Privacy Policy

Last updated: 30 March 2026

Developer / Responsible Party

Croche Code - Alexander Fischer
c/o Online-Impressum
#6871 Europaring 90
53757 Sankt Augustin
Germany

Email: contact@crochecode.com

This Privacy Policy explains how TumbleView (“App”) processes personal data when the App is used.

1. Overview

The App allows Tumblr content to be displayed in a visual viewer. Playback does not continue indefinitely without interaction, but is interrupted at regular intervals and can only continue after renewed confirmation.

The App itself does not allow users to upload, modify, or delete Tumblr content.

All displayed content originates from Tumblr and remains subject to the rights of the respective creators and rights holders.

Tumblr is a third-party platform. This App is not affiliated with, endorsed by, or operated by Tumblr.

2. Tumblr Login and Authentication

To use the App, users must authenticate through Tumblr OAuth.

In particular:

• authentication takes place through Tumblr’s official login interface
• the App receives OAuth tokens for authentication
• these tokens allow access to Tumblr content for which the respective user is authorized

The App never stores Tumblr passwords.

OAuth tokens are stored locally on the device using secure storage mechanisms.

Tumblr Privacy Policy:
https://www.tumblr.com/privacy

3. Access via the Tumblr API

The App accesses content through the official Tumblr API.

This may include in particular:

• blog posts
• images
• GIFs
• videos
• blog metadata
• dashboard content
• followed blogs
• liked content

The App only displays content that the respective user is authorized to access.

The developer does not operate a separate backend that permanently stores Tumblr content for this App.

4. Local Device Storage

To ensure functionality and improve performance, the App may store certain data locally on the device, including in particular:

• Tumblr login tokens
• viewer settings and user preferences
• temporary media caches
• session and configuration data
• technical settings

As a rule, these data remain on the device and are not transmitted to the developer’s own servers.

5. Media Cache

Images and other media files may be temporarily cached, buffered, or prefetched on the device to improve performance.

This may include in particular:

• image caching
• video buffering
• preloading media for upcoming items

Cached files remain on the device and may be removed automatically by the operating system or by clearing the app data.

6. Advertising

The App may display advertisements through Google AdMob.

The App is currently configured to request non-personalized ads only. Non-personalized ads are not selected based on a behavioral profile. However, the Google Mobile Ads SDK may still process technical, contextual, and advertising-related data, in particular for:

• ad delivery
• fraud prevention and security
• frequency capping
• aggregated reporting and measurement
• approximate region derived from the IP address
• device identifiers, including advertising identifiers where available
• device and app context
• ad data, such as information about ads shown
• ad interactions and other product interaction events related to advertising
• diagnostic, crash, and performance information used for technical operation, measurement, and improvement of advertising services

Depending on the SDK version, platform behavior, and Google configuration, such processing may involve IP address, approximate location, device and app identifiers, app performance data, diagnostic information, and advertising event data.

Depending on the country or region, consent may still be required before certain advertising-related processing or device access takes place, including in connection with Google’s advertising technologies.

Where legally required and implemented in the App, consent choices are handled through the applicable platform or Google consent flow.

Google Privacy Policy:
https://policies.google.com/privacy

7. Remote Configuration and Crash Reporting

The App uses Firebase Remote Config to control feature rollout and certain runtime settings without requiring an immediate app update.

For this purpose, Firebase may process technical identifiers such as Firebase installation IDs in order to deliver configuration values to a device.

Firebase Privacy Information:
https://firebase.google.com/support/privacy

The App may use Firebase Crashlytics in future versions.

If Firebase Crashlytics is enabled, technical information may be processed, in particular:

• device type and device model
• operating system version
• app version
• timestamps of errors and crashes
• crash reports and technical diagnostic information

These data would be used solely to improve the stability and reliability of the App.

8. Subscriptions and Premium Features

The App may offer optional subscriptions or premium features.

Payments are processed through the Apple App Store or Google Play, depending on the platform.

Subscription status may be processed through RevenueCat.

Where account-linked subscriptions are enabled, the App may transmit a stable Tumblr-derived identifier to RevenueCat in order to associate subscription status with the same user across devices.

The App does not transmit Tumblr passwords to RevenueCat.

RevenueCat Privacy Policy:
https://www.revenuecat.com/privacy

9. Third-Party Services

The App uses or may use the following third-party services:

• Tumblr API
• Google AdMob
• Apple App Store
• Google Play Store
• RevenueCat (for subscription management, where enabled)
• Firebase Remote Config
• Firebase Crashlytics (future, if enabled)

These services have their own privacy policies.

10. Data Sharing

The App does not sell personal data.

Data may only be processed or disclosed to the extent necessary for operating the App through the third-party services listed above.

11. Legal Bases

Where the GDPR applies, processing is based in particular on:

• Art. 6(1)(b) GDPR, where processing is necessary to provide the requested functionality
• Art. 6(1)(f) GDPR, where processing is necessary for security, stability, fraud prevention, and technical operation
• Art. 6(1)(a) GDPR, where consent is required, especially for certain advertising-related processing

12. International Data Transfers

When using third-party providers such as Tumblr, Google, Apple, RevenueCat, or Firebase, personal data may be transferred to countries outside the European Economic Area.

Where required, such transfers take place based on the safeguards used by the respective providers under applicable data protection law.

13. Data Security

Tokens and local settings are protected using appropriate technical and organizational measures.

However, absolute security cannot be guaranteed.

14. Retention

Locally stored data generally remain on the device until:

• the user logs out
• app data are deleted
• temporary cache files are removed
• the App is uninstalled

Retention periods used by third-party providers are governed by their own policies.

15. Children’s Privacy

The App is not intended for children below the minimum age required under Tumblr’s rules or applicable law.

Because Tumblr login is required, Tumblr’s own age rules and access conditions also apply.

16. GDPR Rights

Where the GDPR applies, data subjects may in particular have the following rights:

• access
• rectification
• erasure
• restriction of processing
• data portability
• objection
• withdrawal of consent with effect for the future
• complaint to a supervisory authority

Requests may be sent to:
contact@crochecode.com

17. Changes

This Privacy Policy may be updated at any time.

The version indicated by the date above is the current version.

18. Contact

Croche Code - Alexander Fischer
c/o Online-Impressum
#6871 Europaring 90
53757 Sankt Augustin
Germany

Email: contact@crochecode.com