privacy policy




Last updated: 11/3/2025


This Privacy Policy explains how N3G UG (haftungsbeschränkt) (“N3G”, “we”, “us”, or “our”) collects, uses, and shares information when you use the Secretly mobile application, our website at https://secretly.school, and related services (collectively, the “Services”). By using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

1) What Secretly does

Secretly lets users create private groups (e.g., within a school class). Each day, Secretly posts several predefined questions to the group. Members submit answers anonymously. Group members can optionally share specific answers to external apps (e.g., Instagram or Snapchat); when shared, the author remains anonymous.

2) Who is the controller?

For the purposes of the EU General Data Protection Regulation (“GDPR”), the data controller is:
N3G UG (haftungsbeschränkt) — Germany
Website: https://n3g.app
Support: support@secretly.school

3) Information we collect

The information we collect depends on how you use the Services and the choices you make. Some information is provided directly by you, some is created when you use the Services, and some is provided by third parties we work with (e.g., Firebase/GCP).

3.1 Information you provide

  • School & Group Details: school selection, school code, class or group information (to place you in the right group/community).
  • Account & Sign-in: phone number (for SMS verification via Firebase Auth) and the one-time verification code.
  • Profile: display name, gender (optional), and profile photo (optional).
  • Content: the answers you submit to daily questions (stored without linking your identity to the specific answer within the group), feedback you send to us, and any reports you file.
  • Permissions & Choices: push notification settings (e.g., whether you allow notifications).

3.2 Information we collect automatically

  • Service Usage: app interactions (e.g., which questions were answered, timestamps, group membership, device events) for service delivery, abuse prevention, and metrics.
  • Device & Technical Data: device identifiers, OS type/version, app version, language, network info, IP address (which may allow approximate location), and push notification token.
  • Diagnostics & Security Logs: logs generated by our backend to keep the Services secure and reliable.
  • Cookies & Similar Technologies (web only): when visiting n3g.app, we may use cookies or similar tools to operate the site and understand usage. You can control cookies in your browser settings; some features may not work without them.

3.3 Information from service providers

We use Google’s Firebase and the Google Cloud Platform (“GCP”) to operate core parts of the Services (e.g., Firestore, Firebase Storage, Firebase Auth, Firebase Cloud Messaging, Cloud Functions, Cloud Tasks, and related infrastructure). These providers process data on our behalf.

4) How we use information (purposes & legal bases)

  • Provide and operate the Services (create/manage groups, deliver daily questions, store and display anonymous answers, enable optional sharing, send push notifications, and provide support). Legal basis: performance of a contract and our legitimate interests.
  • Account authentication and safety (phone-number sign-in, verification, fraud/abuse detection, moderation, and enforcing our Terms). Legal basis: performance of a contract, legitimate interests, and legal obligations.
  • Improve the Services (troubleshooting, analytics, quality, and feature development using aggregated or de-identified insights where possible). Legal basis: legitimate interests.
  • Communications (service messages, support replies, and push notifications about activity in your groups). For marketing communications (if any), we will ask for consent where required. Legal basis: performance of a contract, legitimate interests, and consent (where required).
  • Legal & compliance (comply with law, respond to lawful requests, and protect the rights, safety, and property of users and N3G). Legal basis: legal obligations and legitimate interests.

5) How anonymity works in Secretly

Within a group, answers to daily questions are shown without the author’s identity. We do not display who wrote a specific answer. We do, however, maintain the minimum metadata necessary to operate the Service safely (e.g., group membership, device or account signals, and logs) and to investigate abuse, spam, or threats. When you choose to share an answer to external apps, we only share the answer content and any share card/graphic—not the identity of the author.

6) How we share information

  • Service Providers (Processors): Firebase and GCP services host and process data for us. We may also work with vendors for content moderation, security, analytics, messaging, and customer support. These parties process data under contracts that limit their use to our instructions.
  • Legal, Safety, and Rights: we may disclose information to comply with law or enforce our terms, or to protect users, the public, or N3G.
  • Business Transfers: in the event of a reorganization, merger, or sale, information may be transferred as part of that transaction subject to this Policy.
  • With Your Direction: when you use a share feature to export an answer to another app, we share only the content necessary for that feature; the author remains anonymous.

7) Children & students

Secretly may be used by school communities. If you are under the age required by your country to consent to data processing (e.g., 16 under GDPR in some EU Member States), you must have verifiable consent from your parent or legal guardian, or your school must provide an appropriate legal basis. Schools or organizers who invite students to Secretly are responsible for obtaining any required permissions and for compliance with applicable education and child privacy laws.

8) International data transfers

We may process and store information in the European Economic Area (EEA), the United States, or other countries where our service providers operate. Where required, we use appropriate safeguards for cross-border transfers (e.g., Standard Contractual Clauses) and take additional measures as appropriate.

9) Data retention

We keep personal data only as long as necessary for the purposes described above, including operating the Services, improving safety and security, complying with legal obligations, and resolving disputes. We strive to de-identify or delete data when it is no longer needed.

10) Security

We use administrative, technical, and organizational measures appropriate to the risk to help protect information (including encryption in transit, access controls, and monitoring). No system is perfectly secure; we cannot guarantee absolute security.

11) Your rights

Depending on your location, you may have rights under data-protection laws, including the right to request access, rectification, erasure, restriction, portability, and to object to certain processing, as well as the right to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with your local supervisory authority (for Germany, see the competent data protection authority of your federal state).

To exercise your rights, contact us at support@secretly.school. We may need to verify your identity and jurisdiction before fulfilling your request.

12) Third-party sites and apps

The Services may link to or interoperate with third-party sites and apps (e.g., when you share an answer to a social app). Those services are governed by their own terms and privacy policies. We are not responsible for their practices.

13) Push notifications

With your consent, we send push notifications (e.g., daily questions or group activity). You can change your preferences in your device settings at any time. We process your device’s push token solely to deliver these notifications.

14) Contact us

Questions or concerns? Contact support@secretly.school.

15) Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will take steps to notify you (e.g., in-app notice or on our website) and indicate the “Last updated” date above. Your continued use of the Services after an update means you accept the changes.

Summary of key data flows: Secretly uses Google Firebase and GCP (Firestore, Firebase Storage, Cloud Functions, Cloud Tasks, Firebase Auth, Firebase Cloud Messaging and related infrastructure) to authenticate users by phone number/SMS, store group membership and anonymous answers, deliver daily questions and push notifications, and keep the platform secure and reliable. Users can optionally share individual answers to external social media apps; the author’s identity is not shared.