Youtionary

Privacy Policy

Last updated: November 13, 2025

1. Introduction

Youtionary ("we," "us," or "our") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our language learning platform and related services (collectively, the "Services").

We are based in the European Union and comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. If you have any questions or concerns about this Privacy Policy or our practices regarding your personal information, please contact us at the details provided at the end of this policy.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you voluntarily provide when using our Services:

  • Account Information: Email address, display name, password (encrypted), and profile preferences
  • Learning Data: Your target language, native language, proficiency level, learning preferences, and custom settings
  • Content Data: Chat conversations with our AI tutor, translations you request, flashcards you create or accept, and review performance data
  • Payment Information: When you subscribe to paid plans, payment details are processed securely by our payment processor Stripe. We do not store complete payment card details on our servers
  • Communications: When you contact us for support or provide feedback

2.2 Information Collected Automatically

When you access our Services, we automatically collect certain information:

  • Usage Data: Features you use, actions you take, time spent on the platform, and interaction patterns
  • Device Information: Browser type, operating system, device identifiers, and IP address
  • Log Data: Access times, pages viewed, error logs, and referring URLs
  • Cookies and Similar Technologies: We use cookies and local storage to maintain your session, remember your preferences, and analyze usage patterns

2.3 Information from Third Parties

We may receive information from third-party services:

  • AI Services: We use third-party AI LLM providers to power translations, chat conversations, and flashcard generation. Your interactions are processed according to these providers' data policies
  • Image Services: We use Unsplash to provide images for flashcards. No personal data is shared with Unsplash
  • Payment Processor: Stripe provides us with payment status and subscription information necessary to manage your account

3. How We Use Your Information

We use your personal information for the following purposes, based on legitimate interests, contractual necessity, and your consent:

  • Service Delivery: To provide, maintain, and improve our language learning platform, including AI-powered conversations, translations, and personalized flashcard generation
  • Personalization: To customize your learning experience based on your proficiency level, preferences, and learning patterns
  • Account Management: To create and manage your account, process subscriptions, and enforce usage limits based on your subscription tier
  • Communication: To send you service-related announcements, updates, security alerts, and respond to your inquiries
  • Analytics and Improvement: To analyze usage patterns, identify bugs, measure feature effectiveness, and improve our Services
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, and enforceable governmental requests
  • Security: To detect, prevent, and address fraud, security issues, and technical problems

4. Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

  • Contractual Necessity: Processing necessary to perform our contract with you and provide the Services you requested
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our Services, ensuring security, and analyzing usage, provided these interests do not override your rights
  • Consent: Where you have provided explicit consent for specific processing activities, such as marketing communications
  • Legal Obligations: Where processing is necessary to comply with legal obligations

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our Services:

  • Supabase: Database hosting, authentication, and backend infrastructure
  • Third-party AI LLM providers: AI-powered language processing for chat, translation, and flashcard suggestions
  • Stripe: Payment processing and subscription management
  • Unsplash: Image services for flashcard illustrations

These service providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required by law, court order, or other legal process, or if we believe disclosure is necessary to:

  • Comply with legal obligations
  • Protect our rights, property, or safety, or that of our users or the public
  • Detect, prevent, or address fraud, security, or technical issues

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and the choices you may have regarding your information.

5.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

6. Data Retention

We retain your personal information for as long as necessary to provide our Services and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Account Data: Retained while your account is active and for a reasonable period thereafter to comply with legal obligations
  • Learning Data: Chat history, flashcards, and review data are retained to provide continuous learning services. Free tier users have 7 days of chat history; paid users have unlimited history
  • Usage Data: Aggregated and anonymized usage data may be retained indefinitely for analytics and service improvement
  • Payment Records: Retained as required by tax and accounting regulations

When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal, regulatory, or security purposes.

7. Your Data Protection Rights (GDPR)

If you are located in the EEA or UK, you have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you
  • Right to Rectification: You can request correction of inaccurate or incomplete data
  • Right to Erasure: You can request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: You can request that we limit how we use your data
  • Right to Data Portability: You can request a copy of your data in a machine-readable format
  • Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time
  • Right to Lodge a Complaint: You can file a complaint with your local data protection authority

To exercise any of these rights, please contact us using the information provided in Section 13. We will respond to your request within 30 days.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

When we transfer personal data from the EEA to other countries, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Certification schemes such as the EU-US Data Privacy Framework (where applicable)

Our service providers (Supabase, third-party AI LLM providers, Stripe) implement appropriate technical and organizational measures to protect your data.

9. Security of Your Information

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL
  • Encryption of sensitive data at rest
  • Regular security assessments and monitoring
  • Access controls and authentication mechanisms
  • Secure password hashing

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

10. Cookies and Tracking Technologies

We use cookies, local storage, and similar technologies to enhance your experience, analyze usage, and maintain your session. Types of cookies we use include:

  • Essential Cookies: Required for authentication and basic functionality
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand how you use our Services

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Services. We use local storage for caching chat messages and translation state to improve performance.

11. Third-Party Links and Services

Our Services may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access.

12. Children's Privacy

Our Services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe we have collected information from a child under 16, please contact us immediately, and we will take steps to delete such information.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Youtionary

Email: privacy@youtionary.com

For GDPR-related inquiries and to exercise your data protection rights, please use the email address above with the subject line "GDPR Request".

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated policy on this page with a new "Last updated" date
  • Sending you an email notification (for significant changes)
  • Displaying a prominent notice in the application

Your continued use of our Services after any changes indicates your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

15. Additional Information for EU Users

Data Controller

Youtionary is the data controller responsible for your personal information. We are based in the European Union and comply with GDPR requirements.

Data Protection Officer

For questions about data protection, you can contact our Data Protection Officer at: dpo@youtionary.com

Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not addressed your concerns adequately.