Datenschutzerklärung

Introduction

This Privacy Policy explains how LinGoat (“LinGoat”, “we”, “us”, or “our”) collects, uses, discloses, and otherwise processes personal information in connection with our marketing website (including pages served from lingoat.app) and our language-learning products and services, including the web application at app.lingoat.app and related mobile or desktop experiences (together, the “Services”).

By using the Services, you agree that we may use text and other content you submit for practice (such as translations, sentences, and related learning activity) to develop, train, evaluate, and improve our own language and grading models and related systems that power feedback and scheduling. LinGoat is designed as an ever-evolving AI-powered experience: the product continuously improves through learning from real practice, so using that data for training and model improvement is necessary to deliver and sustain the Services—not optional add-on analytics. That use is part of how LinGoat works and is a condition of using the Services. If you are not comfortable with this, please do not use the Services.

You also acknowledge the other practices described in this policy. If you do not agree, please do not use the Services.

Data controller and contact

For personal information covered by the EU or UK General Data Protection Regulation (“GDPR”), LinGoat is the data controller unless we tell you otherwise (for example, where we process personal information solely on behalf of another organization).

You can contact us about privacy at privacy@lingoat.app. For GDPR-related requests, you may also contact your local supervisory authority; a list of EU authorities is published by the European Data Protection Board.

Personal information we collect

We collect information that identifies, relates to, describes, or could reasonably be linked with you or your device, depending on how you use the Services.

• Account and profile data: for example, name or display name, email address, authentication identifiers (such as a unique account ID from our sign-in provider), language or locale preferences, and similar profile settings you provide or that are associated with your account.
• Learning activity: text you submit for practice (such as translations or sentences), feedback and scoring data, study history, spaced-repetition scheduling metadata, and related usage information generated when you use learning features.
• Technical and usage data: for example, IP address, device or browser type, approximate location derived from IP, diagnostic or performance logs, timestamps, and information about how you interact with the Services.
• Communications: content of messages you send to us (for example, support requests) and related metadata.
• Marketing website: limited technical data when you browse lingoat.app (such as server logs and essential cookies or similar technologies needed to operate the site).

We may receive personal information from service providers that help us operate the Services (for example, authentication or hosting providers) when those parties are instructed to share data with us.

How we use personal information

• Provide, maintain, secure, and improve the Services, including personalization, sync across devices, and customer support.
• Develop, train, evaluate, and improve our models and algorithms (including those used to grade, explain, and schedule practice) using learning content and feedback associated with your account, in addition to any processing needed to return results to you in real time. Because the app is an ever-evolving AI experience, this training use is required to keep grading, explanations, and scheduling accurate and useful as languages, content, and learner needs change.
• Process learning content and generate feedback, which may involve sending portions of your input to machine-learning or AI inference providers to produce educational outputs.
• Authenticate users, detect and prevent fraud, abuse, and security incidents, and enforce our terms.
• Comply with law, respond to lawful requests from public authorities, and establish or defend legal claims.
• Analyze aggregate or de-identified usage to understand product performance (where permitted by law).
• Send service-related notices and, where permitted, product updates; where marketing requires consent under local law, we will rely on consent.

Legal bases for processing (EEA, UK, and Switzerland)

Where GDPR or similar laws apply, we process personal information on one or more of the following bases:

• Performance of a contract: processing necessary to provide the Services you request, including improving the models and systems that deliver those Services. For an ever-evolving AI product, that includes using practice data to train and refine those systems so the experience you signed up for can keep improving.
• Legitimate interests: for example, securing the Services, improving reliability, fraud prevention, and understanding aggregated usage, balanced against your rights.
• Consent: where we ask for it (for example, certain cookies or optional communications), you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
• Legal obligation: where we must process data to comply with applicable law.

Cookies and similar technologies

We use cookies and similar technologies where needed to operate the Services (for example, to keep you signed in or to remember essential preferences). You can control cookies through your browser settings; blocking certain cookies may limit functionality.

How we disclose personal information

We do not sell your personal information as that term is commonly understood under U.S. state privacy laws, and we do not “share” it for cross-context behavioral advertising as defined under the California Consumer Privacy Act, as amended (“CCPA”).

• Service providers and processors who assist us (for example, cloud hosting, authentication, analytics, email delivery, payment processing if applicable, and AI inference) and who are bound by contractual obligations to use data only as instructed.
• Professional advisers, such as lawyers or auditors, where necessary.
• Authorities or others when required by law, to protect rights and safety, or in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.

International transfers

We are based in the United States and use service providers that may process personal information in the United States and other countries. Those countries may not provide the same level of data protection as your home country.

Where GDPR requires safeguards, we rely on mechanisms such as the EU Commission-approved Standard Contractual Clauses and supplementary measures where appropriate, or other lawful transfer tools. You may contact us to request more information about these safeguards.

Retention

We retain personal information for as long as necessary to provide the Services, fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary depending on the type of data and context; for example, account data is generally kept while your account is active and for a reasonable period afterward unless a longer period is required by law.

Your privacy rights (EEA, UK, and Switzerland)

Subject to applicable law, you may have the right to: access your personal information; request correction or deletion; request restriction of processing; receive a copy of personal information you provided in a portable format; object to processing based on legitimate interests; and withdraw consent where processing was based on consent.

Some processing described in this policy (including using your practice content to improve our models) is integral to the Services. Objecting to or withdrawing consent for that processing, where applicable, may mean you cannot continue to use the Services; you may stop using the Services or delete your account if you prefer not to have your content used in that way going forward.

You may lodge a complaint with a supervisory authority in your country of residence, place of work, or where an issue arises.

To exercise these rights, contact privacy@lingoat.app. We may need to verify your request. We do not use solely automated decision-making that produces legal or similarly significant effects concerning you without appropriate safeguards required by law.

Your privacy rights (United States)

Depending on where you live, U.S. state privacy laws (including California, Virginia, Colorado, Connecticut, Utah, and others) may grant you rights regarding your personal information, such as:

• The right to know what categories and specific pieces of personal information we collect, use, and disclose.
• The right to delete personal information we hold, subject to exceptions.
• The right to correct inaccurate personal information.
• The right to opt out of certain processing (for example, sale, sharing for targeted advertising, or profiling in some states) where applicable—we do not sell personal information or share it for cross-context behavioral advertising as described in the CCPA.
• The right to limit use and disclosure of sensitive personal information where that category applies and the law grants such a right.
• The right to non-discrimination for exercising privacy rights.

California residents may designate an authorized agent to submit requests where permitted by law. We will verify requests as required, which may include confirming account ownership.

Nevada residents may opt out of future sales of certain covered information; we do not currently sell such information as defined under Nevada law.

Children

The Services are not directed to children under 13 (or under 16 where a higher age applies under local law without appropriate consent), and we do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will take appropriate steps to delete it.

Security

We implement technical and organizational measures designed to protect personal information. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

Third-party services and links

The Services may link to third-party websites or integrate third-party features. Their collection and use of information are governed by their own policies. If you sign in through a third-party identity provider, that provider’s terms and privacy notice apply to authentication data they process on their systems.

Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the “Last updated” date. Where required by law, we will provide additional notice or obtain consent.

Contact

Questions about this Privacy Policy or our privacy practices: privacy@lingoat.app