Data Protection Information

With this privacy policy statement, we inform you about the extent of processing your personal data (hereinafter referred to as “Data”).

Summary of the Privacy Policy

This document outlines the processing of personal data for various purposes through the use of specific services:


Google Analytics for Firebase
Personal Data: Application executions; Application updates; Number of users; Number of sessions; App starts; Operating systems; Unique device identifiers for advertising (e.g., Google Advertising ID or IDFA); Device information; In-app purchases; Trackers.

Hosting und Backend-Infrastructure

Firebase Realtime Database
Personal Data: Usage data; Various types of data as described in the service’s Privacy Policy.

Registration and Authentication

Firebase Authentication
Personenbezogene Daten: Email adress

Further information about personal data processing:

This service is directed at children under 13 years old

This application is targeted towards children under 13 years old. To use the services, no additional information is requested from the child beyond what is necessary or appropriate for the application’s use. Parents can view the personal data collected by this application, as described later in this Privacy Policy. They can also request the owner to delete it, and prohibit any further use or collection. While parents can approve the collection and use of their child’s information, they can restrict its transmission to third parties unless it’s an integral part of the service.

Provider and Data Controller

Octopus Education UG

c/o Celik

Behrenstr. 23

10117 Berlin

Provider’s Email Address:

Complete Privacy Policy

Why do we need data collection?

This service is intended for children under 13 years old and their legal guardians.

Within the Occto App, we highly prioritize data privacy! Your child’s privacy is our top concern. Occto only stores and processes information that is truly necessary to operate the Occto App and ensure a safe user experience. The entire gameplay is anonymous. To the extent that we request information, it is voluntary and does not allow any conclusions to be drawn about your identity or that of your child.

Data helps us improve the Occto App even further by analyzing the user behavior of children and their legal guardians. This allows us to tailor and optimize the content based on your child’s age. The voluntary provision of age, country, and gender information is important to ensure optimal gameplay and to enhance the app for you.

We do not collect personal data from children under 13 years of age without prior consent from parents or legal guardians. However, certain information may be automatically collected during app usage, such as device information, usage data, and error reports. These data are anonymized and aggregated to enhance and optimize the app.

When you send us an inquiry, you will receive a response from us. Be assured that we do not share either your child’s gameplay data or personal information with third parties.

How we process data in the Occto App:

Scope of Processing:

Within the Occto App (hereinafter referred to as the “App”), the data controller only collects the age, country, and gender of the user. When you send a message via the data controller’s contact form, they collect the personal data you provide (first name, last name, email address, message content). Additionally, they collect your IP address and log files containing the date and time of message transmission. If you create an account with login, your email address and name will be collected.

Purpose of Processing:

The age, gender, and country information is processed to adapt and present learning methods and media content specifically for the target audience. The data collected through the contact form is solely used to associate and respond to your inquiry.

Legal Basis for Processing:

The processing of personal data can also occur based on the legitimate interests of the data controller according to Art. 6(1)(f) of the General Data Protection Regulation (GDPR).

Legitimate Interest:

The data controller has a legitimate economic interest in being accessible through their contact forms and (electronic) communication channels to process and respond to inquiries from individuals interested in their products. They also have a legitimate interest in safeguarding their app to the best of their ability against misuse, fraud, and attacks on IT security.

Recipients or Categories of Recipients:

Your personal data is typically processed by the data controller. They only share your personal data obtained through electronic communication channels with external recipients as necessary on a case-by-case basis to process your inquiry.

Duration of Storage:

Your personal data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection and in accordance with contractual, commercial, or tax retention obligations. Invoice receipts are stored for 10 years, while business letters are retained for 6 years.

Obligation to Provide Data:

Your personal data such as title, first name, last name, and email address are required to transmit the inquiry through the contact form to the data controller. Otherwise, the provision of your personal data is voluntary. In case you do not provide your personal data, the data controller might not be able to process or respond to your inquiries, requests, or wishes. If you do not provide or provide an incorrect email address in the contact form, the data controller will not be able to respond to you.

Right to Object and Erasure:

As a user, you have the right to object to the processing of your personal data based on Art. 6(1)(e) or (f) of the GDPR at any time for reasons arising from your particular situation (Art. 21(1) GDPR). If the processing of your data is based on your consent or a contract, you do not have the right to object.

Transfers to Third Countries:

No personal data is transferred to third countries (outside the EU).

