Privacy Policy

1. Introduction

Easy Word ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our vocabulary learning platform ("the Service"). This policy complies with the General Data Protection Regulation (GDPR) and applicable Polish and EU data protection laws.

2. Data Controller

The data controller responsible for your personal data is Easy Word. For any questions regarding your data, please contact us at: privacy@easyword.app

3. Data We Collect

We collect the following categories of personal data:

• Account information: Name, email address, and profile picture (when using OAuth providers such as Google or GitHub)
• Authentication data: Hashed passwords (for email/password accounts), OAuth tokens
• Learning data: Uploaded documents, vocabulary lists, learning progress, review history, session statistics, and challenge scores
• Subscription data: Subscription tier, payment status, and Stripe customer ID (payment details are processed and stored by Stripe, not by us)
• Usage data: Gamification statistics (XP, streaks, achievements), daily quest progress, and feature usage patterns
• Consent records: Timestamps of when you accepted our Terms of Service

4. How We Use Your Data

We process your personal data for the following purposes:

• Providing and maintaining the Service, including personalized learning sessions
• Processing your vocabulary through our spaced repetition (SM-2) algorithm
• Managing your account and subscription
• Processing payments through Stripe
• Tracking your learning progress and gamification features
• Sending important service-related communications
• Improving and optimizing the Service

The legal basis for processing is the performance of our contract with you (Article 6(1)(b) GDPR), your consent (Article 6(1)(a) GDPR), and our legitimate interests in improving the Service (Article 6(1)(f) GDPR).

5. Data Sharing

We share your personal data only with the following third parties, and only as necessary to provide the Service:

• Stripe: For payment processing (subject to Stripe's Privacy Policy)
• OAuth providers (Google, GitHub): For authentication purposes only
• OpenSubtitles: For subtitle search functionality (premium feature)
• Hosting provider: Our application is hosted on infrastructure that processes your data on our behalf

We do not sell your personal data to third parties.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes. Payment records may be retained for up to 7 years for tax and accounting compliance.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Article 15): You may request a copy of the personal data we hold about you
• Right to rectification (Article 16): You may request that we correct inaccurate data
• Right to erasure (Article 17): You may request that we delete your personal data
• Right to data portability (Article 20): You may request your data in a structured, commonly used format
• Right to restrict processing (Article 18): You may request that we limit how we use your data
• Right to object (Article 21): You may object to our processing of your data based on legitimate interests
• Right to withdraw consent (Article 7): Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at privacy@easyword.app. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of passwords using bcrypt, secure HTTPS connections, and access controls. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

9. Cookies

We use cookies and similar technologies on the Service. Cookies are categorized as follows:

• Necessary cookies: Essential for the Service to function, including authentication session cookies. These cannot be disabled and are exempt from consent requirements under Article 5(3) of the ePrivacy Directive.
• Analytics cookies: Help us understand how you use the Service so we can improve it. These are only set with your consent.
• Marketing cookies: Used to deliver relevant advertisements and track campaign effectiveness. These are only set with your consent.

When you first visit the Service, a cookie consent banner allows you to accept or reject non-essential cookie categories. You can change your preferences at any time by clicking "Cookie Settings" in the website footer. Your consent preferences are stored locally on your device.

10. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a notice on the Service. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

12. Supervisory Authority

If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. In Poland, the supervisory authority is the President of the Personal Data Protection Office (UODO).

13. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at: privacy@easyword.app