Privacy Policy

1. Data Controller

[Name, address of the data controller]

Contact: [email address]

2. Data We Collect

• Email address and password (encrypted) upon registration
• Audio and video recordings that you upload
• Transcripts of your recordings (speech-to-text). Note: transcripts are transmitted to external AI providers (Groq, OpenAI as fallback) for analysis — see sections 6 / 6a.
• Vocabulary data: recognized words, frequencies, synonyms
• Language settings (native and foreign languages)
• Payment data is processed directly by Stripe (we only store the customer ID)

3. Purpose of Processing

We process your data exclusively to provide vocabulary analysis: Your recordings are transcribed, the words used are analyzed, and personalized synonym suggestions are generated.

4. Legal Basis

Processing is based on your consent pursuant to Art. 6(1)(a) GDPR, which you grant upon registration.

5. Storage

Your data is stored on S3-compatible cloud storage in the EU region. Audio and video files are stored encrypted.

6. Third-Party Services

• Groq (Whisper API) — Primary service for converting audio to text (speech-to-text). Audio recordings are transmitted to Groq for transcription (processing in the USA, third country under GDPR). Legal basis: Standard Contractual Clauses under Art. 46 GDPR, unless an adequacy decision applies. The provider only holds audio data during API processing — no persistent storage mediated by us.
• OpenAI Whisper API — Fallback service for transcription if Groq is unavailable. Audio recordings are then transmitted to OpenAI (USA, third country); same legal basis (Standard Contractual Clauses, Art. 46 GDPR).
• Groq (Llama 3.x, Large Language Model) — For automated language analysis (CEFR level classification, synonym generation, filler-word detection). Transcripts and/or recognized words are transmitted to Groq during processing (USA, third country; Standard Contractual Clauses, Art. 46 GDPR).
• OpenAI — Fallback service for LLM tasks when Groq is unavailable. Same legal basis.
• Stripe — For payment processing of premium subscriptions. Payment data is processed directly by Stripe.

6a. Purpose of AI analysis (which data is sent to the LLM)

We use external AI services (primarily Groq, with OpenAI as fallback) for the following analyses. Per analysis, only the data category actually required is transmitted:

• CEFR level classification (A1–C2) — your full recording transcript is transmitted together with the language code. The response is a classified proficiency level.
• Synonym generation — a single recognized word is transmitted together with the language code. The response is a set of synonyms, cached across users.
• Filler-word detection — a list of recognized words is transmitted (without transcript context). The response is filler-word candidates that you subsequently confirm or reject.
• Question generation (admin-only function) — topic metadata is transmitted, NO user data. Result: new prompt questions for the catalog.

6b. Mobile App Sunset (April 2026)

The native mobile app (Android/iOS via Expo) was discontinued on 20 April 2026. Existing preview-APK installations will not receive further updates and should no longer be actively used. All features are fully available via the web app at https://app.ll.ssd.mrjb.me (desktop + mobile viewport). This sunset decision does not change data processing by the existing web service — the same third-party providers (Groq, OpenAI, Stripe) continue to apply. Notice under Art. 13(3) GDPR to inform you of changes to the service.

7. Your Rights

You have the right at any time to:

• Access — What data we have stored about you
• Data export — Download all your data as JSON (under Settings → Privacy)
• Deletion — Complete deletion of your account and all data (under Settings → Privacy)
• Revocation — You can revoke your consent at any time by deleting your account

8. Contact

For questions about data protection, contact: [email address]