Detailed information about the processing of personal data

a) Server Access Log File

We log accesses to our servers. To display the content of the app, accessing our servers is necessary with each use of the app. The following data is processed: date and time of access, transferred data volume, app version, operating system used by you, your IP address, and the requesting provider. This is necessary to ensure the security of the servers. We process this data based on our legitimate interests according to Art. 6(1)(f) GDPR to ensure the security of the servers. The log file is deleted after seven days, unless it is needed for clarification or to provide evidence of specific legal infringements that have become known within the retention period.

b) Hosting

As part of hosting, all data to be processed in connection with the operation of this app is stored. We process such data based on our legitimate interests according to Art. 6(1)(f) GDPR to enable the operation of the app. For providing our online services, we use services from web hosting providers.

c) Contact

If you contact us, your data (name, contact details as provided by you) and your message will be processed solely for the purpose of handling and processing your inquiry. We process this data based on Art. 6(1)(b) GDPR for the fulfillment of a contract and/or to fulfill our pre-contractual obligations, or based on our legitimate interests according to Art. 6(1)(f) GDPR to process your inquiry.

d) Newsletter

In order to regularly provide you with information about our company and our offers, we offer a newsletter. With your newsletter subscription, we process the data you enter (email address and any other voluntary information). The newsletter subscription takes place in the so-called double opt-in procedure. To prevent abuse, we send you an email after your subscription, asking you to confirm your subscription. To be able to prove the subscription process in accordance with legal requirements, your subscription is logged. The sending of the confirmation email for your subscription and the associated data logging are based on our legitimate interest to prove your proper subscription according to Art. 6(1)(f) GDPR, and the sending of the newsletter is based on your consent according to Art. 6(1)(a) GDPR.

e) Profile Data

By creating a user account, you consent to the storage of your master data (name, email address), your usage data (username, password), and your engagement data (which projects you participate in and the number of hours worked). This allows us to identify you as a customer, and you can use all the functions of the app. The data processing is based on Art. 6(1)(b) GDPR for the fulfillment of a contract.

f) Data Input within App Functions

When you enter data within the app’s functions – such as messages in the chat function – we process this data. This is necessary to provide you with the respective functions. We process this data based on Art. 6(1)(b) GDPR for the fulfillment of a contract.

g) Organizational Data

If you use our services as an organization, we primarily process data of the organization and not of individuals. However, personal data may still be included (e.g., contact details of the contact person, contact number). These are processed for the purpose of displaying the organizational profile. We process this data based on Art. 6(1)(b) GDPR for the fulfillment of a contract.

h) Cookies, Analysis, and Marketing

To enable the use of certain functions, we use so-called cookies. These are small data packets that are stored on your end device and exchanged with other providers. Some of the cookies we use are deleted immediately after closing the app (session cookies). Others remain on your end device and allow the app to recognize you on your next visit (persistent cookies). Data processing based on cookies that serve solely to provide the functionality of our offering is done based on our legitimate interests according to Art. 6(1)(f) GDPR. You can delete all cookies stored on your end device and set common browsers to prevent the storage of cookies. In this case, you may have to accept limitations of certain functions. We use additional services in connection with the following functionalities: [information about additional services]

Data Processing via Google Analytics for Firebase (Google Ireland Limited)

Our app utilizes technologies from Google Firebase that help us improve app functionality and performance. Please note that Google Firebase has its own privacy policies.

Our app utilizes technologies from Google Firebase. Google Firebase is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Firebase is a development platform that offers various services. An overview of the services offered by Google Firebase can be found at:

Some of the Google Firebase services use “Instance IDs.” Instance IDs are unique identifiers assigned with a timestamp, allowing the linking of different events or processes related to the app. According to Google, these data are used for analyzing and optimizing user behavior, such as evaluating crash reports. Instance IDs do not process personally identifiable information, according to Google.

Further information about the use of “Instance IDs” and the management of the associated data can be found at:

We use the following services in connection with Google Firebase:

a) Firebase Analytics

We use the analysis service Firebase Analytics to observe and evaluate user behavior in this app. In mobile apps, there are no cookies. Instead, identifiers (ad IDs) issued by the mobile device’s operating system are used, which can be reset by the user. These ad IDs are used to track user activities and for optimization purposes.

When using Firebase Analytics in the standard version, the following data types are processed: number of users and sessions, session duration, operating systems, device models, region, first launches, app executions, app updates, and in-app purchases.

A complete list of events and user properties automatically captured in Google Firebase can be found at:

and at:

The data obtained through the use of Firebase Analytics is processed due to our predominant interest in optimizing our online offering according to Art. 6(1)(f) GDPR.

You can object to Google’s data collection at any time with future effect by deactivating data collection for Firebase Analytics in the app settings or restricting the use of the ad ID in the device settings of your mobile device.

For Android devices, follow these steps in your device’s menu: Settings > Google > Ads > Reset advertising ID.

For iOS devices, go to Settings > Privacy > Advertising and select “Limit Ad Tracking.”

In the context of using Firebase Analytics, it cannot be excluded that processed data will also be transferred to the USA.

Further information on data protection at Google Firebase can be found at:

Processing location: Ireland – Privacy Policy.

b) Hosting and Backend Infrastructure

These types of services serve the purpose of hosting data and files to make this application manageable and usable. Furthermore, these services can provide a ready-made infrastructure that handles specific functions or entire components for this application.

