This Privacy Policy applies to Android Exploits, our Android mobile application (our “App”). In the below policy, we inform you about the scope of the processing of your Personal Data.
Our use of your Personal Data is subject to Germany’s Data Protection Act (Bundesdatenschutzgesetz) (“BDSG”) and the EU’s General Data Protection Regulation (“GDPR”), and of course we process your Personal Data accordingly.
Personal Data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number, as well as online identifiers such as your IP address and device ID.
Processing means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.
The responsible party within the meaning of BDSG and the GDPR is SarotecK, Sascha Roth of Andreasstraße 20, 67547 Worms, Germany (“SarotecK”, “we,” “us”, “our”). If you have any questions about data protection at SarotecK in general, you can reach us by email using support@chickenhook.de with “Data Protection” in the subject line.
In accordance with the above-mentioned laws, we have to have at least one of the following legal bases to process your Personal Data:
The App can be downloaded from the Play Store, a service offered by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, US, and Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland). Downloading it may require prior registration with the Play Store and/or installation of the Play Store app.
As far as we are aware, Google collects and processes the following data: Licence check, network access, network connection, WLAN connections, and location information. However, it cannot be ruled out that Google also transmits the information to a server in a third country. We cannot influence which Personal Data Google processes with your registration and the provision of downloads in the Play Store and Play Store software. The responsible party in this respect is solely Google as the operator of the Play Store.
Google may collect information from and about the device(s) you use to access our App, including hardware and software information such as IP address, device ID and type, device-specific and App settings and properties, App crashes, advertising IDs (AAID), information about your wireless and mobile network connection such as your service provider and signal strength, and information about device sensors such as accelerometer, gyroscope, and compass.
We may request permission to store your App data including your Internet Connection and Network, Biometrics and Push Notifications. The legal basis for data processing is our legitimate interest, the provision of contractual or pre-contractual measures and your consent. You can deny access on your device via the Settings/Notifications/ options of your device; however, this means that our App may not function as intended.
We use the Google Firebase developer App and related features and services provided by Google. We use the following Google Firebase services in our App:
By integrating Google services, Google may collect and process information (including Personal Data). It cannot be excluded that Google also transfers the information to a server in a third country. We cannot influence which data Google collects and processes. Firebase's key security and privacy information can be found here: https://firebase.google.com/support/privacy . The legal basis is the implementation of the user contract for the use of the App.
The app uses the tool Crashlytics to log crashes of our App. No Personal Data is transmitted. Only real-time crash reports with precise details of code locations and device information are sent, which is intended to simplify maintenance and improve the resulting stability of our App. The legal basis for data processing is our legitimate interest. In the settings under data services, you can select whether you want to send crash reports or not.
Our App uses the web analytics service Google Analytics for Firebase, which uses tracking technologies to track your use of our App. In this respect, information is generated about, among other things, the number of users and their sessions, the session duration, the operating system used by the users, their device model, the region from which our App is accessed, the first start of our App, our App execution and any updates.
In order to provide the relevant data for analysis, Firebase Analytics uses your:
You can object to the use of Firebase Analytics at any time by disabling the sending of usage statistics in your device settings (Reset Advertising ID). We have no influence on these data processing operations. The basis for processing is our legitimate interest and your consent.
When you use our App, you will receive so-called push messages from us, even if you are not currently using our App. These are messages that we send you as part of the performance of the contract. You can adjust or stop receiving push messages at any time via:
Insofar as you consent to the use of push messages, consent is the legal basis for the processing.
We offer you the opportunity to contact us using various methods. We collect the data you submit, such as your name, email address, telephone number, and your message, in order to process your enquiry and respond to you. The legal basis is both your consent and contract.
The protection of your data is particularly important to us in the performance of our services. We therefore only want to process as much Personal Data (for example, your name, address, and e-mail address) as is absolutely necessary. Nevertheless, we rely on the processing of certain Personal Data, to fulfill our contractual obligations to you or to carry out pre-contractual measures.
To register, we require the use of the convenience login and sign-up services from Google. For Google Connect login and sign up, you will be asked to provide your basic information (i.e., name, email address, and display picture) linked to your account. When registering via a connect function, you agree to Google's terms and conditions and consent to certain data from your Google account being transferred to us. In addition, you may set up an account using your device’s biometrics, such as your fingerprint. We do not have access to any of your biometrics, and the app only determines whether the login process was successful or unsuccessful. The legal basis is your consent and the establishment and implementation of the user contract for the use of our App.
When you make in-app purchases, we (Google, on our behalf) may collect the following data from you to process the purchase:
In accordance with current best practices, the White House Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence and the upcoming Artificial Intelligence Act ("EU AI Act") we have assessed the risks associated with our AI-supported services, designed our AI services on ethical principles, and provided, among other measures, an AI statement and disclaimer.
If you create a support ticket, we will request Personal Data and, where applicable, non-Personal Data in accordance with your request; this may include your name, email address, and other request-related data you voluntarily provide. If you submit a support ticket, we process the data for the purpose of processing and handling your ticket.
Our employees will have access to data that you knowingly share with us for technical support or to import data into our services. We communicate our privacy and security guidelines to our employees and enforce privacy safeguards strictly.
If you wish to use our App and its features, we process mostly non-personal technical data and, in very limited circumstances, Personal data, which you voluntarily provide access to when using our App and its features. Depending on how you use our App and its features, we may process:
Device data may include:
Device data is processed for the purposes of delivering our App and its features in accordance with your device as well as tracking and determining trends in threats detected, determining appropriate language settings, and communications about potential solutions to detected threats. The legal basis is your consent and the establishment and implementation of the user contract for the use of our App.
