PRIVACY POLICY FOR WORDMILESTONE Last Updated: October 28, 2025 This Privacy Policy describes how WordMilestone ("we," "us," or "our") collects, uses, and shares your personal information when you use our mobile application (the "App"). By using the App, you agree to the collection and use of information in accordance with this policy. IMPORTANT: WordMilestone is intended for users who are 13 years of age or older. We do not knowingly collect personal information from children under 13. If you are under 13, please do not use the App or provide any personal information. --- 1. INFORMATION WE COLLECT 1.1 Account Information When you create an account, we collect: - Email address - Password (encrypted and never stored in plain text) - Account creation date - Learning preferences (daily goal, default language, timezone) If you sign in with Apple Sign-In, we also collect: - Apple User ID - Email address provided by Apple (which may be a private relay email) - Email verification status 1.2 Learning Data To provide personalized language learning experiences, we collect and store: - Words you're learning and your progress on each word - Review history (when you reviewed words, your ratings, and performance) - Languages you're enrolled in and your experience level - Starred or bookmarked words - Learning statistics (XP points, streaks, achievements) - Study session data and timing 1.3 AI Chat Interaction Data When you use the AI chat feature, we collect: - Your messages to the AI assistant - AI responses - Chat session timestamps - Language context for the conversation 1.4 Technical and Security Information To maintain security and provide our services, we collect: - IP address (for security, fraud prevention, and rate limiting) - Device information (user-agent, operating system) - Session information (login times, session tokens) - Failed login attempts (for security monitoring) 1.5 Usage Information We collect information about how you use the App: - Features you access - Audio files you play - Search queries - Achievement unlocks - Calendar and streak data --- 2. HOW WE USE YOUR INFORMATION We use the information we collect to: 2.1 Provide and Improve Our Services - Deliver personalized language learning content using spaced repetition algorithms - Track your learning progress and achievements - Generate audio pronunciations for words and sentences - Provide AI-powered chat assistance for language learning - Sync your progress across sessions 2.2 Maintain Security and Prevent Fraud - Authenticate your identity - Prevent unauthorized access to your account - Detect and prevent fraudulent or abusive activity - Enforce our Terms and Conditions - Rate limit requests to prevent abuse 2.3 Communicate With You - Send important service announcements - Respond to your inquiries and support requests - Notify you of significant changes to the App or this Privacy Policy 2.4 Analyze and Improve - Understand how users interact with the App - Identify bugs and performance issues - Develop new features and improvements - Optimize the learning algorithm --- 3. THIRD-PARTY SERVICES AND DATA SHARING We use the following third-party services to operate the App. These services may have access to your information as necessary to perform their functions: 3.1 OpenAI - Purpose: AI chat functionality, content generation, and translations - Data Shared: Your chat messages, learning context, and language preferences - Privacy Policy: https://openai.com/privacy 3.2 ElevenLabs and Amazon Web Services - Purpose: Text-to-speech audio generation for word pronunciations - Data Shared: Words and sentences for audio synthesis - Privacy Policies: - ElevenLabs: https://elevenlabs.io/privacy - AWS: https://aws.amazon.com/privacy 3.3 Neon Database - Purpose: Database hosting for all user data - Data Shared: All information listed in Section 1 - Privacy Policy: https://neon.tech/privacy-policy 3.4 Apple Inc. (for Apple Sign-In users) - Purpose: Authentication via Apple Sign-In - Data Shared: Apple User ID, email address - Privacy Policy: https://www.apple.com/legal/privacy We do NOT: - Sell your personal information to third parties - Share your data with advertising networks - Use tracking technologies for advertising purposes --- 4. DATA SECURITY We implement appropriate technical and organizational measures to protect your personal information: - Passwords are encrypted using industry-standards - All authentication tokens are securely hashed before storage - Data transmission is encrypted using HTTPS/TLS - Rate limiting prevents brute-force attacks on accounts - Session management includes device and IP verification - Access controls and logging for our systems However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use acceptable means to protect your information, we cannot guarantee its absolute security. --- 5. DATA RETENTION We retain your personal information for as long as your account is active or as needed to provide you services: - Account and learning data: Retained until you delete your account - Chat messages: Retained until you delete your account - Review logs and progress: Retained until you delete your account - Account deletion logs: Retained for compliance and legal purposes --- 6. YOUR RIGHTS AND CHOICES 6.1 Account Management You can update the following information in your account settings: - Daily learning goal - Default language preference - Starred words - Enrolled languages 6.2 Account Deletion You have the right to delete your account at any time. When you delete your account, we will permanently delete: - Your account information - All learning progress and review history - Chat conversation history - Achievements and statistics - Starred words - Session tokens and authentication data To delete your account, use the account deletion feature in the App settings. This action is permanent and cannot be undone. 6.3 Access to Your Information You may request access to the personal information we hold about you by contacting us through the App. 6.4 Opt-Out of Communications You may opt out of non-essential communications by adjusting your account settings or contacting us. --- 7. CHILDREN'S PRIVACY WordMilestone is intended for users aged 13 and older. We do not knowingly collect or solicit personal information from anyone under the age of 13. If we learn that we have collected personal information from a child under 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us with personal information, please contact us through the App. --- 8. CALIFORNIA PRIVACY RIGHTS (CCPA) If you are a California resident, you have specific rights regarding your personal information: 8.1 Right to Know You have the right to request that we disclose: - The categories and specific pieces of personal information we've collected about you - The categories of sources from which we collected your personal information - Our business purpose for collecting your personal information - The categories of third parties with whom we share personal information 8.2 Right to Delete You have the right to request deletion of your personal information, subject to certain exceptions. You can delete your account directly in the App. 8.3 Right to Non-Discrimination We will not discriminate against you for exercising any of your CCPA rights. 8.4 How to Exercise Your Rights To exercise your rights under CCPA, contact us through the App. We may need to verify your identity before processing your request. 8.5 Do Not Sell My Personal Information We do not sell personal information to third parties. We do not sell the personal information of minors under 16. --- 9. INTERNATIONAL USERS Our services are operated in the United States. If you are located outside the United States, please be aware that information we collect will be transferred to and processed in the United States. By using the App, you consent to the transfer of your information to the United States and the processing of your information in accordance with this Privacy Policy. --- 10. CHANGES TO THIS PRIVACY POLICY We may update this Privacy Policy from time to time. We will notify you of any material changes by: - Posting the new Privacy Policy in the App - Updating the "Last Updated" date at the top of this policy - Sending you an email notification (if we have your email address) Your continued use of the App after changes are posted constitutes your acceptance of the updated Privacy Policy. --- 11. DATA BREACH NOTIFICATION In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law. --- 12. CONTACT US If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through the App. --- 13. LEGAL BASIS FOR PROCESSING (For Users in Jurisdictions with Applicable Laws) We process your personal information based on the following legal grounds: - Consent: When you create an account and agree to this Privacy Policy - Contract Performance: To provide the services you've requested - Legitimate Interests: To improve our services, prevent fraud, and maintain security - Legal Obligation: To comply with applicable laws and regulations --- 14. COOKIES AND TRACKING TECHNOLOGIES Our App does not use cookies for tracking or advertising purposes. We use session tokens stored securely on your device for authentication purposes only. --- This Privacy Policy is designed to comply with applicable privacy laws including the California Consumer Privacy Act (CCPA) and is intended for users in the United States. If you have specific concerns about how your data is handled, please contact us using the information provided above. By using WordMilestone, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.