Privacy

Privacy Notice

Last updated: June 2026

1. Who we are (data controller)

LifeLang Journal ("LifeLang", "we", "us") is operated by Onurozcan ("the seller"). For the personal data we process about you in connection with the service, the seller acts as the data controller and decides how and why your data is used.

2. What personal data we collect, and why

  • Account data — email, password hash, name. Used to create and secure your account.
  • Profile and learning preferences — target and native language, CEFR level, daily goal, learning purpose. Used to personalize lessons.
  • Journal entries — the text you write. Used to generate your lessons; never shared with advertisers or used to train third-party AI models.
  • Generated lesson content — translations, sentence cards, mini stories, quizzes, audio files derived from your journals. Stored so you can revisit your lessons.
  • Voice samples (optional) — only if you opt into the Voice Beta. Used to create audio versions of your stories.
  • Usage and telemetry — basic logs (timestamps, IP address, browser, errors). Used for security, fraud prevention, and reliability.
  • Subscription metadata — plan, status, period dates, Paddle customer/subscription IDs. Used to give you the features you've paid for. We never see or store your card details — those stay with Paddle.
  • Support messages — what you send us. Used to respond and improve the product.

3. Legal basis for processing (GDPR)

We rely on the following legal bases:
  • Performance of a contract — to provide the account, lessons, and subscription you signed up for.
  • Legitimate interests — to keep the service secure, prevent fraud and abuse, and improve the product.
  • Consent — for the optional Voice Beta and any marketing emails (you can withdraw at any time).
  • Legal obligation — to keep records required by tax, accounting, or other applicable laws.

4. Who we share data with

We never sell your data and never share your journal entries with advertisers. We share the minimum data necessary with:
  • Paddle — our reseller and Merchant of Record. Paddle processes your payment, handles billing, tax compliance, invoices, and refunds. Paddle receives your email, billing address, and payment details directly when you check out.
  • Hosting and database providers — to store account data, journal entries, lessons, and audio files.
  • AI model providers — your journal entry is sent to a language-model provider only for the time it takes to generate your lesson, and only for that purpose. It is not used to train their public models.
  • Email delivery providers — to send transactional emails (sign-in links, receipts, support replies).
  • Professional advisers (legal, accounting) and authorities — where required by law.

5. International transfers

Some of the providers above may process data outside your country of residence, including outside the UK/EEA. Where this happens, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions to protect your data.

6. How long we keep data

  • Account, profile, journals, lessons — kept while your account is active. Deleted within 30 days of account closure (some encrypted backups may persist for up to 90 days).
  • Voice samples and generated audio — deleted when you delete the underlying lesson or close your account.
  • Subscription and invoice data — retained as long as required by tax and accounting law (typically up to 7 years).
  • Logs and telemetry — retained for up to 12 months for security and reliability.
When data is no longer needed, it is deleted or irreversibly anonymised.

7. Your rights

Subject to applicable law (including the UK GDPR and EU GDPR), you have the right to:
  • access the personal data we hold about you;
  • rectify inaccurate or incomplete data;
  • erase your data ("right to be forgotten");
  • restrict or object to certain processing;
  • data portability (receive your data in a portable format);
  • withdraw consent at any time, where processing is based on consent;
  • lodge a complaint with your local data-protection supervisory authority.
We respond to verified requests within one month. You can delete individual entries in Settings → Your journals and your entire account in Settings → Danger zone. For any other request, reply to any email we send you.

8. Security

We apply appropriate technical and organisational measures to protect your data: encryption in transit (HTTPS/TLS) and at rest, hashed passwords, role-based access controls for staff, database row-level security (every table enforces that you can only read your own rows), audit logs, and regular dependency and security reviews. No system is perfectly secure, but we take reasonable steps to protect your information.

9. Cookies

We use a small number of strictly necessary cookies (and equivalent local storage) to keep you signed in and to remember your preferences. We do not use third-party advertising cookies. The Paddle checkout sets its own cookies when you open it; those are governed by Paddle's privacy notice.

10. Children

LifeLang is not directed at children under 16, and we do not knowingly collect personal data from them.

11. Changes to this notice

We may update this notice from time to time. The "Last updated" date at the top reflects the latest revision. Material changes will be communicated in-app or by email.

12. Contact

Questions or requests about your data? Reply to any email we send you. We read everything.

← Back home