, performance diagnostics, and security-related events needed to keep the App reliable and secure
• Technical Data: IP address (anonymized where possible), system activity, and hardware settings

Legal Basis (GDPR Art. 6(1)): (f) Legitimate interest (app security, performance, and improvement)

1.3 Analytics & Tracking

Only with your explicit consent, we collect anonymized analytics data via:

• Firebase Analytics (Google LLC): Anonymous usage statistics, session duration, feature engagement

You can withdraw consent at any time in the App settings or device settings.

Legal Basis (GDPR Art. 6(1)): (a) Consent

1.4 Information We Do NOT Collect

We explicitly do NOT collect:

• Precise geolocation data
• Camera or photo library access
• Microphone or audio recordings
• Contact lists or address books
• Health or fitness data
• Financial or payment information (unless you make a purchase, handled by secure third-party processors)
• Biometric data

2. How We Use Your Information

We use the collected information for the following purposes:

• Provide and Maintain the App: To operate the App, authenticate users, and provide requested features
• Improve the App: To analyze usage patterns, fix bugs, and enhance user experience
• Security: To detect, prevent, and address technical issues, fraud, and security threats
• Communications: To respond to your inquiries and send important service announcements
• Notifications: To send push notifications (only if you opt-in)
• Legal Compliance: To comply with legal obligations and enforce our Terms of Service

We do NOT use your data for:

• Targeted advertising or ad tracking
• Selling or renting your personal data to third parties
• Profiling or automated decision-making with legal effects

3. Data Sharing & Third-Party Services

3.1 Service Providers

We share data with trusted third-party service providers who process data on our behalf:

• Google Firebase (Google LLC / Google Ireland Ltd.): Authentication, database/storage access, cloud storage, and optional analytics where you have consented
  • Privacy Policy: https://firebase.google.com/support/privacy
  • Data Processing: EU Standard Contractual Clauses (SCCs)
• Hosting Providers: For app backend and data storage (within EU or under SCCs)

Where providers process data on our behalf, they are bound by appropriate contractual safeguards. App stores and payment/platform providers may also process some data as independent controllers under their own privacy policies.

3.2 App Store Providers

When you download the App from Apple App Store or Google Play, those platforms may collect data according to their own privacy policies:

• Apple: https://www.apple.com/legal/privacy/
• Google: https://policies.google.com/privacy

3.3 Legal Requirements

We may disclose your data if required by law, court order, or governmental request, or to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Respond to valid legal process

3.4 Business Transfers

If we are involved in a merger, acquisition, or asset sale, your data may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

3.5 No Data Sales

We do NOT sell, rent, or trade your personal data to third parties for marketing purposes. Optional analytics or advertising-related technologies, where used, are controlled through consent and platform settings.

4. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our service providers (e.g., Google Firebase) operate.

We ensure adequate protection through:

• EU Standard Contractual Clauses (SCCs): Approved by the European Commission
• Adequacy Decisions: For countries recognized by the EU as providing adequate protection
• Service Provider Certifications: Google is certified under recognized data protection frameworks

You can request a copy of the safeguards we have in place by contacting admin [at] best-ai [dot] org.

5. Data Retention

We retain your data only as long as necessary for the purposes outlined in this Privacy Policy:

• Account Data: While your account is active, plus 30 days after deletion request
• Analytics Data: Up to 24 months (anonymized)
• Diagnostic Logs: Only for a limited period needed to investigate reliability, abuse, and security issues
• Legal Compliance Data: As required by law (e.g., 6-10 years for tax records)
• Marketing Consent: Until you withdraw consent

After the retention period, we will securely delete or anonymize your data.

6. Your Data Protection Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights under GDPR:

6.1 Right of Access (Art. 15 GDPR)

You have the right to request a copy of the personal data we hold about you.

6.2 Right to Rectification (Art. 16 GDPR)

You have the right to correct inaccurate or incomplete personal data.

6.3 Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)

You have the right to request deletion of your personal data when:

• The data is no longer necessary for the purposes for which it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

How to Request Deletion: Send an email to admin [at] best-ai [dot] org with subject "Data Deletion Request - App" and include your account email or device ID. We will respond within the applicable statutory deadline.

6.4 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request that we limit the processing of your data in certain circumstances.

6.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller.

6.6 Right to Object (Art. 21 GDPR)

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

6.7 Right to Withdraw Consent (Art. 7(3) GDPR)

Where processing is based on consent, you have the right to withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

How to Withdraw Consent:

• Analytics: Disable in App Settings → Privacy → Analytics

6.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the supervisory authority listed at the top of this policy.

How to Exercise Your Rights

To exercise any of these rights, contact us at admin [at] best-ai [dot] org. We will respond within 30 days (or 60 days for complex requests, with notification). We may ask you to verify your identity before processing your request.

