Privacy Policy

Last Updated: January 2026
Version: 1.1

This Privacy Policy explains how Eyal Lapid (“we”, “us”, or “our”) collects, uses, and protects your personal information when you use LingoPlace.

Who We Are

Eyal Lapid is the data controller responsible for your personal information.

• Company: Eyal Lapid
• Country: Israel
• Contact:privacy@lingoplace.com

We are committed to protecting your privacy in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

Information We Collect

Information You Provide

• Account information: Email address, name, and password (stored securely hashed)
• Learning data: Your exercise responses, lesson progress, and interactions with our AI tutor
• Communications: Messages you send to our support team

Information Collected Automatically

• Usage data: Pages visited, features used, and learning session activity
• Device information: Browser type, operating system, and device identifiers
• Log data: IP address, access times, and referring URLs
• Cookies: Essential cookies for authentication and session management (see Cookies section)

Information from AI Interactions

When you use our AI tutor, your conversation messages and learning context (such as current lesson and skill level) are processed by third-party AI providers. We do not send personal identifiers (name, email) to these providers.

For details on how AI features work, what data is processed, and provider retention policies, see our AI Disclosure.

How We Use Your Information

We use your information to:

• Provide our service: Operate the platform, track your learning progress, and personalize your experience
• Communicate with you: Send login links, respond to support requests, and notify you of important updates
• Process payments: Handle subscriptions and purchases through our payment provider
• Improve and protect: Analyze usage to improve our service, fix bugs, and ensure security

We process your data based on: our contract with you (providing the service), legitimate interests (security, improvements), and legal obligations (compliance requirements).

What We Don’t Do

• We do not sell your personal information
• We do not use your data for third-party advertising
• We do not make automated decisions that significantly affect you without human oversight

Information Sharing

We do not sell your personal information. We share data only with trusted service providers:

Hosting: Our infrastructure runs on DigitalOcean servers in the European Union.

Email: We use Postmark to send transactional emails like login links. We disable tracking pixels.

Payments: Payments are processed by Polar, who acts as our merchant of record. We do not store your credit card details.

AI Features: Our tutoring features use OpenAI, Anthropic, and Google AI services. Only your conversation and learning context are shared—never your name or email.

Monitoring: We use error tracking and observability tools to identify and fix issues.

We may also disclose information when required by law or to protect our rights.

International Data Transfers

Your data is primarily stored in the European Union (DigitalOcean). Some data is transferred to the United States for processing by our service providers (Postmark, Polar, OpenAI, Anthropic, Google).

These transfers are protected by:

• Standard Contractual Clauses approved by the European Commission
• Data Processing Agreements with each provider
• The provider’s compliance certifications and security measures

Data Retention

We keep your data only as long as necessary:

Account data: Retained while your account is active. Deleted within 30 days of account closure.

Learning progress: Deleted with your account.

Consent and payment records: Retained for 7 years as required by law, even after account deletion.

Security logs: Retained for 24 months for security and compliance.

Application logs: Retained for 90 days for service improvement.

When you delete your account, we remove your personal data within 30 days. Some data may persist in encrypted backups for up to 90 days before being permanently erased.

Your Rights

You have the right to access, correct, export, or delete your personal data. You can manage most settings directly in your account.

For requests we can’t handle through account settings—or if you have concerns about how we handle your data—contact us at privacy@lingoplace.com. We respond within 30 days.

You can also contact your local data protection authority.

Cookies

We use only essential cookies required for the service to function:

• Session cookie: Keeps you logged in during your visit
• Remember-me cookie: Keeps you logged in between visits (if selected)

These cookies are necessary for the service and do not require consent. We do not use advertising or tracking cookies.

Security

We protect your data with:

• Encrypted connections (HTTPS) for all data in transit
• Encrypted storage for sensitive data
• Secure password hashing
• Regular security updates and monitoring
• Access controls limiting who can view your data

No system is 100% secure. If you discover a vulnerability, please contact us at security@lingoplace.com.

Children

LingoPlace is for users 18 and older. We do not knowingly collect data from anyone under 18.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email or through the app. Continued use after changes constitutes acceptance.

Contact

For privacy-related questions or to exercise your rights:

Email:privacy@lingoplace.com

We aim to respond within 30 days.