Privacy Policy

Last updated: 1/14/2026

1. Who We Are

This website and service (collectively, the "Service") helps users learn languages through phrase‑shadowing practice. For the purposes of UK and EU data protection law, we act as the data controller for the personal data described in this policy.

Contact email: hello@lingopaper.com

2. Scope of This Policy

This Privacy Policy describes how we collect, use, disclose, and protect your personal data when you:

  • Create an account or sign in with Google Sign‑In or email/password
  • Use the Service through our website, mobile interface, or Chrome app
  • Communicate with us or interact with the Service

3. Personal Data We Collect

Account Identifiers

  • For Google Sign-In: Google UID, display name, email address, profile photo
  • For Email/Password: Email address

Learning Content

  • Phrase collections you create or import
  • Audio you record or upload
  • Background images you upload
  • Custom text content you generate

Usage Statistics

  • Total phrases listened to
  • First practice dates per language pair
  • Daily usage counts and activity timestamps
  • Language pair preferences

Preferences & Settings

  • Romanization toggle preferences
  • Theme preferences (dark/light mode)
  • Visual effects settings

Device & Log Data

  • IP address
  • Browser type and operating system
  • Time zone and error logs

Cookies & Similar Technologies

  • Firebase authentication cookies
  • Local storage for caching audio and UI preferences

We do not intentionally collect sensitive personal data such as health information, biometric data, or government‑issued identifiers. Please do not upload such information.

4. How We Use Your Personal Data

To Provide the Service

We use your data to:

  • Create and manage your account
  • Authenticate you via Google or email/password
  • Deliver core learning features including phrase shadowing, TTS playback, and collection management
  • Provide statistics dashboards and progress tracking

Legal basis: Performance of a contract (Art. 6(1)(b) UK GDPR)

To Improve and Personalise

We use your data to:

  • Generate AI‑powered phrase suggestions and Romanizations
  • Conduct analytics to improve UI, features, and performance
  • Understand how the Service is used and make improvements

Legal basis: Legitimate interests in improving and personalising the Service (Art. 6(1)(f) UK GDPR)

For Security and Legal Compliance

We use your data to:

  • Maintain security, debug issues, and prevent fraud
  • Comply with legal obligations (tax, accounting, consumer protection)

Legal basis: Legitimate interests (Art. 6(1)(f)) and compliance with legal obligations (Art. 6(1)(c) UK GDPR)

To Communicate With You

We may contact you about service updates or material changes to these terms.

Legal basis: Performance of a contract and legitimate interests

If we rely on consent for any processing (e.g., optional marketing emails), we will obtain it separately and you may withdraw it at any time.

5. AI‑Generated Content & Automated Processing

The Service may use machine‑learning models to suggest phrases or generate text‑to‑speech audio ("AI Features"). These features enhance your language‑learning experience by providing suggested content and audio pronunciation.

AI Features do not make legal or significant decisions about you. They simply provide learning suggestions based on language patterns. You should independently verify important translations or pronunciations.

6. Sharing & Disclosure

We only share personal data as described below:

Service Providers

We use third‑party service providers under data‑processing agreements to operate the Service:

  • Google LLC – Firebase Authentication, Firestore Database (EU multiregion), Firebase Storage, Cloud Functions, and Cloud Text‑to‑Speech for audio generation
  • Mixpanel – Analytics and usage tracking to understand how users interact with the Service
  • Microsoft Clarity – Session recording and heatmaps to improve user experience

Legal & Safety

We may disclose data if required by law, court order, or to protect rights, property, and safety.

Business Transfers

In connection with a merger, acquisition, or sale of assets, provided the recipient honours this policy.

We do not sell or rent personal data to third parties.

7. International Data Transfers

Your data is primarily stored in Google Cloud's EU multiregion data centres to ensure it remains within the UK/EU where possible.

Limited technical personnel outside the UK/EU may access data for support and maintenance purposes. Where data is transferred outside the UK/EU, we rely on Standard Contractual Clauses approved by the UK Information Commissioner's Office and implement strict access controls.

8. Security Measures

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption at rest and in transit using industry‑standard TLS protocols
  • Role‑based access controls and least‑privilege principles
  • Firebase App Check to restrict backend access to verified clients
  • Regular security patches, vulnerability assessments, and code reviews
  • Continuous encrypted backups with redundancy

No system is 100% secure. While we strive to protect your data to industry standards, we cannot guarantee absolute security.

9. Cookies & Local Storage

We use authentication cookies and browser local storage to:

  • Keep you signed in
  • Cache audio files for faster playback
  • Store UI preferences
  • Collect aggregated usage analytics

You can control cookies via your browser settings, but blocking them may impair core functionality of the Service.

10. Data Retention

We retain personal data only as long as necessary to fulfil the purposes described in this policy:

  • Active accounts: Data retained for the life of the account
  • After account deletion: Personal data (including cached audio) deleted or anonymised within 30 days
  • Server logs: Retained for up to 90 days for security and diagnostics

Aggregated, non‑identifiable data may be retained indefinitely for analytics and service improvement.

11. Your Rights

Under UK and EU data protection law, you have the following rights:

  • Access: Obtain a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit processing under certain conditions
  • Portability: Receive your data in a structured, machine‑readable format
  • Objection: Object to processing based on legitimate interests
  • Consent Withdrawal: Withdraw consent at any time where processing is based on consent
  • Complaint: Lodge a complaint with the UK Information Commissioner's Office (ICO) or your local supervisory authority

To exercise your rights, contact us at hello@lingopaper.com. We may need to verify your identity before fulfilling requests.

12. Children's Privacy

The Service is not directed to children under 16 years of age (or the age of digital consent in your country, whichever is higher). We do not knowingly collect personal data from children.

If you believe a child has provided us with personal data, please contact us at hello@lingopaper.com so we can delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide reasonable notice via the Service interface or by email, and update the "Last updated" date at the top of this page.

Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

14. Contact Us

For any questions about this Privacy Policy or our data practices, please contact us at:

Email: hello@lingopaper.com