Privacy Policy
Last updated: July 2026 — template pending legal review.
1. Controller
Eurolingo — controller details and contact to be completed before launch.
2. What we collect
- Account data: email, display name, year of birth (age verification), password hash.
- Learning data: course enrollment, lesson progress, exercise answers, mistakes, XP, streaks.
- Conversation data: messages you send to the AI coach and roleplay partner.
- Subscription data: plan, billing status (payment details are processed by Stripe, not stored by us).
- Technical data: timezone and UI language you set. We use no third-party trackers or advertising cookies.
3. Why (legal bases)
- Providing the service you signed up for (contract, Art. 6(1)(b) GDPR).
- AI coaching: your messages are sent to our AI providers (e.g. Anthropic, OpenAI) solely to generate the response (contract).
- Security, abuse prevention and rate limiting (legitimate interest, Art. 6(1)(f)).
4. Processors & transfers
We use hosting and AI processors under data-processing agreements. Where processing occurs outside the EU/EEA, we rely on adequacy decisions or standard contractual clauses. The production database is hosted in the EU.
5. Retention
Your data is kept while your account exists. Deleting your account removes all personal data immediately and permanently (hard delete, including conversations and progress).
6. Your rights
Access, rectification, erasure, restriction, portability, objection, and complaint to a supervisory authority. Export and deletion are self-service in your profile — no email required.
7. Cookies
We use only strictly necessary cookies: a session refresh token (httpOnly) and your language preference. No consent banner is required for these.
8. Children
Eurolingo is for users aged 16 and up; we verify via year of birth at signup.
9. Contact
privacy@eurolingo.example (replace with your real contact before launch).