LanguageReps
Get Started

Privacy Policy

Last updated: March 2026

1. Data Controller

LanguageReps is operated by LanguageReps UG (haftungsbeschränkt), incorporated in Germany. For questions about how we handle your personal data, contact us at hello@languagereps.app. We are the Data Controller for all personal data processed in connection with the Service.

2. Data We Collect

Identity & Account Data: Your name and email address, collected when you register. Lawful basis: Performance of Contract.

Learning Data: Your exercise results, lesson progress, saved vocabulary, language level, and study preferences. Lawful basis: Performance of Contract.

Payment Data: Transaction history and billing address, collected by our payment processor Stripe. We do not store full payment card numbers. Lawful basis: Legal Obligation (tax and accounting records).

Technical Data: IP address, browser type, device type, and session metadata collected when you use the Service. Lawful basis: Legitimate Interest (security, fraud prevention, and debugging).

Analytics Data: Aggregated usage events (e.g. lessons completed, features used) collected via PostHog. Lawful basis: Legitimate Interest (product improvement). No personally identifiable information is shared with PostHog beyond a pseudonymous user ID.

3. AI Processing

Lesson content, exercises, and explanations are generated using third-party AI APIs. Your lesson context (language, level, topic, and exercise content) is sent to these providers to generate responses. We do not send your name, email address, or other directly identifying information to AI providers. AI processing may occur on servers outside the EEA — see Section 5.

4. Sub-Processors and Technology Stack

We share data with the following third-party providers to operate the Service:

Neon (USA): Managed PostgreSQL database hosting your account and learning data.

Cloudflare (USA/Global): Infrastructure and edge networking. Data may be processed at a data centre nearest to you, which may be outside the EEA.

Google (USA): AI text generation via Gemini API.

Stripe (USA): Payment processing.

PostHog (USA/EU): Product analytics.

Better Auth: User session and authentication management.

All providers are engaged under Data Processing Agreements and appropriate transfer safeguards as described in Section 5.

5. International Data Transfers

Several of our providers (Google, Stripe, Cloudflare, Neon, PostHog) are based in or process data in the United States. We transfer data to the US relying on the EU–US Data Privacy Framework (DPF) where the provider is certified, or Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure your data remains protected in accordance with GDPR.

6. Cookies

Essential Cookies: Required for the Service to function, including authentication session tokens and user preference storage (e.g. theme, active language). These do not require consent.

Analytics Cookies: PostHog places a cookie to track product usage. You will be asked for consent via our cookie banner before analytics cookies are set. You may withdraw consent at any time by adjusting your cookie preferences.

7. Data Retention

Account and learning data is retained for the lifetime of your account. Financial and billing records are retained for 10 years as required by German tax law (§ 147 AO). You may request deletion of your account and all associated personal data at any time — see Section 8.

8. Your Rights

Under the GDPR you have the right to: access the personal data we hold about you; rectify inaccurate data; erase your data ("Right to be Forgotten"); restrict or object to processing; and receive your data in a portable, machine-readable format. To exercise any of these rights, email hello@languagereps.app. We will respond within 30 days. You also have the right to lodge a complaint with the competent supervisory authority — in Germany, the relevant Landesdatenschutzbehörde for your federal state.

9. Security

We use industry-standard security measures including encrypted connections (TLS), hashed credential storage, and access controls to protect your data. However, no method of transmission or storage is entirely secure. We encourage you to use a strong, unique password and to notify us immediately at hello@languagereps.app if you suspect unauthorised access to your account.

10. Changes to this Policy

We may update this policy from time to time. We will notify registered users of material changes by email or in-app notice at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact

For any questions about this Privacy Policy or to exercise your data rights, contact us at hello@languagereps.app.