Privacy Policy
Last updated: July 2025 · Effective: July 2025
Your privacy matters to us. This policy explains exactly what data we collect, why we collect it, how we protect it, and what rights you have. No legalese — just plain English.
1. Who We Are
Dialect360 is an AI-powered language learning platform. When we say "Dialect360", "we", "us", or "our" in this policy, we mean the Dialect360 platform and its operators. For privacy enquiries, contact us at privacy@dialect360.com.
2. What Data We Collect
We collect the following categories of data: • Account data: your name, email address, and hashed password when you register. • Learning data: lessons completed, XP earned, streak history, grammar exercise results, pronunciation session scores, vocabulary progress, and AI tutor conversation history. • Usage data: pages visited, features used, session duration, device type, browser, and approximate location (country level only, derived from IP address). • Payment data: subscription plan and billing status. We never store your card number — payments are handled entirely by Stripe or Paystack. • Communications: if you contact us by email or through our contact form, we retain that correspondence.
3. How We Use Your Data
We use your data to: • Provide and personalise your learning experience (adaptive lesson plans, spaced repetition scheduling, progress tracking). • Send transactional emails: account verification, password resets, and subscription receipts. • Send product updates and learning tips — only if you opt in. You can unsubscribe at any time. • Improve the platform through aggregated, anonymised analytics. • Detect and prevent fraud, abuse, and security incidents. We do not use your personal data to train third-party AI models. We do not sell your data. Ever.
4. Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA) or UK, our legal bases for processing your data are: • Contract performance: processing necessary to provide the service you signed up for. • Legitimate interests: security monitoring, fraud prevention, and platform improvement. • Consent: marketing emails (you can withdraw consent at any time). • Legal obligation: where required by applicable law.
5. Data Storage & Security
All data is stored on encrypted servers. Passwords are hashed using bcrypt (cost factor 12) and are never stored in plaintext. Access tokens are short-lived (15 minutes). Refresh tokens are hashed before storage. We follow OWASP Top 10 security practices, use TLS 1.2/1.3 for all data in transit, and conduct regular security audits. Our infrastructure is hosted on servers with physical access controls and 24/7 monitoring.
6. Cookies & Local Storage
We use httpOnly, Secure cookies to store authentication tokens. We do not use advertising cookies, third-party tracking pixels, or analytics cookies that identify you personally. The only cookies we set are strictly necessary for the platform to function. We do not use Google Analytics or Facebook Pixel.
7. Third-Party Services
We use the following third-party services: • Stripe & Paystack: payment processing. They handle card data directly under their own PCI-DSS compliant systems. We never see or store your card details. • OpenAI: powers the AI Tutor (GPT-4o-mini) and Pronunciation Coach (Whisper). Conversation data sent to OpenAI is subject to OpenAI's data usage policies. We use the API with data retention disabled where available. • Firebase Crashlytics: crash reporting on iOS and Android mobile apps only. No personal data is included in crash reports. • Resend: transactional email delivery (verification emails, password resets).
8. Data Retention
We retain your account data for as long as your account is active. Learning progress data is retained to power your personalised experience. If you delete your account, all personal data is permanently deleted within 30 days, except where we are required to retain it by law (e.g. billing records for tax purposes, retained for up to 7 years in anonymised form).
9. Your Rights
Depending on your location, you may have the following rights: • Access: request a copy of the personal data we hold about you. • Correction: request that we correct inaccurate or incomplete data. • Deletion: request that we delete your account and personal data. • Portability: request your data in a machine-readable format. • Objection: object to processing based on legitimate interests. • Restriction: request that we restrict processing of your data. • Withdraw consent: for marketing emails, unsubscribe at any time. To exercise any of these rights, email privacy@dialect360.com or delete your account directly from Settings → Account. We will respond within 30 days.
10. Children's Privacy
Dialect360 is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal information without parental consent, contact us immediately at privacy@dialect360.com and we will delete it promptly.
11. International Data Transfers
Your data may be processed in countries outside your own, including countries that may not have the same data protection laws. Where we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notice at least 14 days before they take effect. The "last updated" date at the top of this page reflects the most recent revision. Continued use of the platform after changes constitutes acceptance of the updated policy.
13. Contact & Complaints
For privacy questions or to exercise your rights, contact us at privacy@dialect360.com. If you are in the EEA and believe we have not handled your data correctly, you have the right to lodge a complaint with your local data protection authority.
Questions? Contact us or email privacy@dialect360.com