AI or Not — Privacy Policy

GDPR information · No advertising or tracking SDKs

Privacy Policy · Account deletion

Privacy Policy

Last Updated: July 1, 2026

This Privacy Policy explains how BitAutor UG (haftungsbeschränkt) ("we", "us", or "our") processes personal data when you use the AI or Not mobile application for iOS and Android (the "App"). We are committed to transparency and compliance with the EU General Data Protection Regulation (GDPR), applicable German data protection law, and app store requirements (Apple App Store Guideline 5.1.1, Google Play User Data policy).

Language note: This English version is the authoritative and legally binding version. Any German summary or translation is provided for convenience and transparency only. Mandatory consumer and data-protection rights under German and EU law remain unaffected.

1. Data Controller

The data controller responsible for your personal data under Article 4(7) GDPR is:

BitAutor UG (haftungsbeschränkt)
Vahrenwalder Str. 315A, 30179 Hannover, Germany
Commercial register: Amtsgericht Hannover, HRB 218756
Represented by: André Schild
Email: admin@best-ai-tools.org
Tel.: +49 (0) 157 55 33 19 15

Legal Notice / Imprint: best-ai.org/legal

2. Data Protection Contact

We have not appointed a mandatory data protection officer. For all privacy-related inquiries, data subject requests, and complaints, please contact: admin@best-ai-tools.org

3. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. The competent authority for us is:

The State Commissioner for Data Protection of Lower Saxony (LfD Niedersachsen)
Prinzenstraße 5, 30159 Hannover, Germany
Website: https://lfd.niedersachsen.de

4. Summary at a Glance

AI or Not is a casual game in which you guess whether content is AI-generated or human-made. We designed the App with privacy in mind:

  • Play without signing up: You can start playing immediately using anonymous authentication after accepting the Terms of Service before gameplay starts — no email or name required.
  • Optional account linking: You may optionally link Google or Apple sign-in to save progress across devices.
  • Game data only: We store gameplay-related data (scores, XP, progress) to operate the game and leaderboards.
  • No advertising or tracking SDKs: We do not integrate third-party advertising networks, analytics SDKs (e.g. Firebase Analytics, Google Analytics), or cross-app tracking technologies.
  • EU-hosted backend: Account and game data are stored via Supabase in the European Union (Frankfurt, Germany).

5. Categories of Personal Data

5.1 Anonymous Play (Default)

When you start playing after accepting the Terms of Service, we create an anonymous user account via Supabase Auth. This assigns a pseudonymous user identifier (UUID) so you can play and save progress on your device without providing personal information such as your name or email address.

Important: Anonymous accounts are tied to your device and session. If you sign out, uninstall the App, or clear app data, you may lose access to that anonymous account and its progress unless you have linked a permanent sign-in method.

5.2 Optional Sign-In (Google / Apple)

If you choose to sign in with Google or Apple, we receive authentication data from the respective provider, typically including:

  • Your name (if shared by the provider)
  • Your email address (or Apple Private Relay address if you use "Hide My Email")
  • A provider-specific user identifier
  • Profile picture URL (Google only, if available)

Linking a social account to an existing anonymous session transfers your game progress to the linked account. We do not receive your Google or Apple password.

5.3 Game & Profile Data

Depending on how you use the App, we may process:

  • Game scores, XP, level, streaks, and round results
  • Game history and statistics
  • Display name or nickname (if you choose to set one)
  • Leaderboard rankings (pseudonymous or display name, as configured)
  • App preferences and settings synced to your account

5.4 Data Stored Locally on Your Device

The App may store certain data locally on your device (e.g. via secure local storage or similar mechanisms) to improve performance, cache game state, or remember preferences. This data remains on your device unless synced to our servers as part of your account data.

5.5 Technical & Connection Data

When you use the App, our infrastructure providers automatically process limited technical data necessary to deliver the service, such as:

  • IP address (for authentication, security, and abuse prevention)
  • Device type, operating system version, and app version
  • Timestamps of requests and error logs

This data is processed by Supabase as part of providing authentication and database services. We do not use this data for advertising or profiling.

5.6 Support Communications

If you contact us at admin@best-ai-tools.org or admin@best-ai-tools.org, we process the information you provide (e.g. email address, message content) to respond to your inquiry.

