LinguaFlow

Privacy Policy

Last updated: 7 July 2026

This Privacy Policy explains what personal information LinguaFlow collects, how we use it, and the choices you have. We designed the Service to collect as little data as possible while still giving you a great learning experience.

1. Who We Are

LinguaFlow ("we", "us") operates the language-learning platform at linguaflow-lilac.vercel.app. This Privacy Policy explains how we collect, use, and share personal information about you when you use the Service. If you have questions, email scarpatti74@gmail.com.

2. Information We Collect

Account data. Email address, display name, hashed password (managed by Supabase Auth), target language, CEFR level, and daily-goal preference.

Learning data. Lesson progress, streak, pronunciation scores, flashcard state, voice recordings you submit for scoring, and written practice.

Device data. Browser type, operating system, approximate location derived from IP, and interaction events (page views, feature usage).

Payment data. If you subscribe to a paid plan, our payment processor collects your billing details. We do not store your full card number on our servers.

3. How We Use Your Information

  • Provide, personalize, and improve the Service
  • Score your pronunciation and generate AI coaching (using Azure Cognitive Services and Google Gemini)
  • Send account and billing notifications
  • Send product updates and educational tips (you can opt out at any time)
  • Detect fraud, abuse, and violations of our Terms
  • Comply with legal obligations

4. Legal Bases (GDPR)

If you are in the EU/EEA, we process your personal data based on (a) performance of the contract to provide the Service, (b) your consent for marketing communications, (c) our legitimate interest in operating and improving the Service, and (d) compliance with legal obligations.

5. Sharing and Disclosure

We share personal information only with:

  • Supabase (authentication, database, and file storage)
  • Microsoft Azure (speech synthesis and pronunciation assessment)
  • Google (AI-generated exercises, tutor, and translations via Gemini)
  • Our payment processor (billing only)
  • Legal authorities when required by law

We do not sell your personal information and we do not share it for third-party advertising.

6. AI and Voice Data

When you use pronunciation scoring, we send the target phrase and a short recording of your voice to Azure Cognitive Services for real-time assessment. Azure's data-handling terms apply. The resulting scores are stored in your account so you can track progress; the raw audio is not persisted unless you explicitly save it.

Text prompts sent to Google Gemini for exercise generation, AI tutoring, or on-demand translation are subject to Google's terms. We do not send personal identifiers along with those prompts.

7. Cookies and Similar Technologies

We use strictly necessary cookies for authentication and locale preferences. We do not use third-party advertising cookies. Your browser can be configured to refuse cookies, but the Service will not function correctly without authentication cookies.

8. Data Retention

We retain your personal data while your account is active. When you delete your account, we remove personal identifiers within 30 days, except where retention is required by law (for example, for tax or fraud-prevention purposes).

Aggregated, anonymized learning analytics may be retained indefinitely to improve the Service.

9. Your Rights

Depending on where you live, you may have the right to:

  • Access, correct, or delete your personal information
  • Object to or restrict our processing
  • Withdraw consent for marketing at any time
  • Receive a portable copy of your data
  • Lodge a complaint with your local data-protection authority

To exercise these rights, email scarpatti74@gmail.com. We respond within 30 days.

10. Children's Privacy

The Service is not directed at children under 13 (or the local minimum age of digital consent). We do not knowingly collect data from children under that age. If you believe we have, please contact us and we will delete it.

11. International Transfers

Your data may be processed in the United States, the European Union, or other regions where our service providers operate. We rely on standard contractual clauses and equivalent safeguards for cross-border transfers.

12. Security

We use industry-standard encryption in transit (TLS) and at rest, role-based access control, and audit logging. No system is perfectly secure — please use a strong, unique password and enable multi-factor authentication when it becomes available.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified in-app or by email at least 14 days before they take effect.