Lina
Illustration of secure language learning with AI
Privacy by design

Your conversations stay yours

This Privacy Policy explains what we collect, how we protect it, and the tools you have to manage your learning data. Lina keeps transcripts for your feedback—not for model training—and gives you export, deletion, and recovery controls.

Short on time? Start with the highlights below.
🛡️

Secure accounts

Multi-factor sign-in with PINs and recovery tokens keeps your learning history protected—even across devices.

📚

Learning data stays private

Transcripts power your analytics only. OpenAI processes prompts transiently and never trains public models on your conversations.

🧰

Control & exports

Request encrypted exports, rotate credentials, or trigger deletion from inside the app—no waiting on email threads.

🌍

Trusted processors

Stripe, OpenAI, and Render support the service under Swiss safeguards, encryption, and strict access controls.

Who We Are

Lina: Language Learning Companion ("the Service") is operated by Digital Creative Academy, Switzerland. For privacy purposes, Digital Creative Academy, Switzerland acts as the data controller for information collected through the Service. You can reach us at lina@digital-creative-academy.com or via the contact form.

Information We Collect

We collect personal data to deliver authenticated language learning experiences, secure your account, and improve the Service.

  • Account & Profile Data: Email address (or other credential you supply), preferred name, language preferences, and support communications.
  • Authentication & Security Data: Hashed PINs or passwords, recovery tokens, and device-level metadata (IP address, browser, operating system, fraud signals) captured during sign-in events.
  • Learning Records: Conversation transcripts, grammar corrections, inline resources, smart tips, progress analytics, and export bundles associated with your sessions.
  • Usage & Diagnostics: Event logs, feature adoption metrics, crash reports, and performance telemetry required to maintain reliability and measure learning outcomes.
  • Payment Data: Processed exclusively by Stripe, Inc. (tokenized card details, billing address, transaction history). We receive only transaction confirmations and do not store raw payment data.
  • Support Data: Messages you send through the contact form or email channels, plus any attachments you optionally provide.

How We Use Your Information

  • Deliver the Service: Authenticate your account, render the Grammar Journey stream, maintain conversation history, and provide session continuity across devices.
  • Personalize learning: Generate grammar feedback, smart tips, and progress dashboards tailored to your recent performance.
  • Process payments: Apply purchases to your account, reconcile session credits, and prevent duplicate transactions.
  • Maintain security: Detect fraud, enforce regional restrictions, resolve disputes, and investigate misuse.
  • Improve the product: Analyze aggregated usage trends, diagnose reliability issues, and run privacy-preserving experiments to refine features.
  • Legal compliance: Respond to lawful requests, meet accounting requirements, and honour your privacy rights.

Legal Bases for Processing

Under Swiss data protection law (Federal Act on Data Protection), GDPR, and other applicable privacy laws, we process your personal data based on the following legal grounds:

  • Consent: When you create an account, you provide explicit consent for us to process your email, PIN, and recovery tokens to deliver the service. You confirm your age during signup. Consent can be withdrawn by deleting your account.
  • Contractual Necessity: Processing account data, session usage, payment references, and learning records is necessary to fulfill our contract with you—to provide access to the language learning service you've signed up for or paid for.
  • Legitimate Interest: We have a legitimate interest in preventing fraud and abuse, maintaining security and system integrity, collecting anonymous aggregated analytics to improve the service, and complying with legal obligations. We balance our legitimate interests against your privacy rights and only process data when necessary and proportionate.
  • Legal Obligation: To comply with tax, accounting, and regulatory reporting duties required by Swiss and international law.

Children's Privacy

The Service is not intended for children under 16 years old unless verified parental consent is obtained. We do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact us so we can remove it promptly.

Retention

  • Active accounts: We retain account data for as long as your account remains active.
  • Inactive accounts: Accounts with no sign-in activity for 548 consecutive days (18 months) are automatically deleted along with associated session allowances, learning records, and credentials. This process happens without additional notice beyond these terms.
  • Learning records: Stored for up to 18 months after your last activity, then anonymized or deleted unless you request earlier deletion.
  • Security logs: Authentication and fraud logs are retained for up to 180 days.
  • Support tickets: Stored for up to 24 months to track resolutions and compliance.
  • Backups: Encrypted backups follow a rolling 35-day retention cycle before automatic purge.

Data Sharing & Processors

We do not sell your personal data. We only share it with trusted processors that enable core functionality. These processors operate under data processing agreements that comply with Swiss and international data protection standards:

  • Stripe, Inc.: Payment processing and invoicing.
  • OpenAI, L.L.C.: Real-time language generation and analysis. OpenAI may retain API inputs up to 30 days for abuse monitoring. We separately store transcripts to power your analytics.
  • Render: Cloud hosting provider managing infrastructure, logs, and uptime metrics.
  • Google (Gmail): Email transport for support communications.
  • Operational tools: Internal monitoring and logging services (with Swiss or SCC-backed safeguards) supporting diagnostics and incident response.

Where processors transfer data outside Switzerland or the European Economic Area, they rely on Standard Contractual Clauses, adequacy decisions, or equivalent safeguards.

Your Rights

Depending on your jurisdiction, you may have the right to request access, rectification, deletion, portability, restriction, or objection to processing. You may also withdraw consent or lodge a complaint with your local data protection authority.

To exercise your rights, submit a verified request via the in-app privacy tools, email lina@digital-creative-academy.com, or use the contact form. We verify each request using your PIN or recovery token before acting.

Data Management Tools

  • Exports: Request an encrypted export of transcripts, grammar feedback, and analytics through the in-app export flow.
  • Deletion: You may delete your account at any time from Settings. Once confirmed, we erase personal data within 30 days unless retention is legally required, and any transcripts kept beyond that window are anonymized.
  • Authentication updates: Rotate PINs or regenerate recovery tokens in your account settings.
  • Stripe data: Manage saved payment methods directly through Stripe Link or by contacting Stripe Support.

Security

We employ HTTPS/WSS encryption, role-based access controls, audit logging, least-privilege principles, and periodic security reviews. Credentials are stored using strong hashing algorithms, and conversation data is logically segregated per account.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by applicable law. If the breach poses a high risk to your personal data, we will also notify you directly via email without undue delay, along with information about the nature of the breach, potential consequences, and measures taken to address it.

Cookies & Local Storage

We use essential HTTPOnly cookies to maintain authenticated sessions (valid for up to 1 month). We may use first-party local storage entries to remember preferences such as dark mode or language settings. We do not deploy advertising cookies or third-party trackers. As a Swiss-based service, we follow Swiss data protection standards for cookie usage.

International Data Transfers

Because we rely on global infrastructure providers, your data may be processed outside your country. We ensure appropriate safeguards—such as Swiss/EU Standard Contractual Clauses, encryption, and strict access controls—are in place before any transfer occurs.

Updates to This Policy

We may update this Privacy Policy to reflect product changes or legal requirements. Material updates will be announced within the app, and the "Effective Date" below will change. Continued use of the Service constitutes acceptance of the revised policy.

Contact & Complaints

If you have questions or concerns, email lina@digital-creative-academy.com or use our contact form. Swiss residents may also contact the Federal Data Protection and Information Commissioner for unresolved complaints.

By using this Service, you agree to these privacy practices, our Terms & Conditions, and acknowledge the data handling described above.

Effective date: January 12, 2026