5.7 What We Do Not Collect

We do not intentionally collect or use:

  • Precise location data (GPS)
  • Contacts, photos, or files from your device
  • Health, financial, or government ID data
  • Advertising identifiers for cross-app tracking
  • Data for third-party advertising or marketing analytics
  • Biometric data

The App does not request App Tracking Transparency (ATT) permission on iOS because we do not track you across apps or websites owned by other companies.

6. Purposes and Legal Bases (Art. 6 GDPR)

PurposeData involvedLegal basis
Providing the game, saving progress, operating leaderboardsUser ID, game scores, XP, profile dataPerformance of a contract (Art. 6(1)(b))
Anonymous authentication after Terms acceptancePseudonymous user ID, session tokensPerformance of a contract (Art. 6(1)(b)); legitimate interests for security and session integrity where applicable (Art. 6(1)(f))
Optional Google / Apple sign-inName, email, provider IDPerformance of a contract (Art. 6(1)(b)); consent where required (Art. 6(1)(a))
Security, fraud prevention, abuse detectionIP address, technical logsLegitimate interests (Art. 6(1)(f)) — protecting our service and users
Responding to support and privacy requestsContact details, message contentLegitimate interests (Art. 6(1)(f)) or legal obligation (Art. 6(1)(c))
Compliance with legal obligationsAs required by lawLegal obligation (Art. 6(1)(c))

Where we rely on legitimate interests, you have the right to object under Article 21 GDPR (see Section 11).

7. Processors and Third Parties

We use carefully selected service providers who process data on our behalf (Art. 28 GDPR) or as independent controllers where noted:

7.1 Supabase (Authentication & Database)

Provider: Supabase, Inc.
Purpose: User authentication (including anonymous sign-in), storage of account and game data
Data location: European Union — Frankfurt, Germany
Privacy policy: supabase.com/privacy

Supabase is headquartered in the United States. Data is stored in the EU region we selected. Where access from the US occurs (e.g. support), this is safeguarded by EU Standard Contractual Clauses (SCCs) pursuant to Article 46 GDPR.

7.2 Google Sign-In (Optional)

Provider: Google Ireland Limited / Google LLC
Purpose: Optional authentication only, if you choose this method
Privacy policy: policies.google.com/privacy

7.3 Sign in with Apple (Optional)

Provider: Apple Distribution International Ltd. / Apple Inc.
Purpose: Optional authentication only, if you choose this method
Privacy policy: apple.com/legal/privacy

7.4 App Distribution Platforms

Apple App Store and Google Play process data independently when you download, purchase, or update the App. Please refer to Apple's and Google's respective privacy policies for information on their processing.

We do not sell your personal data. We do not share your data with advertisers or data brokers.

8. International Data Transfers

Primary storage of account and game data is in the EU (Frankfurt). Where processors are located outside the EEA (notably Supabase, Google, Apple), transfers are carried out on the basis of:

  • Adequacy decisions (e.g. EU-U.S. Data Privacy Framework, where applicable)
  • EU Standard Contractual Clauses (Article 46(2)(c) GDPR)
  • Supplementary measures as required

You may request further information about transfer safeguards by contacting admin@best-ai-tools.org.

9. Retention

We retain personal data only as long as necessary for the purposes described:

  • Active account data: For the duration of your account plus a reasonable period to handle support requests.
  • Anonymous accounts: Until you delete the App data, we delete the account, or the account becomes inactive — inactive anonymous accounts may be deleted after 12 months of inactivity.
  • Support emails: Typically up to 24 months after resolution, unless longer retention is required by law.
  • Server logs: Retained by Supabase according to their policies and our configuration, generally limited to operational and security needs.

When data is no longer needed, we delete or anonymise it in accordance with applicable law.

10. Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encrypted data transmission (HTTPS/TLS)
  • Encryption of data at rest (via Supabase infrastructure)
  • Row-Level Security (RLS) policies restricting database access per user
  • Authentication tokens instead of stored passwords for social login
  • Access limited to authorised personnel on a need-to-know basis

No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at admin@best-ai-tools.org.

