Privacy Policy

Last updated: August 30, 2025

Information We Collect

1. Account and Authentication Information

When you create an account through:

• Google Sign-In: Google User ID, email address, full name, profile picture URL
• Apple Sign-In: Apple ID, email address (may be private relay), full name (first-time only)
• Security tokens: JWT authentication tokens stored securely in iOS Keychain
• Account metadata: Registration date, last login, account status, authentication provider type

2. Learning Profile and Preferences

To personalize your learning experience, we collect:

• Demographics: Age range (6 categories from under-18 to over-60), gender preference
• Language information: Native language, target learning languages, proficiency levels
• Learning goals: Reasons for learning (work, travel, education, personal interest)
• Personal interests: 15+ categories including sports, technology, entertainment, family, pets, music, art
• Study preferences: Skills to improve (speaking, listening, reading, writing), daily study time commitment
• Learning objectives: Specific goals like watching movies, business meetings, academic studies

3. Dictionary and Translation Data

• User dictionaries: Custom word collections, language pairs, creation timestamps
• Translation history: Text translations, corrections, example sentences
• Vocabulary entries: Saved words, phrases, definitions, usage examples
• Translation corrections: User feedback on translation accuracy and quality
• Learning content: Bookmarked translations, notes, personal annotations

4. Learning Analytics and Game Data

• Game performance: Scores, completion rates, step-by-step progress, skill assessments
• Learning statistics: Study time, session duration, progress metrics, achievement levels
• Behavioral analytics: Feature usage patterns, interaction data, learning preferences
• Progress tracking: Skill development, learning milestones, performance improvements
• Leaderboard data: Comparative performance metrics (when participating in community features)

5. Audio and Speech Data

• Voice recordings: Speech samples for pronunciation assessment (processed locally on device)
• Speech recognition data: Transcribed audio for language learning feedback
• Audio permissions: Microphone access for speech-to-text and pronunciation features
• Text-to-speech usage: Audio playback preferences and usage patterns

6. Technical and Device Information

• Device data: iOS version, device model, app version, system capabilities
• Usage analytics: App crashes, performance metrics, feature usage statistics
• Network information: IP address, connection type, general location (country/region)
• App preferences: UI settings, notification preferences, accessibility options

How We Use Your Information

Primary Purposes

• Service provision: Provide and maintain the AavaLingo learning platform
• Personalization: Customize learning content based on your profile and preferences
• Progress tracking: Monitor your learning journey and provide insights
• Synchronization: Sync your data across devices via secure cloud storage
• Feature delivery: Enable games, translations, dictionaries, and community features

Service Improvement

• App development: Improve existing features and develop new functionality
• Performance optimization: Enhance app stability, speed, and user experience
• Content enhancement: Improve translation accuracy and learning content quality
• Research and analytics: Understand learning patterns to improve educational outcomes

Communication

• Service updates: Notify you about app updates, new features, and important changes
• Customer support: Respond to your inquiries and provide technical assistance
• Educational content: Send learning tips, progress updates, and motivational messages (with your consent)

Third-Party Services and Data Sharing

Essential Service Providers

Authentication Services

• Google Sign-In: User authentication, ID token verification
• Apple Sign-In: Privacy-focused authentication with optional email relay
• Data shared: Authentication tokens only (no personal data stored by providers beyond standard OAuth flows)

AI Translation Services

• OpenAI: Text translation, grammar correction, example sentence generation
• Data shared: Text content for translation, language pairs, context for accuracy
• Data processing: Temporary processing for translation services (not stored long-term by OpenAI)
• Purpose limitation: Used only for language learning and translation features

Payment and Subscription Services

• RevenueCat: In-app purchase management, subscription handling
• Data shared: User IDs (not personal identifiers), purchase information, subscription status
• App Store/Google Play: Payment processing through platform-native systems
• Financial data: We do not store credit card or payment information

Data Sharing Limitations

We do not sell, trade, or share your personal information with third parties except:

