Fluent Diary

Privacy Policy

Last updated: July 29, 2025

We value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our language learning application available on iOS, Android, and Web platforms.

Table of Contents

1. Who We Are

We provide a language learning platform that allows users to practice speaking through audio recordings and receive AI-generated feedback. Our services are delivered via mobile and web applications built with React Native and React Native Web.

2. What Data We Collect

We collect and process the following categories of personal data:

A. User Account Data

  • Authentication Data: Email address, hashed passwords, OAuth tokens (Google, Apple)
  • Profile Information: Native/target languages, learning goals, practice preferences
  • Usage Data: Subscription status, total words read, onboarding completion

B. Audio & Speech Data

  • Recordings: User-submitted voice recordings (stored with signed URLs)
  • Transcriptions: Text transcriptions processed by OpenAI Whisper API
  • Speech Analytics: Metrics like speaking speed, pause patterns, filler words, and confidence scores

⚠️ Important: These voice recordings may be considered biometric data under GDPR in some jurisdictions.

C. Vocabulary & Learning Data

  • Words Learned: Vocabulary items with translations, confidence ratings, context
  • Learning Progress: Grammar scores, linguistic complexity, trend analysis
  • Practice Texts: User-created or selected practice content
  • Grammatical Analysis: AI-driven linguistic processing via OpenAI API

D. Usage Analytics

  • Session Data: Recording duration, timestamp, session type
  • Performance Metrics: Speaking speed, improvement trends
  • Device Information: OS, version, device type, IP addresses

3. How and Why We Use Your Data

We process your personal data for the following purposes:

Purpose & Legal Basis (GDPR)

Provide core app functionality

Contract performance

Improve user experience

Legitimate interest

Personalize learning content

Consent / Contract performance

Analyze speech and vocabulary

Consent

Process subscriptions and payments

Contract performance

Provide user support

Contract performance / Legitimate interest

Track feature usage (analytics)

Consent (via opt-out mechanism)

Referral tracking

Legitimate interest

Share recordings (if user opts-in)

Consent

Notify users of updates/promotions

Consent

4. Third-Party Services

We rely on third-party providers to deliver key services. These processors may have access to your personal data:

Critical Data Processors

  • Supabase – Hosting, authentication, storage of recordings and transcriptions
  • OpenAI API – Audio and text analysis for transcription and grammar
  • PostHog – Analytics and user interaction tracking
  • Sentry – Error tracking and crash reporting
  • Stripe – Payment processing for web subscriptions
  • RevenueCat – Mobile in-app purchases and subscription management
  • Apple / Google OAuth – Social login services
  • Expo – Mobile app infrastructure and over-the-air updates

We have signed Data Processing Agreements (DPAs) with these providers as required under GDPR.

5. International Data Transfers

Your data may be processed or stored on servers located outside the European Economic Area (EEA), including in the United States. We ensure adequate safeguards such as Standard Contractual Clauses (SCCs) are in place for these transfers, in compliance with GDPR.

6. Sharing and Public Data

You may choose to make your recordings publicly accessible via shareable links.

  • Public Content: Anyone with the link can access the shared recordings
  • Public Analytics: View counts, completion rates, and listener data may be visible
  • Referral Tracking: We collect device info, country, and IP address for analytics purposes

⚠️ Note: Please use caution when sharing sensitive content publicly.

7. Data Retention

Audio Files

  • Free Users: Auto-deleted after a set period
  • Premium Users: Stored permanently unless deleted manually

Other Data

  • User Profiles and Learning Data: Retained while account is active
  • Analytics Data: Retained for feature and performance tracking

Users can request deletion of their data or account at any time (see Section 9).

8. Security Measures

We implement strong technical and organizational measures to protect your data:

  • Encryption: All data transmitted over HTTPS
  • Access Controls: Role-based access, Supabase Row-Level Security (RLS)
  • Authentication: Secure OAuth and Supabase Auth
  • Signed URLs: Temporary links for audio access
  • Sanitization: Input filtering for user-generated content

9. Your Rights (GDPR & CCPA)

Under the GDPR and CCPA, you have the right to:

  • Access your data
  • Correct inaccurate data
  • Delete your data (right to be forgotten)
  • Restrict or object to processing
  • Export your data (data portability)
  • Withdraw consent at any time

Exercise Your Rights

You can exercise these rights through the app settings or by contacting us directly:

📧 privacy@fluentdiary.com

11. Children's Privacy

Our services are not directed at children under the age of 13 (or higher age depending on jurisdiction). If we become aware of data collected from a child without parental consent, we will delete it immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Users will be notified via in-app messages, email, or website notices. Please review the policy regularly.

Last updated: July 29, 2025