Privacy Policy

At LinguaLeap, we are committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains how we collect, use, and protect your information when you use our AI-powered language learning platform.

Key Principles:

• Transparency: We clearly explain what data we collect and how we use it
• Minimal Collection: We only collect data necessary to provide our services
• User Control: You have control over your personal data and can request its deletion
• Security: We implement industry-standard security measures to protect your data
• No Sale: We never sell your personal information to third parties

Account Information:

• Name and email address (when you create an account)
• Google account information (when using Google Sign-In)
• Profile picture (optional, from Google account if provided)
• Account preferences and settings

Learning Data:

• Learning progress and performance metrics
• Quiz results and answer patterns
• Time spent on different learning activities
• Learning goals and skill assessments
• Achievement badges and milestones
• Writing samples submitted for AI analysis

Usage Information:

• Pages visited and features used
• Session duration and frequency
• Device type and browser information
• IP address and general location (for security and service optimization)

Payment Information (Pro Users):

• Billing information is processed by Stripe (we do not store credit card details)
• Subscription status and payment history
• Customer ID from Stripe for subscription management

Communications:

• Messages you send to our support team
• Feedback and survey responses

Service Provision:

• Provide personalized language learning experiences
• Track your progress and generate performance analytics
• Deliver AI-powered feedback and content recommendations
• Manage your account and subscription

Service Improvement:

• Analyze usage patterns to improve our platform
• Train and improve our AI models (using anonymized data)
• Identify and fix technical issues
• Develop new features and learning content

Communication:

• Send important account and service notifications
• Provide customer support
• Send marketing communications (with your consent, and you can opt-out)

Legal and Security:

• Comply with legal obligations
• Protect against fraud and security threats
• Enforce our Terms of Service

We Do NOT Sell Your Data:

LinguaLeap does not sell, rent, or trade your personal information to third parties for marketing purposes.

Limited Sharing Scenarios:

• Service Providers: We share data with trusted third-party services (see Section 5)
• Legal Requirements: When required by law, court order, or government request
• Business Transfer: In case of merger, acquisition, or sale of our business
• Safety: To protect the rights, property, or safety of LinguaLeap, our users, or others
• Consent: When you explicitly consent to sharing your information

Anonymized Data:

We may share aggregated, anonymized data that cannot identify you personally for research, analytics, or business purposes.

LinguaLeap uses the following third-party services to provide our platform:

Google Services:

• Firebase: Authentication, database, and hosting services
• Google AI (Gemini): Powers our AI-driven content generation and analysis
• Google Sign-In: Optional authentication method
• Privacy Policy: https://policies.google.com/privacy

Stripe:

• Payment processing and subscription management
• Stripe handles all payment data according to PCI DSS standards
• Privacy Policy: https://stripe.com/privacy

Vercel:

• Web hosting and content delivery
• Privacy Policy: https://vercel.com/legal/privacy-policy

These services have their own privacy policies. We encourage you to review them to understand how they handle your data.

Data Storage:

• Your data is stored in secure Google Cloud infrastructure
• Data is encrypted in transit and at rest
• We use industry-standard security practices and regular security audits

Security Measures:

• HTTPS encryption for all data transmission
• Regular security updates and monitoring
• Access controls and authentication requirements
• Regular data backups with encryption

Data Retention:

• Account data: Retained while your account is active
• Learning data: Retained to provide personalized learning experiences
• Payment records: Retained as required by law and accounting practices
• Support communications: Retained for 2 years for service improvement

Data Location:

Your data may be processed and stored in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international data transfers.

Essential Cookies:

• Authentication cookies to keep you logged in
• Session cookies for proper platform functionality
• Security cookies to prevent fraud

Functional Cookies:

• Theme preferences (light/dark mode)
• Language and learning preferences
• Progress tracking and session state

Analytics:

• We may use analytics to understand how our service is used
• This helps us improve performance and user experience
• Analytics data is anonymized and aggregated

Managing Cookies:

You can control cookies through your browser settings, but disabling essential cookies may affect platform functionality.

Universal Rights (All Users):

These rights apply to all users globally, including those in the EU (GDPR), California (CCPA), and UAE (PDPL):

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Export: Download your learning data
• Opt-out: Unsubscribe from marketing communications
• Restrict Processing: Limit how we process your data
• Object to Processing: Object to certain processing activities
• Withdraw Consent: Revoke consent at any time

Account Deletion:

Regional Compliance:

• EU (GDPR): Full data protection rights including portability and automated decision-making
• California (CCPA): Right to know, delete, opt-out of sale, and non-discrimination
• UAE (PDPL): Access, correction, deletion, portability, and complaint rights

Exercising Your Rights:

1. Use account settings (preferred method for deletion and data export)
2. Email us at [email protected] for other requests
3. We respond within 30 days as required by international law

Age Requirements:

• LinguaLeap is designed for users 13 years and older
• Users under 18 require parental consent
• We do not knowingly collect data from children under 13

COPPA Compliance:

If we discover we have collected information from a child under 13, we will delete that information immediately. Parents who believe their child has provided us with information should contact us at [email protected].

Parental Controls:

Parents can request access to, correction of, or deletion of their child's personal information by contacting our support team.

Global Service:

LinguaLeap is a global service available worldwide. Your data may be transferred to and processed in countries other than your own, including the United States, where our servers and service providers are located.

Regional Safeguards:

• UAE Users: Your data may be transferred internationally with appropriate safeguards per UAE PDPL requirements
• EU Users: We use approved transfer mechanisms and ensure adequate protection for EU-US transfers
• All Users: We ensure appropriate security measures are in place for international transfers
• Our service providers meet international privacy and security standards

Data Protection Compliance:

• We comply with applicable data protection laws in your country
• Standard contractual clauses protect your data during international transfers
• Encryption secures data in transit between countries
• You may request information about transfer safeguards by contacting us

Service Availability:

LinguaLeap is designed to serve users globally while respecting local data protection requirements. We welcome learners from all countries and regions.

Updates:

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors.

Notification:

• Material changes will be communicated via email or platform notification
• We will post the updated policy on our website
• The “Last Updated” date at the top will reflect when changes were made

Your Choices:

Continued use of our service after policy changes constitutes acceptance. If you disagree with changes, you may delete your account and discontinue using our service.

Privacy Questions:

If you have questions about this Privacy Policy or our data practices, please contact us:

Data Protection Officer:

For GDPR-related inquiries, you can contact our Data Protection Officer at [email protected].

Response Time:

We will respond to privacy inquiries within 30 days, or as required by applicable law.