• Account Information:
  • Data: Email address, password hash, account creation date.
  • Purpose: To create and manage your user account, allow you to log in, secure your account, and communicate important service-related information.
  • Legal Basis (GDPR Art. 6(1)(b)): Processing is necessary for the performance of a contract (our Terms of Use) with you.
• User Preferences & Learning Data:
  • Data: Language learning preferences, learning data (e.g., vocabulary items marked as learned, review schedules, progress metrics).
  • Purpose: To personalize your learning experience and provide the core functionality of the language learning service.
  • Legal Basis (GDPR Art. 6(1)(b)): Processing is necessary for the performance of a contract with you.
• User-Generated Content:
  • Data: Vocabulary, example sentences, or other text you voluntarily submit to the Service for your personal learning.
  • Purpose: To allow you to personalize your learning materials. We also process this data using third-party AI services (see Section 7) to provide features like translation and pronunciation generation for your benefit. This content is not visible to other users but may be accessed by administrators for service maintenance and support.
  • Legal Basis (GDPR Art. 6(1)(b)): Processing is necessary for the performance of a contract with you (providing the features you use).
• Technical & Security Data (Transient):
  • Data: IP address, accessed endpoints (pages/API routes visited).
  • Purpose: To protect the Service against abuse, ensure security, perform rate limiting, and diagnose technical problems. This data is stored temporarily and is automatically deleted no more than 45 days after it is collected.
  • Legal Basis (GDPR Art. 6(1)(f)): Processing is necessary for our legitimate interests in maintaining the security and integrity of our Service. We have balanced this interest against your rights and freedoms.
• Usage Information (via Cookies & Local Storage):
  • Data: We store your login session identifier in a cookie. We store your user interface preferences (e.g., dark/light mode) in your browser's local storage.
  • Purpose: To keep you logged in across sessions and to remember your interface preferences for a better user experience.
  • Legal Basis (GDPR Art. 6(1)(a)): Your consent, obtained via our cookie consent mechanism.

• To provide and maintain our Service.
• To manage your account and facilitate login.
• To personalize your learning experience based on your preferences and progress.
• To enable features using third-party AI services.
• To monitor the usage of our Service for security, abuse prevention, and technical troubleshooting.
• To communicate with you, potentially including service updates or responding to your inquiries (using your provided email).

• Cookies: We use a persistent cookie solely to manage your login session, allowing you to stay logged in.
• Local Storage: We use browser local storage to remember your user interface preferences.

You can typically manage cookies and local storage through your browser settings. Please note that disabling the essential login cookie will prevent you from logging into the Service.

• OpenAI, L.L.C.: Used for generating translations, generating audio or other language-related features. To enable these features, we send only the relevant text (e.g., the expression to be translated) to OpenAI for processing. No personal identifiers like your email address are included in this request.
• Google Cloud Platform (Google LLC / Google Cloud EMEA Ltd): Used for generating translations, generating audio or other language-related features. To enable this feature, we send only the relevant text (e.g., the expression to be translated) to Google Cloud for processing. No personal identifiers like your email address are included in this request.
• Hosting Provider: Hetzner Online GmbH located in Germany. Provides the infrastructure for the Service, including storing your data securely.

Some of our Data Processors (OpenAI, Google Cloud) may be based outside the European Union / European Economic Area (EEA), primarily in the United States. When your personal data (specifically, the text content submitted for AI features) is transferred outside the EEA, we ensure appropriate safeguards are in place to protect your data in accordance with GDPR requirements.

We recommend you review the privacy policies of OpenAI and Google Cloud for more information on their data handling practices.

• Right of Access: You can request copies of your personal data.
• Right to Rectification: You can request correction of inaccurate data or completion of incomplete data.
• Right to Erasure ('Right to be Forgotten'): You can request the deletion of your personal data under certain conditions (e.g., it's no longer necessary for the purpose it was collected).
• Right to Restriction of Processing: You can request the limitation of how we process your data under certain conditions.
• Right to Data Portability: You can request your data be transferred to you or another controller in a structured, commonly used, machine-readable format (where processing is based on consent or contract and automated).
• Right to Object: You can object to processing based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on consent (like for non-essential cookies/local storage), you can withdraw your consent at any time.