11. Your Rights Under GDPR

Subject to applicable law, you have the following rights:

  • Access (Art. 15): Request a copy of your personal data.
  • Rectification (Art. 16): Request correction of inaccurate data.
  • Erasure (Art. 17): Request deletion of your data ("right to be forgotten"), e.g. via in-app account deletion or by emailing us.
  • Restriction (Art. 18): Request limited processing in certain cases.
  • Data portability (Art. 20): Receive your data in a structured, machine-readable format where applicable.
  • Objection (Art. 21): Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.

To exercise your rights, email admin@best-ai-tools.org. We will respond within one month as required by GDPR (extendable by two months for complex requests).

12. Account Deletion

You can delete your account and associated personal data at any time — without logging into the App:

Deletion removes your account data from our active systems. Residual data in backups may persist for a limited period before being overwritten. Leaderboard entries may be anonymised rather than deleted where necessary for leaderboard integrity. We process requests within 30 days.

13. No Profiling or Automated Decisions

We do not use your personal data for advertising profiling or marketing analytics. We do not make automated decisions based on your personal data that produce legal effects or similarly significantly affect you within the meaning of Article 22 GDPR. Game scores and leaderboard rankings are operational features of the App, not automated legal decisions.

14. Voluntary Provision of Data

You are not required by law to provide personal data to use the App anonymously. Providing name or email is voluntary and only occurs if you choose Google or Apple sign-in. Without linking a sign-in method, you may lose progress when switching devices or clearing app data.

15. Children's Privacy

The App is not directed at children under 16 years of age (or the minimum age required in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact admin@best-ai-tools.org and we will take steps to delete such information.

16. App Store Privacy Disclosures

The data types declared in Apple App Store Connect (Privacy Nutrition Labels) and Google Play's Data Safety section are aligned with this Privacy Policy. If you have questions about specific categories declared in the store listings, contact us.

17. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last Updated" date and, where appropriate, via in-app notice. The updated policy applies from its effective date. Where applicable law requires consent for a new processing activity, we will ask for consent before starting that activity.

18. Contact

For privacy questions, support, or to exercise your rights:

Privacy by Design

AI or Not is built without advertising or third-party tracking SDKs. You can play anonymously, and linking Google or Apple is entirely optional.

Deutsche Kurzfassung (informatorisch)

Diese deutsche Kurzfassung dient nur der besseren Verstaendlichkeit. Rechtlich verbindlich ist die englische Fassung dieser Privacy Policy. Zwingende Rechte nach deutschem und europaeischem Datenschutz- und Verbraucherrecht bleiben unberuehrt.

Verantwortlicher ist BitAutor UG (haftungsbeschränkt), Vahrenwalder Str. 315A, 30179 Hannover, Germany. Kontakt fuer Datenschutz-, Support- und Loeschanfragen: admin@best-ai-tools.org.

  • Die App erstellt nach Zustimmung zu den Terms fuer das Spielen ein pseudonymes anonymes Konto ueber Supabase Auth; E-Mail oder Name sind dafuer nicht erforderlich.
  • Google- oder Apple-Login ist optional und dient der Sicherung des Spielfortschritts ueber Geraete hinweg.
  • Verarbeitet werden insbesondere Nutzer-ID, Session-Tokens, Spielstaende, XP, Level, Streaks, Leaderboard-Daten, Einstellungen, technische Logs und Support-Anfragen.
  • Rechtsgrundlagen sind Art. 6(1)(b) DSGVO fuer die Bereitstellung der App nach Zustimmung zu den Terms, Art. 6(1)(f) DSGVO fuer Sicherheit und Missbrauchsschutz sowie Art. 6(1)(a) DSGVO, soweit eine Einwilligung erforderlich ist.
  • Ein Konto kann in der App, per E-Mail oder ueber die Account-Deletion-Seite geloescht werden. Leaderboard-Eintraege koennen anonymisiert werden; Backups, Sicherheitslogs und gesetzlich erforderliche Nachweise koennen begrenzt aufbewahrt werden.
  • Sie haben die Rechte auf Auskunft, Berichtigung, Loeschung, Einschraenkung, Datenuebertragbarkeit, Widerspruch und Beschwerde bei der Datenschutzaufsicht.