7. Children's Privacy

The App is not directed to children under the age of 13 (or 16 in the European Economic Area).

We do not knowingly collect personal data from children under these ages. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at admin [at] best-ai [dot] org. We will promptly delete such data from our systems.

If you are under 18, you confirm that you have obtained parental or guardian consent to use the App.

8. Data Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction, including:

• Encryption: Data in transit is encrypted using TLS/SSL
• Access Controls: Restricted access to personal data on a need-to-know basis
• Secure Storage: Data at rest is stored on secure servers with encryption
• Regular Audits: Security assessments and vulnerability testing
• Incident Response: Procedures to detect and respond to data breaches

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Data Breach Notification

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will:

• Notify the competent supervisory authority within 72 hours of becoming aware of the breach (GDPR Art. 33)
• Notify affected users without undue delay if the breach poses a high risk (GDPR Art. 34)
• Provide information about the nature of the breach, likely consequences, and measures taken

10. App Permissions & Device Access

The App requests the following device permissions:

You can manage permissions at any time in your device settings. Disabling required permissions may limit app functionality.

11. Third-Party Links & Content

The App contains links to third-party AI tools and websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to read the privacy policies of any third-party sites you visit.

Important: Adult content and NSFW AI tools are not displayed in the mobile application.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify you of any material changes by:

• Posting a notice in the App
• Updating the "Last Updated" date at the top of this policy
• Sending an email to your registered email address (if applicable)

We encourage you to review this Privacy Policy periodically. Your continued use of the App after changes are posted constitutes your acceptance of the updated policy.

13. California Privacy Rights (CCPA/CPRA) - Detailed Compliance

If you are a California resident, you may have specific rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), where those laws apply to our processing.

Categories of Personal Information We Collect

In the past 12 months, we have collected the following categories of personal information:

• Identifiers: Email address, name, username, IP address, device identifiers
• Internet or Electronic Network Activity: App usage data, features used, screens viewed, and diagnostic events
• Geolocation Data: General location data (city/region level, not precise location)
• Professional or Employment-Related Information: Information provided in tool submissions

Your California Privacy Rights

As a California resident, you have the following rights:

• Right to Know: Request disclosure of categories and specific pieces of personal information we collect, use, disclose, and share
• Right to Delete: Request deletion of your personal information, subject to certain exceptions
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt-out of the sale or sharing of personal information (Note: We do NOT sell personal information)
• Right to Limit Use of Sensitive Personal Information: Limit the use of sensitive personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

Verification Process (CCPA/CPRA Section 7060)

We implement reasonable verification methods based on the sensitivity of the data:

• Account Holders: Verification through existing authentication practices
• Non-Account Holders: Verification using at least two data points matching information we already hold

Do Not Sell or Share My Personal Information

We do NOT sell your personal information. We do not knowingly share personal information for cross-context behavioral advertising in a way that triggers CCPA/CPRA opt-out obligations without providing the required choice. We may share information with service providers under appropriate contractual or platform terms.

To exercise these rights, contact admin [at] best-ai [dot] org. We will respond to verified requests within 45 days (or 90 days for complex requests).

14. New York Privacy Rights (NYCDPA)

Where the New York Child Data Protection Act (NYCDPA) or similar child privacy laws apply, users under 18 may receive additional protections.

Protections for Minors

For users under 18:

• No Sale of Data: We do not sell or purchase personal data of covered minors
• Consent Requirements: For users aged 13-17, we only process personal data that is strictly necessary for our service or with informed consent
• COPPA Compliance: For children under 13, we comply with federal COPPA standards

New York SHIELD Act Compliance

Where the New York SHIELD Act applies, we implement reasonable safeguards and provide required breach notifications within applicable legal deadlines.

15. Badge and Verification Status Disclosures

Legal Compliance Notice (EU DSA, CCPA/CPRA, NYCDPA): This section provides transparent disclosure of what badges and verification indicators mean in our mobile app, in compliance with transparency requirements under applicable laws.

Important: Badges and verification indicators displayed in our mobile app are informational labels only and do not constitute legal certifications, warranties, guarantees, endorsements, or professional opinions. All badges reflect our internal administrative processes and data collection methods only.

For detailed information about what each badge means, including "Admin Verified," "Expert Reviewed," "Verified Purchase," "100% Verified Data," and "Recently Updated" badges, please refer to our main legal page Badge and Verification Status Disclosures section.

Your Responsibilities: You must not rely on badges as a substitute for independent verification, due diligence, or professional advice. You must conduct your own independent research and verify all critical information directly with tool providers or official sources before making decisions or sharing sensitive data.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: admin [at] best-ai [dot] org
• Data Protection Contact: admin [at] best-ai [dot] org
• Postal Address: Vahrenwalder Str. 315A, 30179 Hannover, Germany
• Phone: +49 157 55331915

We will respond within the applicable statutory deadline.