Privacy Policy

Last Updated: February 25, 2026

1. Information We Collect

We collect various types of information to provide and improve our Service. This information includes:

Account Information:

  • Email address (for login and communication)
  • Password (stored as hashed value, never in plain text)
  • First and last name
  • Account creation date

Profile & Learning Data:

  • Target language and native language
  • Current proficiency level (CEFR: A1-C2)
  • Vocabulary knowledge (words learned, comprehensibility scores)
  • Reading progress (stories read, sentences completed, time spent)
  • Story preferences (genres, difficulty levels)

User-Generated Content:

  • Story feedback and ratings
  • Comments on stories
  • Feature suggestions or bug reports

Usage & Analytics Data:

  • Features used (story reader, vocabulary tracker, audio player, downloads)
  • Session duration and frequency
  • Screen views and navigation patterns
  • Clicks, taps, and interactions
  • Story selections and reading behavior

Technical & Device Data:

  • Device type (iOS/Android, mobile/tablet)
  • Operating system and version
  • App version
  • IP address and general location (country/region)
  • Browser type (for web app)
  • Crash reports and error logs

Payment Information (When Implemented):

  • Subscription status (free/premium)
  • Payment method type (tokenized - NOT full credit card numbers)
  • Billing history
  • Processed through third-party payment provider (Stripe or similar)

2. How We Use Your Information

We use the information we collect for the following purposes:

To Provide & Personalize the Service:

  • Generate AI stories tailored to your language level and vocabulary knowledge
  • Calculate comprehensibility scores for story recommendations
  • Create translations and audio narration
  • Track your reading progress and vocabulary growth
  • Provide personalized learning insights and recommendations

To Improve Our Service:

  • Analyze usage patterns to understand which features are helpful
  • Monitor AI content quality (accuracy of stories, translations, audio)
  • Test new features and A/B test improvements
  • Train and improve comprehensibility scoring algorithms

To Communicate With You:

  • Send account-related emails (verification, password resets)
  • Notify you of Terms of Service or Privacy Policy updates
  • Respond to support requests and feedback

To Ensure Safety & Security:

  • Detect and prevent fraud, abuse, or security threats
  • Enforce our Terms of Service
  • Comply with legal obligations

AI-Specific Uses:

  • OpenAI: We use third-party AI providers to generate the stories and audio available on the platform. Because these stories are generated by Lingofable and not by individual user prompts, no personal user data, names, or private communications are sent to OpenAI or Inworld AI during the story generation process. These providers only receive the linguistic parameters (e.g., "Spanish, Level A1, Fantasy genre") required to produce the content you see.
  • Inworld AI: Story text is sent to Inworld AI to generate audio narration. No user identifiers are shared.
  • PostHog: Your usage patterns and interactions are tracked to improve user experience and product features.

What We Do NOT Use Your Data For:

  • We do NOT sell your personal information to third parties
  • We do NOT use your email for unsolicited marketing (unless you opt in)
  • We do NOT share your personally identifiable information with AI providers (OpenAI, Inworld AI)

3. Information Sharing & Third-Party Services

We do not sell, trade, or rent your personal information to third parties. We share information with specific service providers who help us operate Lingofable:

Supabase

Purpose: Authentication, database storage, file hosting
Data Shared: All user data (hosts our entire database)
Privacy Policy: https://supabase.com/privacy

PostHog

Purpose: Analytics, product improvement, and error monitoring
Data Shared: Usage patterns, feature interactions, screen views, error reports
Privacy Policy: https://posthog.com/privacy

Other Sharing Scenarios:

  • With your explicit consent
  • To comply with legal obligations (subpoenas, court orders)
  • To protect our rights, safety, or property and that of users
  • In connection with a business transfer (merger, acquisition, asset sale) with user notice

Third-Party Responsibility: Each third-party service operates under its own privacy policy and terms. We are not responsible for their data practices, security breaches, or policy changes. We encourage you to review their policies.

4. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

Technical Measures:

  • Passwords stored using industry-standard hashing (bcrypt/Argon2)
  • Data encrypted in transit (TLS/HTTPS)
  • Data encrypted at rest (Supabase encryption)
  • Access controls and authentication for internal systems

Organizational Measures:

  • Limited employee access to user data (role-based permissions)
  • Internal data handling policies and training
  • Incident response procedures

Limitations:

  • No method of internet transmission is 100% secure
  • We cannot guarantee absolute security
  • Users are responsible for keeping passwords secure

In Case of Breach:

We will notify affected users within 72 hours (GDPR requirement) via email and in-app message, including details of the breach, affected data, and remediation steps.

