Privacy Policy — Inburger A1
Last updated: 2026-07-11
This Privacy Policy describes how Inburger A1 ("we", "us", "the app") collects, uses, and protects your information when you use our mobile and web applications.
Operator: Kelly Zwart, Amsterdam, Netherlands, contact: kell@chefzwart.nl
1. Information we collect
Account & purchase data
- Email address — collected when you purchase a 3-month pass or lifetime access. Used solely to validate your entitlement and send receipts.
- Payment information — processed entirely by Stripe (web) or Apple/Google (mobile in-app purchases). We never see or store your card number, CVV, or full payment details.
Usage data (stored locally on your device)
- Your training progress, session history, mastered items, exam-simulation scores, profile name, target exam date, daily-goal targets.
- This data is stored in your device's local storage and never transmitted to our servers.
AI-judge data (when you use the AI grading feature)
- When you submit an answer that doesn't exactly match the official list, we send your answer plus the question context to Anthropic's Claude API for grading.
- We do not store these submissions on our servers. Anthropic processes them according to their own data policies.
- We do not link your AI submissions to your identity.
Technical / device info
- App version, OS version, device type, language preference — collected anonymously for crash reporting and product improvement (only if you opt in).
Optional cloud backup (only if you turn it on)
- If you enable cloud backup/sync, your training progress is stored on our server so it survives installing the app or moving to a new device. It is keyed to a hash of your email (we don't store your email in readable form) and is protected by no password — keep your backup email private. You can turn it off any time in Settings. We store only your app progress, never payment details.
Anonymous usage analytics
- We use privacy-friendly, cookieless analytics (Vercel Web Analytics) to count anonymous visits, page views, and a few product events (e.g. trial started, app installed, purchase completed). This data is aggregated and anonymous; it does not identify you and uses no advertising or cross-site tracking cookies.
Microphone (speech-recognition feature)
- The app includes an optional speech-recognition feature for the Speaking parts (Aanvulzinnen, Vraag-Antwoord, and the timed exam simulation). You always have the choice to type your answer instead.
- When you tap the microphone button, the app requests browser microphone permission. You can decline; the rest of the app works without it.
- Speech recognition is performed by your browser or operating system using the standard Web Speech API. We do not store or transmit your audio recordings to our servers.
- On Chrome (Android/desktop) the recognition typically runs locally on your device. On iOS Safari, Apple performs the recognition via its operating-system speech service (see Apple's privacy policy for details). We have no access to the audio either way.
- The recognized text (the transcript only — not audio) is used by your device to fill in or match your answer. It is not retained or transmitted by us beyond the existing AI-grading flow described above.
Information we do NOT collect
- We do not collect location data.
- We do not access your contacts, photos, or camera.
- We do not store microphone audio on our servers (see above for how speech recognition works).
- We do not use third-party advertising trackers.
- We do not sell, rent, or share your data with third parties for marketing.
2. How we use your information
- Email: send purchase receipts; validate your subscription/lifetime entitlement; respond to support requests.
- Payment data: process purchases via Stripe/Apple/Google (per their privacy policies).
- Usage data (local): power the training features on your device. Never leaves your device.
- AI submissions: provide answer grading. Not retained by us.
- Anonymous telemetry: improve the product, fix crashes.
3. Legal basis (GDPR Article 6)
- Performance of contract: processing your email and entitlement is necessary to deliver the paid features you purchased.
- Legitimate interest: anonymous crash reporting helps us deliver a stable product.
- Consent: any future optional features (e.g., analytics) will be opt-in.
4. Data retention
- Email + entitlement: retained as long as your account is active, plus 7 years for tax/accounting compliance under Dutch law.
- Usage data: stored on your device until you delete the app or clear browser data; not held by us.
- AI submissions: not retained by us. Anthropic's retention is governed by their policy.
- Payment records: retained by Stripe/Apple/Google per their policies; we keep transaction IDs only.
5. Your rights (GDPR)
You have the right to:
- Access the data we hold about you (just your email + entitlement record).
- Rectify inaccurate data.
- Erase your data ("right to be forgotten"). On request we delete your entitlement record; your local device data you can wipe via Settings > Reset.
- Restrict processing.
- Data portability — receive your data in a structured format.
- Object to processing.
- Withdraw consent at any time (for opt-in features).
- Lodge a complaint with your local data protection authority (in the Netherlands: Autoriteit Persoonsgegevens — autoriteitpersoonsgegevens.nl).
To exercise any right, email us at kell@chefzwart.nl. We respond within 30 days.
6. Third-party processors
The following sub-processors handle limited data on our behalf:
| Processor |
Data handled |
Purpose |
Location |
| Vercel |
Email (transit), API requests |
Web hosting |
USA / EU |
| Stripe |
Email, payment method |
Web payment processing |
USA / IE |
| Apple (iOS) |
App Store account, payment |
iOS in-app purchases |
per Apple privacy policy |
| Google (Android) |
Play Store account, payment |
Android in-app purchases |
per Google privacy policy |
| Anthropic |
Submitted answer text |
AI grading |
USA |
| Upstash (optional) |
Email + entitlement |
Subscription storage |
EU |
| Sentry (optional) |
Anonymous crash data |
Stability monitoring |
EU |
All processors have entered into standard contractual clauses (SCCs) where applicable.
7. Children
The app is intended for adults preparing for the Dutch civic integration exam. We do not knowingly collect data from anyone under 16. If you believe a minor has provided us data, contact us and we will delete it.
8. Security
- All traffic is encrypted in transit (HTTPS / TLS 1.2+).
- Payment processing is PCI-compliant via Stripe/Apple/Google.
- Local device data is stored in standard browser/app storage (not encrypted by us at rest).
- We follow industry best practices but cannot guarantee perfect security.
9. International transfers
Some of our processors (Vercel, Stripe, Anthropic) are based in the USA. We rely on standard contractual clauses (SCCs) as the transfer mechanism per GDPR Article 46.
10. Changes to this policy
We may update this Privacy Policy. The "Last updated" date at the top reflects the most recent change. Material changes will be communicated via in-app notice or email.
11. Contact
Questions about this policy? Email: kell@chefzwart.nl
This policy is governed by Dutch law. Disputes can be brought before the courts of the Netherlands.