• With your explicit consent: When you specifically authorize data sharing
• Legal compliance: When required by law, regulation, or valid legal process
• Safety and security: To protect our rights, users' safety, or prevent fraud
• Service providers: With contractors who help operate the app under strict confidentiality agreements
• Business transfers: In connection with mergers, acquisitions, or asset sales (with notice to users)

Data Storage and Security

Security Measures

• Encryption: Industry-standard encryption for data in transit and at rest
• Authentication security: JWT tokens with 1-year expiry, secure keychain storage
• Network security: HTTPS for all API communications, certificate pinning
• Database security: Encrypted MySQL database with access controls and audit logging
• Server security: Regular security updates, vulnerability assessments, and monitoring

Data Location and Transfers

• Primary storage: Secure cloud infrastructure with data center locations in US and EU
• Local storage: Some data cached locally on your device for offline functionality
• International transfers: Data may be transferred internationally with appropriate safeguards
• GDPR compliance: Adequate protection mechanisms for EU user data transfers

Your Privacy Rights

Universal Rights

• Access: Request copies of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Data portability: Export your learning data in a structured format
• Communication preferences: Opt out of marketing communications

GDPR Rights (EU Residents)

• Lawful basis: Processing based on legitimate interest, contract performance, or consent
• Right to object: Object to processing based on legitimate interests
• Restriction of processing: Limit how we process your data in certain circumstances
• Withdrawal of consent: Withdraw consent for consent-based processing
• Supervisory authority: Lodge complaints with your local data protection authority

CCPA Rights (California Residents)

• Know: Right to know what personal information we collect and how it's used
• Delete: Request deletion of personal information
• Opt-out: Opt out of sale of personal information (we don't sell personal information)
• Non-discrimination: Equal service regardless of privacy choices

Account Deletion and Data Retention

Account Deletion Process

When you request account deletion:

• Immediate actions: Account deactivated, login access revoked
• Subscription cancellation: Active subscriptions automatically canceled through RevenueCat
• Data anonymization: Personal identifiers (email, name, auth IDs) replaced with anonymous values
• Learning data: Dictionaries and progress data deleted or anonymized
• System data: Some anonymized data may be retained for analytics and service improvement

Data Retention Periods

• Account data: Retained while account is active, deleted/anonymized upon account deletion
• Learning progress: Retained to provide continuous service, deleted upon request
• Authentication tokens: 1-year expiry, automatically purged
• Analytics data: Aggregated, anonymized data may be retained for service improvement
• Legal compliance: Some data retained as required by applicable laws (tax records, etc.)

Children's Privacy

AavaLingo is designed for users aged 13 and older. We do not knowingly collect personal information from children under 13 without verifiable parental consent. Our learning profile includes age ranges, and we have special protections for users who indicate they are under 18:

• Limited data collection: Reduced profiling for users under 18
• Parental controls: Enhanced privacy settings for younger users
• Content safety: Age-appropriate learning content and community features
• Compliance: Full COPPA compliance for users under 13 (with parental consent)

If you believe we have collected information from a child under 13 without proper consent, please contact us immediately at [email protected].

International Users and Data Transfers

AavaLingo serves users worldwide across multiple languages and regions. We ensure appropriate safeguards for international data transfers:

• Adequacy decisions: Transfers to countries with adequate protection levels
• Standard contractual clauses: EU-approved contracts for data transfers
• Binding corporate rules: Internal policies ensuring consistent protection
• Certification schemes: Participation in privacy certification programs

Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. We will:

• Notification: Notify you of significant changes through the app, email, or website notice
• Effective date: Clearly indicate when changes take effect
• Continued use: Your continued use after changes constitutes acceptance
• Material changes: Obtain fresh consent for material changes affecting your rights

Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

Compliance and Certifications

AavaLingo is committed to maintaining the highest privacy standards:

• GDPR: Full compliance with European General Data Protection Regulation
• CCPA: California Consumer Privacy Act compliance
• COPPA: Children's Online Privacy Protection Act compliance
• App Store Guidelines: Compliance with Apple App Store privacy requirements
• Industry standards: Following best practices for mobile app privacy