Some of the services listed below may function through geographically distributed servers, making it difficult to determine the actual location where personal data is stored.

c) Firebase Realtime Database (Google Ireland Limited)

Firebase Realtime Database is a web hosting and backend service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Processed personal data: Usage data; various types of data as described in the service’s privacy policy.

Processing location: Belgium – Privacy Policy.

d) Registration and Login

By registering or logging in, users authorize this application to identify them and grant them access to specific services.

Depending on what is described below, third-party providers may provide registration and login services. In this case, this application may access some data stored by these third-party providers for registration or identification purposes.

Some of the services listed below may collect personal data for targeting and profiling purposes. For more information, refer to the description of each service.

e) Firebase Authentication (Google Ireland Limited)

Firebase Authentication is a registration and login service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). To simplify the login process, Firebase Authentication may use identity services from third parties and store the information on their platform.

Processed personal data: Email. Processing location: Belgium – Privacy Policy.

Data Processing via Unity

a) Scope of Processing

For providing our application, we utilize services from Unity Technologies, Inc. and refer to their privacy policies at Further information on privacy can be found here: In the context of this processing, we collect technically necessary data, including:

  • IP addresses
  • MAC/IMEI/MEID addresses
  • Device identifiers and technical information generated from MAC/IMEI/MEID for limited future device identification
  • Advertising ID such as Apple IDFA or Android Ad ID
  • Device manufacturer and model
  • Operating system and version
  • Browser type
  • Language
  • CPU information including manufacturer and number of CPUs
  • Graphics card information such as type, manufacturer, driver name, version, and graphics API
  • Available system and video RAM
  • Current screen resolution
  • Versions of Unity Player and Unity Editor
  • Operating system identifier (e.g., Mac, Windows, etc.)
  • Checksum of all transmitted data to ensure correct transmission
  • App ID of the installed application

b) Purpose of Processing

We use Unity Technologies’ services for various reasons:

  • Unity Cloud Build: This allows us to access software builds and monitor them to ensure app functionality.
  • Unity Asset Store: Here we find resources like code snippets, graphics, or music for app development.
  • The processing of IP and MAC addresses enables data transfer for app access and downloads. Temporary IP storage is necessary for content transfer. The processing of MAC address and data mentioned in section a) ensures app functionality and error detection/correction. Logging serves app functionality, download optimization, and security. No marketing analysis.

c) Legal Basis of Processing

Processing of IP, MAC, device, and metadata serves app functionality. Based on contract fulfillment (Art. 6(1)(b) GDPR) and legitimate interest (Art. 6(1)(f) GDPR).

d) Legitimate Interests

We have an economic interest in data processing for app provisioning, protection, and development.

e) Recipients or Categories of Recipients

Data is shared with IT department, contractors for hosting/IT resources, and Unity Technologies as per section a).

f) Third-Country Transfer

Some data is transferred to the USA. There is no adequate data protection in the USA, but the transfer is necessary for app operation. Legal basis: Art. 49(1)(b) GDPR.

g) Duration of Storage

Data is deleted when the purpose is fulfilled. For the website, this is after the session ends. IP is stored during the session. Log data is retained indefinitely.

h) Objection and Removal Option

According to Art. 21(1) GDPR, you can object in case of special reasons. Data will no longer be processed unless compelling legitimate grounds override the interests, rights, and freedoms of the data subject, or the processing serves legal claims.

Integration of External Content

We use dynamic content (“Content”) from third parties to optimize the presentation and offering of our app. When using the app, an interface to the application programming interface (“API”) is automatically used to send a request to the server of the respective content provider, during which certain log data (e.g., users’ IP addresses) is transmitted. The dynamic content is then transmitted to our app and displayed there.

Duration of Data Storage

We only store personal data for as long as necessary for the purposes for which they are processed or as long as there is a legal retention obligation. If the storage of data is no longer necessary for providing our services or if there is no legal retention obligation, the data will be deleted or blocked.

Your Rights

You have the right to:

a) receive information about the processing of your data,

b) correct or delete your data,

c) restrict the processing of your data,

d) object to the processing of your data,

e) data portability,

f) revoke your consent to the processing of your data at any time,

g) lodge a complaint with a supervisory authority regarding the processing of your data.

Changes to this Privacy Policy

Our privacy policy may be adjusted at irregular intervals to reflect changes in our services or due to amended legal requirements. The privacy policy will apply in its revised version during your next visit.

European Union (EU)

Unless otherwise indicated, all references in this document to the European Union include all current member states of the European Union and the European Economic Area (EEA).

Legal Notice

This privacy policy solely pertains to this application unless otherwise specified in this document.

Last Updated: August 22, 2023