euEurolingo

Privacy Policy

Last updated: July 2026 — template pending legal review.

1. Controller

Eurolingo — controller details and contact to be completed before launch.

2. What we collect

  • Account data: email, display name, year of birth (age verification), password hash.
  • Learning data: course enrollment, lesson progress, exercise answers, mistakes, XP, streaks.
  • Conversation data: messages you send to the AI coach and roleplay partner.
  • Subscription data: plan, billing status (payment details are processed by Stripe, not stored by us).
  • Technical data: timezone and UI language you set. We use no third-party trackers or advertising cookies.

3. Why (legal bases)

  • Providing the service you signed up for (contract, Art. 6(1)(b) GDPR).
  • AI coaching: your messages are sent to our AI providers (e.g. Anthropic, OpenAI) solely to generate the response (contract).
  • Security, abuse prevention and rate limiting (legitimate interest, Art. 6(1)(f)).

4. Processors & transfers

We use hosting and AI processors under data-processing agreements. Where processing occurs outside the EU/EEA, we rely on adequacy decisions or standard contractual clauses. The production database is hosted in the EU.

5. Retention

Your data is kept while your account exists. Deleting your account removes all personal data immediately and permanently (hard delete, including conversations and progress).

6. Your rights

Access, rectification, erasure, restriction, portability, objection, and complaint to a supervisory authority. Export and deletion are self-service in your profile — no email required.

7. Cookies

We use only strictly necessary cookies: a session refresh token (httpOnly) and your language preference. No consent banner is required for these.

8. Children

Eurolingo is for users aged 16 and up; we verify via year of birth at signup.

9. Contact

privacy@eurolingo.example (replace with your real contact before launch).