Privacy Policy

Who we are

We’re a small start-up registered in Vienna, Austria. You can find our company information under our Impressum:

We treat your data like we would want others to treat our own data, and this is much stricter than most other companies.

We’re currently in a sole-proprietorship business (e.U.) and therefore legally personally liable for any violations. We therefore handle your data with utmost care and sensitivity. We’ll try to write this Privacy Policy in understandable English, in case of questions, please contact our sole-proprietor under

Please understand that for serving you with a language tool, we need to rely on data transfer, and certain features require the use of Third-Party Services (see below). We use industry-standard tools and practices to protect personal data. The main features include: hashing of passwords (no plaintext passwords stored), not storing IBAN or CreditCard Information directly, and not sharing your content without consent.

Our website address is: and you can find this document under

What personal data we collect and why we collect it

1. Website

We run a WordPress site for easy editing and Content Management. We update our PHP version regularly, and also the site is updated automatically. In case of the following elements, WordPress automatically collects some data. We don’t really look at them because we have some analytics solutions under the second point, analytics.


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

When you enter information into a contact form, your details get sent as an email to our mailbox. We then manually process it further. Usually your contact information is also sent.

If you enter your data into another service, such as a google form, you can see the changed URL. We’ll only use secure industry standard partner services for this.


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


On the site we are using Google Analytics, but can’t get the stupid banner to work yet and make our site even slower. We’ll update this privacy policy once we migrate to our future-proof website service, which likely will not be WordPress anymore. We migrated our site to a new WordPress domain and host. However we’re no longer using Google Analytics on the Site.

2. Mobile Applications

In the mobile App we use Firebase analytics, which was acquired and is run by Google. This means it’s secure and compliant with industry standards, and that they anonymise the usage we can track.

We want to understand how our userbase is doing and where we should concentrate our efforts, but also to figure out if the app crashes and why this happened. We track things like how many flashcards you have created, if you’re using our sharing features, how many phrases were downloaded, errors and crashes, etc.

You may create an account with us to use the sharing features of our mobile app. Here you send a password to our server, which we do not store as it is but encrypt it. That way hackers will never be able to steal you username-email-password combination.

The flashcards you create are by default only available locally on your phone. This means that if you deinstall the application all your data will be gone, and we cannot recover them. This means we cannot access your local audio-clips. Unless you share them by creating a phraseset.

If you share your phrases by creating a phraseset, you upload the files encrypted to our server-API. We then store it and return a link. Users with whom this link is shared can unlock it on their phones and download the phrases. This is only possible for authenticated users.

Also there is a front-end that shows the phrases to users who have the right sharing link.

Who we share your data with

So Google Analytics is really useful and around on basically every website you visit. It helps us improve our website by showing site usage statistics and even some demographic statistics (anonymised of course). If you don’t like this you can always visit our site in private mode. On Android, Google receives the audioclips in order to transcribe the text. On iOS, we share this data with Apple to get a voice transcription.

We use OneSignal to do the Notifications management. They’re also pretty industry standards, they recently wrote in a job ad that they send 5 billion notifications per day. Wow! They don’t receive your username though, just an ID for your device.

We also use facebook to run a chatbot service. It’s not actively promoted or developed, but if you interact with us, facebook sends us some data and we send them some data. This partly happens through a chatbot service, which is called Chatfuel. We asked and they delete your data if we delete it from the user panel. They make it easy to develop a chatbot, but we may switch to another service later, of course industry standard.

How long we retain your data

We follow your facebook policy and indefinitely save the phrases uploaded, unless you request their deletion. It may be possible that we mess up and all this data is deleted or can no longer be accessed anymore. We therefore cannot guarantee or take any liability in case your shared data is deleted by us, be it on purpose or on accident.

We may decide to end our services and turn off our infrastructure. But with your purchase you support our product and mission to improve language learning.

Email and whatsapp is also kept indefinitely, unless we found out in the coming 7 years that there’s a policy to delete them, or we end our services.

For the website, if you leave a comment, the comment and its metadata are retained indefinitely or until we migrate our site (which we will likely do every few years anyway). This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

If you agree to participate in a study, we may share your results with universities or researchers, under a standard Data Privacy Agreement.

Also some of the third-party services may receive user data from us, like facebook. This is in order to give you the best service we can.

Our contact information

See our Impressum

Additional information

How we protect your data

We encrypt personal data where necessary, we use reliable and secure third-party services, we handle your communications with care and discretion. We wrote this privacy policy to explain it.

What data breach procedures we have in place

If we find out that someone has accessed and possibly stolen senstive data, we will update this notice here and send a tweet or facebook message or something. In severe cases we’ll contact users by email. Also we have to notify authorities within 24 hours or so.

And so far no data breaches here.

What third parties we receive data from

Facebook, Instagram, Mailchimp, Google, Chatfuel

These company all have their Data Processing Agreement (DPA) with us, as is standard in the industry.

What automated decision making and/or profiling we do with user data

None so far, but as soon as we start collecting more data we may experiment with some suggestion models using Machine Learning to understand your preferences.

By the time we will introduce this suggestion feature though, we will also give you an option to share phrases publicly or privately. Privately shared phrases will not be used for these analyses.

Industry regulatory disclosure requirements

Austrian, American, and European Data Privacy Legislation apply to our data processing.