Privacy Policy — Rock Identifier

Last updated: November 2025

1. Overview

Rock Identifier ("the App", "we", "us") is committed to protecting your privacy and being transparent about how data is handled.

This Policy explains what information is processed, why it is processed, and which third parties receive data.

The App is operated by Wizard Dynamics.

2. Data We Process

We do not create personal accounts, profiles, or store user-submitted personal data.

However, the App processes certain information for functionality, AI identification, analytics, advertising, and security.

2.1 Photos Submitted for Identification

When you use the AI identification feature, the image you submit:

  • may be considered personal data
  • is temporarily transmitted to our AI provider (OpenAI)
  • is not stored by us
  • is not permanently stored by OpenAI
  • is not linked to any identifier
  • is transmitted securely via HTTPS/TLS

Processing occurs only after your explicit consent inside the App. You may revoke your consent at any time in the App settings.

3. Automatically Collected Data (via Ads & SDKs)

To support advertising, attribution, analytics, fraud prevention, and app performance, third-party platforms may collect:

✔ Approximate Location

Country / region level only, for attribution and analytics.

✔ User ID (Ad Network Identifier)

Anonymous identifiers created by advertising platforms.

✔ Device ID / Advertising ID

Such as:

  • IDFA (iOS)
  • AAID (Android)
  • Device characteristics (model, OS version)

✔ Product Interaction (Usage Data)

Examples:

  • app opens
  • feature usage
  • screen views
  • button clicks
  • session duration

We receive aggregate statistics only (no personal profiles).

✔ Other Technical Data

Crash data, diagnostics, performance data, loading times.

✔ Purchase History (App Store)

Used only to validate premium access. We do not store historical purchases.

✔ Advertising Data

Collected by Meta/TikTok/Google Ads:

  • ad impressions
  • ad clicks
  • install attribution
  • campaign performance
  • anonymous behavioral signals

We do not store or link this data to any identity.

4. Third-Party Services We Use

To deliver core features and ads, we rely on:

4.1 OpenAI — AI Photo Processing

We use OpenAI to process submitted photos and generate rock-identification results.

Data shared with OpenAI

  • the submitted image (personal data)
  • no name
  • no email
  • no device ID
  • no advertising ID
  • no metadata

Processing rules

  • image used only for generating the AI result
  • image not stored after processing
  • image not used for training
  • HTTPS/TLS encryption
  • processed only after user consent
  • consent can be revoked anytime

OpenAI Privacy Policy: https://openai.com/policies/privacy-policy

4.2 Meta Ads (Facebook & Instagram)

Used for install attribution, ad optimization, and performance analytics.

Data Meta may collect

  • device ID
  • approximate location
  • app interaction events
  • ad impressions / ad clicks
  • install attribution
  • anonymous aggregated usage patterns

We do not store or link any Meta data to a user identity.

Meta Privacy Policy: https://www.facebook.com/privacy/policy/

4.3 TikTok Ads

Used for attribution and campaign performance.

TikTok may process:

  • device ID
  • approximate region
  • ad interaction
  • install attribution
  • usage patterns

TikTok Privacy Policy: https://www.tiktok.com/legal/privacy-policy

4.4 Google Ads / Google App Campaigns

Used for app-install attribution and analytics.

Google may collect:

  • device identifiers
  • approximate location
  • performance signals
  • attribution
  • technical information

Google Privacy Policy: https://policies.google.com/privacy

4.5 Supabase (Backend Services)

We use Supabase for backend infrastructure and aggregated technical metrics.

Supabase does not store:

  • photos
  • personal identifiers
  • device IDs
  • user accounts

Only aggregate data like total API usage may be stored.

Supabase Privacy Policy: https://supabase.com/privacy

5. What We DO NOT Collect

We do NOT:

  • store photos
  • collect names
  • collect emails
  • create user profiles
  • track users across other apps
  • collect precise GPS location
  • collect biometric data
  • sell personal data
  • store identifiers linked to identity

6. Legal Basis / Purposes of Processing

We process data for:

  • providing AI identification
  • app functionality
  • analytics and performance
  • fraud prevention
  • advertising attribution
  • subscription validation

All processing follows the principles of necessity and minimization.

7. Data Transfers Outside the EEA

Some third-party services (OpenAI, Meta, TikTok, Google, Supabase) may process data outside the EEA such as the United States. These providers use industry-standard safeguards.

8. Security Measures

  • full HTTPS/TLS encryption
  • no long-term storage of personal data
  • secure API key handling
  • regular app & infrastructure security reviews

9. Your Rights

Although we do not store personal data, you may:

  • withdraw AI-processing consent anytime in the App
  • manage device permissions
  • uninstall the App at any time

10. Children's Privacy

Rock Identifier collects no personal data and is suitable for all ages.

11. Updates to This Policy

We may update this Privacy Policy to reflect technical, legal, or operational changes. The latest version will always be available on this page.

12. Contact Us

Wizard Dynamics

Email: manuel@worlitzer.de

13. Transparency Summary (Apple 5.1.2(i))

For full clarity:

  • Photos → sent to OpenAI
  • OpenAI does not store or train on photos
  • Meta/TikTok/Google may collect device-level attribution data
  • No personal accounts
  • No permanent data storage
  • No tracking across apps
  • Consent is required before any image processing
  • Consent can be revoked anytime
  • Data not linked to identity