As of: May 2026
1. Controller
SynthScript Inh. Christoph Kretschmer
Hornisgrindestraße 9, 77855 Achern, Germany
Email: info@synthscript.de · Privacy: privacy@synthscript.de
2. General
We process your data exclusively in accordance with the GDPR. This policy informs you about the nature, scope and purpose of data processing when using the "Kroku" app.
3. Local Use Without Account
Kroku can be used entirely without an account and without any data transmission. All locally created patterns are stored exclusively on your device (SQLite).
4. Hosting (Firebase)
When using Cloud Sync or community features (optional account), the app uses Firebase (Google Ireland Limited, Dublin, Ireland) for:
- User management (Authentication)
- Database synchronisation (Firestore)
- AI features (Cloud Functions)
- Crash analysis (Crashlytics)
Data is processed primarily in the EU. Transfers to third countries are based on Standard Contractual Clauses (Art. 46 GDPR).
More information: firebase.google.com/support/privacy
5. Registration
Anonymous use is available from the first app launch — an anonymous user ID is assigned automatically. Cloud Sync and community features require registration via email/password. Anonymous data is retained when upgrading to a full account.
Legal basis: Art. 6(1)(b) GDPR
6. App Content
With Cloud Sync enabled, your crochet patterns and profile details are stored on EU servers. Patterns published to the Community Store are publicly visible.
Legal basis: Art. 6(1)(b) GDPR
7. AI Features (Claude API)
The photo-to-pattern function sends images you upload (JPEG, compressed) to the Claude API (Anthropic Inc., San Francisco, USA) via Firebase Cloud Functions. Images are processed solely for pattern generation and are not stored permanently. Processing takes place on the basis of your explicit request.
Legal basis: Art. 6(1)(b) GDPR
More information: anthropic.com/privacy
8. In-App Purchases & Coins (RevenueCat)
Purchases and the coins system are processed through the respective app store and RevenueCat Inc. (San Francisco, USA). We receive no payment data.
Legal basis: Art. 6(1)(b) GDPR
9. Firebase Crashlytics
Crash analysis using device information and OS versions (no directly personal data).
Legal basis: Art. 6(1)(f) GDPR
10. Push Notifications
Device tokens are processed for in-app and push notifications. Can be disabled in device settings.
Legal basis: Art. 6(1)(a) GDPR
11. Camera & Media Access
The photo-to-pattern function and avatar upload require access to the camera and gallery. Photos are used exclusively for the respective function and are not stored permanently.
Legal basis: Art. 6(1)(a) GDPR
12. Retention
Local data remains on the device until uninstallation. Cloud data is retained as long as your account exists. Account deletion is available at any time from within the app.
13. Account Deletion
Deletion requests to: privacy@synthscript.de
14. Your Rights (GDPR)
- Access (Art. 15), Rectification (Art. 16), Erasure (Art. 17)
- Restriction (Art. 18), Portability (Art. 20), Objection (Art. 21)
Contact: privacy@synthscript.de
15. Right to Lodge a Complaint
Supervisory authority: LfDI Baden-Württemberg
16. Data Security
We implement technical and organisational measures to protect your data.
17. Changes
Changes will be announced in the app.