5. Your Rights & How to Exercise Them

Your Privacy Rights:

All users have the right to:

  • Access: Request a copy of your personal data
  • Correct: Update inaccurate or incomplete information
  • Delete: Request deletion of your account and data
  • Restrict: Object to certain processing of your data
  • Portability: Receive your data in a machine-readable format (JSON/CSV)
  • Withdraw Consent: Opt out of optional data uses

California Residents (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold (WE DO NOT SELL)
  • Right to delete personal information
  • Right to opt-out of sale (not applicable as we don't sell)
  • Right to non-discrimination for exercising CCPA rights

EU/EEA Residents (GDPR):

  • All rights listed above
  • Right to lodge a complaint with your data protection authority
  • Right to object to automated decision-making (if applicable)

How to Exercise Your Rights:

  1. Email us: team@lingofable.com with subject "Privacy Rights Request"
  2. Specify your request: Access, deletion, correction, etc.
  3. Verify your identity: We may ask for verification to protect your data
  4. Response time: We will respond within 30 days (GDPR/CCPA requirement)
  5. No fee: Exercising your rights is free unless requests are excessive

Analytics Opt-Out:

To opt out of PostHog analytics, enable Do Not Track (DNT) in your browser settings or contact team@lingofable.com. Note that opting out may limit our ability to provide personalized features and support.

Account Deletion:

  • Email team@lingofable.com with subject "Delete My Account"
  • Processing time: Within 30 days
  • What happens: Personal data anonymized or deleted (see Section 7 for retention details)

6. Analytics & Cookies

PostHog Analytics (Cookieless): We use PostHog in cookieless mode to understand how users interact with Lingofable and improve our service. This includes:

  • Usage Analytics: Features used, stories read, reading time, and navigation patterns
  • Performance & Error Monitoring: App performance, crash reports, and error diagnostics
  • User Interactions: Clicks, taps, and feature usage

Cookieless Website Analytics: Our website analytics use memory-only storage and do not set persistent tracking cookies. This means we cannot track website visitors across multiple sessions or visits, protecting your privacy while still allowing us to understand how people use our website.

Mobile App Analytics: In our mobile app, analytics are associated with your user account to provide personalized learning insights, detect and fix errors, and improve your experience. You can opt out by contacting team@lingofable.com.

Do Not Track: We respect the Do Not Track (DNT) browser setting. If you have DNT enabled, our analytics will not initialize.

Data Retention: Analytics data are retained according to our data retention policy. See Section 7 for detailed retention periods.

Essential Cookies:

We only use essential cookies necessary for the service to function:

  • Session cookies: Authentication, keep you logged in
  • Preference cookies: Language settings, UI preferences

No Tracking Cookies: We do not use persistent tracking or advertising cookies on our website.

7. Data Retention & Deletion

We retain your data only as long as necessary to provide our Service and comply with legal obligations.

Retention Periods:

  • Active Account Data: Retained as long as your account is active
  • Account Deletion: Within 30 days of deletion request
  • Analytics Data: Retained according to our data retention policy
  • Legal Compliance Data: Retained as required by law (e.g., financial records for 7 years)
  • Aggregated/Anonymized Data: May be retained indefinitely (cannot identify you)

What Happens When You Delete Your Account:

  1. Personal Identifiers Removed: Email, name, password deleted or anonymized
  2. Vocabulary Data: Reading progress, vocabulary knowledge deleted
  3. User-Generated Content: Feedback and ratings anonymized (author removed)
  4. Analytics: Usage data deleted after retention period
  5. Legal/Fraud Prevention: Some data may be retained if required by law or to prevent abuse

Backup Data:

Deleted data may persist in backups for up to 90 days. Backups are eventually overwritten and data permanently removed.

Cannot Be Deleted:

  • Aggregated, anonymized data that cannot identify you
  • Data required for legal compliance
  • Data needed to prevent fraud or enforce Terms violations

8. International Data Transfers

Our Service operates globally and your data may be transferred to and processed in countries outside your home country.

Data Transfer Locations:

Third-party services process data in multiple countries:

  • OpenAI: United States
  • Inworld AI: United States
  • PostHog: United States or EU (depending on configuration)
  • Supabase: Varies by region (check your service region)

For EU/EEA Users:

Your data may be transferred to and processed in countries outside the EU/EEA. These countries may have different data protection laws than your home country.

Data Protection Mechanisms:

  • Standard Contractual Clauses (SCCs) with third-party providers
  • Adequacy decisions by the European Commission (if applicable)
  • Your consent to international transfers by using the Service

Your Rights:

You have the right to obtain information about transfer mechanisms. Contact team@lingofable.com for details on specific transfers.

9. Children's Privacy

Lingofable is available to users aged 13 and older and is not intended for children under 13. Users between 13 and 17 years old should have parental or guardian consent before using the service. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at team@lingofable.com and we will delete such information.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

  • Material changes will be communicated via email or in-app notification
  • The "Last Updated" date at the top of this page will be changed
  • Your continued use after changes constitutes acceptance
  • For material changes, we may require affirmative re-acceptance

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: team@lingofable.com

We will respond to your inquiry within 30 days.