Langphy Logo
LANGPHY

Privacy Policy

Effective Date: July 1, 2025 | Version 1.0

This Privacy Policy explains how Langphy, developed and operated by Niloy Rudra and Kheya Nandi ('we', 'us', or 'our'), collects, uses, stores, protects, and shares your personal information when you use the Langphy Android application ('App'). By using the App, you agree to the practices described in this policy.

1. Who This Policy Applies To

This policy applies to all users of the Langphy Android application, regardless of geographic location. Users in the European Economic Area (EEA), United Kingdom, or other jurisdictions with specific data protection laws may have additional rights described in Section 10.

2. Information We Collect

2.1 Information You Provide Directly

When you register and use Langphy, you provide:

  • Email address — used for account creation, OTP-based email verification, and account-related communications.
  • Password — stored in irreversibly hashed form. Your password is never stored or transmitted in plain text.
  • Profile information — optionally, your first name, last name, username, and a profile image.

2.2 Learning and Activity Data

As you use the App, the following data is generated and stored to power your learning experience:

  • Lesson completion records — which lessons you have completed, your scores, and time spent per lesson.
  • Session performance data — accuracy and duration per learning session (reading, listening, speaking, writing, quiz, practice).
  • Streak data — your daily learning consistency, including current streak count, longest streak, and last activity date.
  • Vocabulary data — German words and phrases you have studied, including their part of speech and English meanings.
  • Learning progress — completion percentage across units and lesson types.

This data is first stored locally on your Android device in a SQLite database (offline-first), then synchronized to our secure backend servers when an internet connection is available.

2.3 Speech and Audio Data

When you use the speech recognition features:

  • Your device microphone captures audio of your spoken German.
  • This audio is transmitted over an encrypted (TLS) connection to our own speech processing infrastructure, which uses the Whisper open-source model. No audio is sent to third-party AI companies.
  • Audio is processed to evaluate pronunciation and generate feedback scores (similarity, pronunciation score, transcription).
  • Audio recordings are not permanently stored after the exercise is complete. Only the derived result data is retained as part of your lesson record.
  • Audio data is never used for advertising, voice profiling, or any purpose other than delivering the learning exercise.

2.4 Technical and Device Data

We may collect limited technical data through our own infrastructure, including:

  • Device operating system version and app version — for compatibility and debugging.
  • Error and crash logs — to identify and resolve technical issues.

2.5 Information We Do Not Collect

Langphy does not collect:

  • Precise geolocation or GPS data.
  • Your device contacts, call logs, or messages.
  • Biometric data (speech audio is transient and not retained).
  • Payment information (the App is currently free of charge).
  • Browsing history or data from other apps on your device.
  • Advertising identifiers.

3. How We Use Your Information

We use the information collected solely for the following purposes:

  • Account creation and authentication — to create, manage, and secure your account.
  • Email verification — to verify your identity during registration via one-time passcode.
  • Learning personalisation — to track progress, maintain streaks, adapt content to your history, and provide performance feedback.
  • Speech assessment — to evaluate pronunciation and provide real-time exercise feedback.
  • Application improvement — to identify bugs, monitor performance, and improve content and user experience.
  • Transactional communications — to send account-related emails such as OTP codes and password reset instructions. We do not send unsolicited marketing emails.

4. Legal Basis for Processing (GDPR)

For users in the EEA or UK, we process personal data under the following GDPR legal bases:

  • Contract performance (Art. 6(1)(b)): Processing necessary to create and manage your account and deliver the service.
  • Legitimate interests (Art. 6(1)(f)): Processing for application security, fraud prevention, and internal performance monitoring.
  • Consent (Art. 6(1)(a)): Processing of microphone/audio data for speech exercises, which you can withdraw at any time via your device settings.

5. Data Storage, Retention, and Security

5.1 Where Data Is Stored

  • On your device: Lesson data, progress, settings, vocabulary, and event queues are stored in a local SQLite database. This enables offline access.
  • On our servers: Account information and synchronized learning data are stored in PostgreSQL databases on a Kubernetes-managed cloud infrastructure. All data is encrypted in transit (TLS) and encrypted at rest.

5.2 How Long We Keep Your Data

  • Account data (email, profile): Retained until you delete your account.
  • Learning data (progress, streaks, performance, and vocabulary): Retained until you delete your account.
  • Speech audio: Not retained — discarded immediately after processing.
  • OTP verification codes: Deleted immediately after use or after a 10-minute expiry.
  • Inactive accounts: We may delete accounts inactive for an extended period with reasonable prior notice.

5.3 Security Measures

We implement the following protections:

  • Passwords are hashed using a secure one-way algorithm before storage.
  • All client-server communication is encrypted using TLS.
  • Database access is restricted through role-based access controls.
  • Our event-driven backend architecture includes idempotency controls to prevent duplicate data writes.
  • Kafka message queues include deduplication guards to ensure data integrity.

No system is entirely immune to security threats. We encourage you to use a strong, unique password and to contact us immediately at support@langphy.com if you believe your account has been compromised.

6. Data Sharing and Disclosure

We do not sell, rent, trade, or share your personal data with third parties for commercial or marketing purposes. Data is shared only in the following limited circumstances:

  • Infrastructure providers: Our hosting providers may process data as part of delivering the underlying technical service. They are contractually restricted from using your data for their own purposes.
  • Email delivery (Resend): Your email address is shared with our email delivery provider solely to send you transactional emails such as OTP codes and account notifications.
  • Legal obligations: We may disclose data if required by law, court order, or legitimate governmental authority.
  • Business transfer: In the event of a merger or acquisition, data may transfer as part of that transaction, with prior notice to you.

7. Future Paid Features and Billing

Langphy is currently free. When we introduce optional paid membership features, any payment processing will be handled entirely by the Google Play Store's billing infrastructure. We will not directly collect or store your payment card information. Any data collected in connection with a subscription will be governed by a supplementary privacy notice presented at the time of subscription.

8. Cookies and Local Storage

Langphy uses local device storage (SQLite) to store your learning data for offline functionality. This is essential to the core functionality of the App and cannot be disabled independently without uninstalling the application. This is not browser-based cookie tracking; it is a technical requirement of the offline-first architecture.

9. Children's Privacy

Langphy is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has created an account without your consent, please contact us at support@langphy.com and we will promptly delete the information.

10. Your Rights and Choices

Regardless of your location, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Correct inaccurate data through your in-app profile settings or by contacting us.
  • Deletion: Request deletion of your account and all associated data from in-app without emailing us at support@langphy.com.
  • Data portability: Request a copy of your learning data in a structured format.
  • Withdraw consent: Revoke microphone access at any time through Android system settings.

Users in the EEA or UK additionally have the right to object to processing, restrict processing, and lodge a complaint with their national data protection authority. We will respond to rights requests within 30 days.

11. Additional Rights for EEA and UK Users

  • Object to processing
  • Restrict processing
  • Lodge complaints with authorities

12. International Data Transfers

Our backend infrastructure may be hosted on servers located in different countries. Where data is transferred internationally, we take steps to ensure it is protected to a standard equivalent to that required under applicable data protection laws.

13. Changes to This Privacy Policy

We may update this Privacy Policy over time, including when we introduce paid features or change our data practices. We will update the effective date and provide reasonable notice of material changes through the application or by email. Continued use of the App after changes constitutes acceptance of the updated policy.

14. Contact

For privacy-related questions, requests, or concerns:

Last reviewed: July 1, 2025. Langphy is an independent application not affiliated with any advertising network, language authority, or government body.