Privacy Policy

Effective date: July 14, 2026

This Privacy Policy explains how the Impuls Deutsch Vocabulary Trainer (the “Service,” available at vocab.impulsdeutsch.com) collects, uses, discloses, and protects personal information. The Service is operated by Niko Tracksdorf (“we,” “us,” “operator”). Questions: privacy@impulsdeutsch.com.

1. Our role and the schools we serve

The Service is an educational vocabulary-study tool offered to colleges, universities, and other institutions that teach with the Impuls Deutsch textbook series. When an institution or its instructor uses the Service with students, we act as a “school official” performing an institutional function under the institution’s direction, and we process student information only to provide the Service on the institution’s behalf. See our FERPA / Student Data statement.

2. Information we collect

  • Account information: your name, email address, a password (stored only as a salted cryptographic hash — we never see or store it in readable form), your role (student, teacher, or administrator), and your institution (the university you selected as a teacher, or the one associated with a class you joined as a student). If you sign in with Google, we also receive your name and email address from Google.
  • Class and enrollment information: the classes you create or join, and the association between students, teachers, and classes.
  • Study activity: your progress on individual words (mastery levels), quiz results, grades and scores, points earned, and time spent studying. Teachers can see this for their own students.
  • Spoken-answer audio:the Service includes a “Speak” mode in which your microphone recording of the German word is sent to a speech-recognition service to check your pronunciation. This audio is processed only to grade that answer and is not retained by us.
  • Basic technical and operational data: server logs (for example, timestamps, IP address, and error information) used to keep the Service secure and running.

We do not collect Social Security numbers, government IDs, financial or payment-card data, precise geolocation, or biometric identifiers, and we do not use advertising or third-party analytics or tracking technologies.

3. How we use information

We use personal information solely to:

  • provide, operate, and maintain the study Service;
  • show students their progress and give teachers the reporting they need to run their class;
  • secure the Service, prevent abuse, and troubleshoot problems; and
  • communicate with you about the Service (for example, account or support messages).

We do not, and will not: sell or rent personal information; use it for advertising or marketing profiling; disclose it for any party’s commercial purposes; or use student personal information to train artificial-intelligence or machine-learning models.

4. Service providers (subprocessors)

We use a small number of vetted infrastructure providers to run the Service. They process data only on our instructions and under contractual confidentiality and security obligations. All are hosted in the United States.

ProviderPurposeData involved
Neon (managed PostgreSQL)Primary application databaseAccount, class, and study data
Google Cloud (Cloud Run, Cloud Storage)Application hosting and media storageApplication traffic; audio and image assets (no student personal data in assets)
Google Cloud (Vertex AI Text-to-Speech)Generates spoken-word audio for study promptsVocabulary words and generic prompt text (no student personal data)
Google Cloud (Speech-to-Text)Grades the “Speak” modeTransient microphone audio of the student saying a word

We will keep this list current and provide reasonable advance notice to institutions of material changes to our subprocessors.

5. Cookies

We use only essential cookies necessary to keep you signed in and to secure the Service. We do not use advertising, cross-site tracking, or third-party analytics cookies.

6. How information is shared

  • With your institution and teacher:a student’s study activity and grades are visible to that student’s teacher(s) and institution — this is the core purpose of the Service.
  • With the service providers listed in Section 4, under contract.
  • For legal reasons: if required by law or valid legal process, or to protect the rights, safety, and security of users and the Service.
  • Business transfer: if the Service is transferred to a successor operator, data may transfer subject to this Policy; institutions will be notified.

We never sell personal information.

7. Data retention and deletion

We retain personal information for as long as needed to provide the Service for the relevant course or institution, and then for a limited period as required for operational, legal, or security purposes. An institution or user may request access, correction, export, or deletion of their data by emailing privacy@impulsdeutsch.com; we will honor verified requests and can return or delete an institution’s student data on request or on termination.

8. Security

We protect data with encryption in transit (HTTPS/TLS) and at rest, salted password hashing, access controls, and reputable managed infrastructure. No system is perfectly secure, but we work to protect your information and will notify affected institutions without undue delay in the event of a data breach affecting their data.

9. Children’s privacy

The Service is designed for higher-education use and is intended for users age 13 and older. In limited cases — for example, concurrent- or dual-enrollment high-school students earning college credit — a student may be under 13. In those cases we rely on the school-consent mechanism permitted under the Children’s Online Privacy Protection Act (COPPA): the school or teacher authorizes use for a school-directed educational purpose and provides consent on parents’ behalf, and we use the information only to provide the Service and never for commercial purposes. See the Terms of Service and Data Processing Agreement.

10. Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or export your personal information, and to object to or restrict certain processing. Students at an institution should generally exercise these rights through their institution; you may also contact us directly. We do not discriminate against anyone for exercising these rights.

11. Users in the EU/EEA and the UK

If you use the Service from the European Economic Area (EEA) or the United Kingdom, the following also applies:

  • Roles:your institution is the data controller for its students’ personal data, and we act as a processor on its behalf.
  • Lawful basis:we process personal data to perform the Service under our agreement with your institution and, as applicable, on the basis of the institution’s legitimate educational interest or your consent.
  • Your rights: you may request access, rectification, erasure, restriction, portability, and object to certain processing — through your institution or by contacting us.
  • International transfers:the Service is hosted in the United States. Where EEA or UK personal data is transferred to the U.S., we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses (with the UK Addendum), entered into with our infrastructure providers.
  • Supervisory authority: you have the right to lodge a complaint with your local data-protection authority.

12. Changes to this Policy

We may update this Policy from time to time. We will post the updated version here with a new effective date and, for material changes affecting institutions, provide reasonable notice.

13. Contact

Questions or requests: privacy@impulsdeutsch.com.