Privacy Policy
Who we are
We’re a small start-up registered in Vienna, Austria. You can find our company information under our Impressum: https://lingophant.com/impressum/
We treat your data like we want others to treat our own data, and this is much stricter than most other companies.
We’re currently in a sole-proprietorship business (e.U.) and therefore I, Alex, am personally liable for any violations. We therefore handle your data with utmost care and sensitivity. We’ll try to write this Privacy Policy in understandable English, in case of questions, please contact our sole-proprietor under alex@lingophant.com.
Please understand that for serving you with a language tool, we need to rely on data transfers, and certain features require the use of Third-Party Services (see below). We use industry-standard tools and practices that protect personal data. The main features include: hashing of passwords (no plaintext passwords stored), not storing IBAN or CreditCard Information (using an external payment provider), and not sharing your content without consent.
Our website address is: https://lingophant.com and you can find this document under http://lingophant.com/privacy-policy
What personal data we collect and why we collect it
1. Website
We run a WordPress site for easy editing and Content Management. We update our PHP version regularly, and also the site is updated automatically. In case of the following elements, WordPress automatically collects some data. We don’t really look at them because we have some analytics solutions under the second point, analytics.
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact forms
When you enter information into a contact form, your details get sent as an email to our mailbox, or will land on a Google Drive. We then manually process it further. Usually your contact information is sent as well. We’ll only use secure industry standard partner services for this.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
On the site we are using Google Analytics, but can’t get the stupid banner to work yet and make our site even slower. We’ll update this privacy policy once we migrate to our future-proof website service, which likely will not be WordPress anymore. We migrated our site to a new WordPress domain and host. However we’re no longer using Google Analytics on the Site at the moment.
2. Mobile Applications
In the mobile App we use Firebase analytics, which was acquired and is run by Google. This means it’s secure and compliant with industry standards, and that they anonymize the usage we can track.
We want to understand how our userbase is doing and where we should concentrate our efforts, but also to figure out if the app crashes and why this happened. We track things like how many flashcards you have created, if you’re using our sharing features, how many phrases were downloaded, errors and crashes, etc.
We don’t track the contents of your phrases! For our voice transcription, we even pay 50% extra to Google so they don’t store your voice recording or phrase.
You may create an account with us to use the sharing features of our mobile app. Here you send a password to our server, which we do not store as it is but encrypt it. That way hackers will never be able to steal you username-email-password combination.
The flashcards you create are by default only available locally on your phone. This means that if you deinstall the application all your data will be gone, and we cannot recover them. This means also that we cannot access your local audio-clips. Unless you share them by creating a phraseset.
If you share your phrases by creating a phraseset, you upload the files encrypted to our server-API. We then store it and return a link. Users with whom this link is shared can unlock it on their phones and download the phrases. This is only possible for authenticated users with the link.
And then we will not touch the phrases, except for some small analyses and without your voice recording.
Also there is also a front-end that shows the phrases only to users who have the exact sharing link.
Who we share your data with
So Google Analytics is really useful and around on basically every website you visit. It helps us improve our website by showing site usage statistics and even some demographic statistics (anonymised of course). If you don’t like this you can always visit our site in private mode. On Android, Google receives the audioclips in order to transcribe the text. On iOS, we share this data with Apple to get a voice transcription.
We use OneSignal to do the Notifications management. They’re also pretty industry standards, they recently wrote in a job ad that they send 5 billion notifications per day. Wow! They don’t receive your username though, just an ID for your device.
Our back-end server (that Alex programmed himself) is running on a secured AWS environment with your user password encrypted, and the server password is not shared in the company.
We also use Facebook to run a chatbot service. It’s not actively promoted or developed, but if you interact with us, facebook sends us some data and we send them some data. This partly happens through a chatbot service, which is called Chatfuel. We asked and they delete your data if we delete it from the user panel. They make it easy to develop a chatbot, but we may switch to another service later, of course industry standard.
How long we retain your data
We follow the EU General Data Privacy Regulation (GDPR) and indefinitely save the phrases uploaded, unless you request their deletion or delete your account. After 7 years since your last activity we will likely decide to delete the data. It may be possible that we mess up and all this data is deleted or can no longer be accessed anymore. We therefore cannot guarantee or take any liability in case your shared data is deleted by us, be it on purpose or on accident.
We may decide to end our services and turn off our infrastructure at some point. We may also decide to migrate to a new app, which will mean a loss of data. But with your purchases, you support that we’re running our services and follow our mission to improve language learning.
Email and whatsapp is also kept indefinitely, unless we found out in the coming 7 years that there’s a policy to delete them, or we end our services.
For the website, if you leave a comment, the comment and its metadata are retained indefinitely or until we migrate our site (which we will likely do every few years anyway). This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. You can also delete your account and data yourself, by following these instructions. We cannot recover them and all your data will be removed from our servers.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
If you agree to participate in a study, we may share your results with universities or researchers, under a standard Data Privacy Agreement.
Also some of the third-party services may receive user data from us, like facebook. This is in order to give you the best service we can.
Our contact information
See our Impressum https://lingophant.com/impressum/
Additional information
How we protect your data
We encrypt personal data where necessary, we use reliable and secure third-party services, we handle your communications with care and discretion. We wrote this privacy policy to explain it.
What data breach procedures we have in place
If we find out that someone has accessed and possibly stolen senstive data, we will update this notice here and send a tweet or facebook message or something. In severe cases we’ll contact users by email. Also we have to notify authorities within 24 hours or so.
And so far no data breaches here.
What third parties we receive data from
Facebook, Instagram, Mailchimp, Google.
These company all have their Data Processing Agreement (DPA) with us, as is standard in the industry.
What automated decision making and/or profiling we do with user data
None so far, but as soon as we start collecting more data we may experiment with some suggestion models using Machine Learning to understand your preferences.
By the time we will introduce this suggestion feature though, we will also give you an option to share phrases publicly or privately. Privately shared phrases will not be used for these analyses or be ever suggested to other users.
Industry regulatory disclosure requirements
Austrian, American, and European Data Privacy Legislation apply to our data processing.