Security data may include:
Security data is processed for the purposes of delivering our App and its features by alerting you to potentially malicious applications, malware, URLs and links, communicating about potential solutions to detected threats as well as improving the app security feature. The legal basis is your consent and the establishment and implementation of the user contract for the use of our App.
Service Data may include:
Service data is processed for the purpose of understanding use of our App to further develop and improve the performance, communicating about potential solutions to detected threats as well as telemetry. The legal basis is your consent and the establishment and implementation of the user contract for the use of our App.
Hardware information may include:
Software information may include:
In terms of third-party processors involved, we are using OpenAI's ChatGPT, 575 Florida Street, San Francisco, CA 94110, United States, to support our Scam Protection Model and for E-Mail Pwn check model we are using HaveIBeenPwned.com’s API which is owned and operated by Superlative Enterprises Pty Ltd ABN 62 085 442 020 of Queensland, Australia. For additional information, please also refer to our Data Processing Addendum.
We process data in the context of administrative tasks as well as the organization of our business and compliance with legal obligations, such as archiving and accounting. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are our legal obligations and our legitimate interest.
We also collect, use, and share aggregated data, such as statistical or demographic data, for any purpose, including improving our website. Aggregated data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.
We will not disclose or otherwise distribute your Personal Data to third parties unless this is a) necessary for the performance of our services, b) you have consented to the disclosure, c) or the disclosure of data is permitted by relevant legal provisions. In addition, we may disclose your Personal Data: in connection with law enforcement, fraud prevention, or other legal proceedings; as required by law or regulation; if SarotecK (or a part of SarotecK) is sold to or merged with another company; or if we have reason to believe that disclosure is necessary to protect our business.
We may transfer your Personal Data to other companies as necessary for the purposes described in this Privacy Policy. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organizational measures to protect the Personal Data we transfer. For additional information, please also refer to our Data Processing Addendum.
Our App uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as login data or contact requests that you send to us. We have also implemented numerous security measures (“technical and organisational measures”) for example encryption or need-to-know access, to ensure the most complete protection of Personal Data processed through our App.
Nonetheless, databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of the action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
You can exercise the following rights:
If you believe that the information we hold about you is inaccurate or request its rectification, deletion, or object to legitimate interest processing, please do so by contacting us.
In the event you want to make a Data Subject Access Request, please contact us. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.
You have the right to lodge a complaint about our processing of personal data with a supervisory authority responsible for data protection. The Rhineland-Palatinate DPA (Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz) is the state Data Protection Authority for the German state of Rhineland-Palatinate (www.datenschutz.rlp.de). However, we would appreciate the opportunity to address your concerns before you contact the DPA.
The following applies to users located in the United States. While we understand and appreciate that privacy and consumer data protection laws differ as they are subject to each state's legislature and that no data protection framework similar to the EU's GDPR exists on a federal level, we are committed to follow and apply the for your state relevant privacy rules and regulations.
As of the day of drafting, the following states had enacted privacy and consumer data protection laws: California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia. Under consideration of the similarities of the above provisions, no conflict should arise pursuing a uniform approach in granting all users in the USA the same rights and privileges as set out above. However, should ambiguity occur, the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your Personal Data.
Further, the following also apply:
“Shine the Light” law (Civil Code Section 1798.83) requires us to respond to requests from California asking about the business’s practices related to disclosing Personal Data to third parties for the third parties’ direct marketing purposes. You may make a request about our collection and disclosure of your Personal Data using the contact details provided.
When it comes to the collection of Personal Data from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under the age of 13 years old.
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. To be in accordance with CAN SPAM, we agree to the following: If at any time you would like to unsubscribe from receiving future emails, you can email us, and we will promptly remove you from ALL correspondence.
If we process your Personal Data for the purpose of sending you SMS marketing communications, you may manage your receipt of marketing and non-transactional communications from us by replying or texting ‘STOP’ if you receive our SMS communications. In this respect, the data processing is carried out solely on the basis of our consent in personalized direct advertising per SMS.
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, our website does not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this policy.
Finally, in regard to the right to complain to a supervisory authority. You have the right to lodge a complaint about our processing of Personal Data with a supervisory authority responsible for data protection. Users based in the abovementioned states may lodge a complaint with the relevant district attorney or attorney general office. However, we would appreciate the opportunity to address your concerns before you contact any supervisory authority.
Both Canada and Mexico have introduced data protection laws that are similar to the GDPR, namely Federal Law for the Protection of Personal Data in the Possession of Private Parties (“LFPDPPP”) supplemented by the Rules of the Federal Law for the Protection of Personal Data in the Possession of Private Parties in Mexico and the Personal Information Protection and Electronic Documents Act (“PIPEDA”) in Canada. Under consideration that the GDPR has played a pivotal role, no conflict should arise in pursuing a uniform approach in granting all users in Mexico or Canada the same rights and privileges as set out above. However, should ambiguity occur, the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your personal data.
In terms of your right to complain, Canada’s national supervisory authority is the Office of the Privacy Commissioner (www.priv.gc.ca) and the National Institute of Transparency, Access to Information and Personal Data Protection (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales) (“INAI”) is the national supervisory authority in Mexico (www.ifai.org.mx).
If you have any questions about this policy or the information we hold about you, please contact us by email using support@chickenhook.de with “Data Protection” in the subject line.
The first version of this policy was issued on Tuesday, 07th of January, 2025, and is the current version. Any prior versions are invalid, and if we make changes to this policy, we will revise the effective date.
© 2025 SarotecK. All Rights Reserved.