Privacy Policy

Privacy Policy

1. Controller

Androho Software – Matthias Höpfler
Ziegelweg 1
84164 Moosthenning
Germany

E-mail: info@androho.com

2. Processing of Personal Data on This Website

2.1 Hosting

This website is hosted on servers provided by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg (AWS Lightsail).
AWS processes data solely on our behalf and in accordance with our instructions (data processing agreement pursuant to Art. 28 GDPR).
Data transfers to the United States may occur. Safeguards: EU-U.S. Data Privacy Framework (DPF), where certified, as well as EU Standard Contractual Clauses (SCCs).

2.2 Server Log Files

When accessing the website, the following data are automatically collected and stored in server log files:

  • IP address
  • Date/time of access
  • Accessed page/file
  • Referrer URL
  • Browser type/version
  • Operating system

Purpose/Legal basis: Ensuring technical operation and IT security (Art. 6 (1) lit. f GDPR).
Retention: Up to 14 days.

2.3 Cookies

We only use technically necessary cookies (e.g., to secure the contact form or for session management). These do not require user consent.
No analytics or marketing cookies are used on this website.

2.4 Contact Form and E-Mail

If you use the contact form or send us an e-mail directly, the following data will be processed:

  • E-mail address
  • Content of the message
  • Name (optional)

Purpose/Legal basis: Response to your inquiry, Art. 6 (1) lit. b GDPR (pre-contractual communication) or Art. 6 (1) lit. f GDPR (general inquiries).
Retention: Until the request has been handled, and thereafter according to statutory retention obligations.

3. Processing of Personal Data in Our Apps

This privacy notice applies to the following apps:

  • Profile Equalizer Lite (com.androho.profileequalizer)
  • Profile Equalizer Pro (com.androho.profileequalizerpro)

3.1 Firebase Analytics (Lite & Pro)

We use Google Firebase Analytics (Google Ireland Ltd., Dublin, Ireland).

Data: pseudonymous usage data (app events, screens, interactions), app instance ID, device information, country/region.
Purpose: Analysis of app usage to improve functionality and stability.
Legal basis: In the EU/EEA based on consent (Art. 6 (1) lit. a GDPR) via the Consent SDK; outside the EU/EEA based on Art. 6 (1) lit. f GDPR (legitimate interest).
Retention: 2–14 months depending on Firebase configuration.

3.2 Firebase Crashlytics (Lite & Pro)

We use Google Firebase Crashlytics for error analysis.

Data: crash reports, device type, OS version, timestamps, stack traces.
Purpose: Improving app stability.
Legal basis: Legitimate interest (Art. 6 (1) lit. f GDPR).

3.3 Google AdMob (Lite only)

The Lite version uses Google AdMob for advertising.

Data: advertising ID (AAID), IP address, device data, inferred location, ad interactions.
Legal basis: In the EU/EEA only with consent (Art. 6 (1) lit. a GDPR) via the Google UMP/Consent SDK. Without consent, only non-personalized ads are displayed.

3.4 App Permissions

Both versions (Lite & Pro) require the following permissions:

  • INTERNET – required for Firebase services, updates.
  • RECORD_AUDIO – for audio analysis (equalizer, visualizer).
  • BLUETOOTH / BLUETOOTH_ADMIN / BLUETOOTH_CONNECT – to connect and control Bluetooth audio devices.
  • MODIFY_AUDIO_SETTINGS – to adjust audio output parameters.
  • READ/WRITE_EXTERNAL_STORAGE – for backup/restore of profile settings (on older Android versions).
  • FOREGROUND_SERVICE / FOREGROUND_SERVICE_MEDIA_PLAYBACK – for continuous audio processing in the background.
  • WAKE_LOCK – required for the sleep timer.
  • MEDIA_CONTENT_CONTROL – control of media playback (e.g., visualizer).
  • POST_NOTIFICATIONS – notifications for active equalizer processes, profile changes, or timers.
  • BIND_NOTIFICATION_LISTENER_SERVICE – only with explicit user consent, for reacting to notifications (e.g., audio control).

Additionally for Lite:

  • com.google.android.gms.permission.AD_ID – access to advertising ID for AdMob.

3.5 Recipients and Third Country Transfers

Data may be transmitted to:

  • Google Ireland Ltd., Dublin (EU)
  • Google LLC, Mountain View, CA (USA)

Transfers to the USA are based on the EU-U.S. Data Privacy Framework (DPF) and/or Standard Contractual Clauses (SCCs).

3.6 Consent Management in the Apps

Upon first launch (EU/EEA), a consent dialog (Google UMP/Consent SDK) is displayed.

  • Users may grant or refuse consent for analytics/ads.
  • Consent can be withdrawn or changed at any time in the app settings.

4. Retention Periods

  • Website server log files: up to 14 days.
  • Support inquiries: until resolved, thereafter according to statutory obligations.
  • Firebase/AdMob data: according to provider configuration or until withdrawal of consent.

5. Data Subject Rights

You have the following rights under the GDPR:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)
  • Right to withdraw consent (Art. 7 (3))

You may also lodge a complaint with a supervisory authority, e.g., the Bavarian State Office for Data Protection Supervision (BayLDA).

6. Necessity of Providing Data

Use of the apps requires certain permissions (e.g., audio, Bluetooth). Without these, full functionality cannot be ensured.
The provision of analytics and advertising data is voluntary and only occurs with user consent.

7. Updates

This Privacy Policy is valid from September 2025. Updates will be published on this website.

8. Liability Disclaimer

Disclaimer for Hearing Test Function
Our apps include a hearing test function that can play tones at various frequencies, including high volumes, through headphones.
Users are responsible for choosing a safe volume setting.
We accept no liability for hearing damage or other health issues resulting from improper use.
This function does not replace medical examinations or advice from an ENT specialist or hearing care professional.

9. Data Security

We use technical and organizational security measures in accordance with Art. 32 GDPR to protect your data against accidental or intentional manipulation, loss, destruction, or unauthorized access.
This includes, among other things, encrypted data transmission via TLS/SSL. Our security measures are continuously improved in line with technological developments.