Lina
Illustration of secure language learning with AI
Privacy by design

Your conversations stay yours

This Privacy Policy explains what we collect, how we protect it, and the tools you have to manage your learning data. Lina keeps transcripts for your feedback—not for model training—and gives you export, deletion, and recovery controls.

Short on time? Start with the highlights below.
🛡️

Secure accounts

Multi-factor sign-in with PINs and recovery tokens keeps your learning history protected—even across devices.

📚

Learning data stays private

Transcripts power your analytics only. OpenAI processes prompts transiently and never trains public models on your conversations.

🧰

Control & exports

Request encrypted exports, rotate credentials, or trigger deletion from inside the app—no waiting on email threads.

🌍

Trusted processors

Stripe, OpenAI, and Render support the service under EU safeguards, encryption, and strict access controls.

Who We Are

Lina: Language Learning Companion ("the Service") is operated by an independent developer preparing to register a company within the European Union. For privacy purposes, we act as the data controller for information collected through the Service. You can reach us at any time via the contact form.

Information We Collect

We collect personal data to deliver authenticated language learning experiences, secure your account, and improve the Service.

  • Account & Profile Data: Email address (or other credential you supply), preferred name, language preferences, and support communications.
  • Authentication & Security Data: Hashed PINs or passwords, recovery tokens, and device-level metadata (IP address, browser, operating system, fraud signals) captured during sign-in events.
  • Learning Records: Conversation transcripts, grammar corrections, inline resources, smart tips, progress analytics, and export bundles associated with your sessions.
  • Usage & Diagnostics: Event logs, feature adoption metrics, crash reports, and performance telemetry required to maintain reliability and measure learning outcomes.
  • Payment Data: Processed exclusively by Stripe, Inc. (tokenized card details, billing address, transaction history). We receive only transaction confirmations and do not store raw payment data.
  • Support Data: Messages you send through the contact form or email channels, plus any attachments you optionally provide.

How We Use Your Information

  • Deliver the Service: Authenticate your account, render the Grammar Journey stream, maintain conversation history, and provide session continuity across devices.
  • Personalize learning: Generate grammar feedback, smart tips, and progress dashboards tailored to your recent performance.
  • Process payments: Apply purchases to your account, reconcile session credits, and prevent duplicate transactions.
  • Maintain security: Detect fraud, enforce regional restrictions, resolve disputes, and investigate misuse.
  • Improve the product: Analyze aggregated usage trends, diagnose reliability issues, and run privacy-preserving experiments to refine features.
  • Legal compliance: Respond to lawful requests, meet accounting requirements, and honour your privacy rights.

Legal Bases for Processing

We rely on the following lawful bases under the GDPR and comparable regulations:

  • Contract: To provide the Service once you register, authenticate, or purchase sessions.
  • Consent: For optional features such as marketing updates (if enabled).
  • Legitimate Interest: To secure the platform, prevent abuse, and understand aggregated usage.
  • Legal Obligation: To comply with tax, accounting, and regulatory reporting duties.

Children's Privacy

The Service is not intended for children under 13 years old (or under 16 within the EU) unless verified parental consent is obtained. We do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact us so we can remove it promptly.

Retention

  • Active accounts: We retain account data for as long as your account remains active.
  • Learning records: Stored for up to 18 months after your last activity, then anonymized or deleted unless you request earlier deletion.
  • Security logs: Authentication and fraud logs are retained for up to 180 days.
  • Support tickets: Stored for up to 24 months to track resolutions and compliance.
  • Backups: Encrypted backups follow a rolling 35-day retention cycle before automatic purge.

Data Sharing & Processors

We do not sell your personal data. We only share it with trusted processors that enable core functionality:

  • Stripe, Inc.: Payment processing and invoicing.
  • OpenAI, L.L.C.: Real-time language generation and analysis. OpenAI may retain API inputs up to 30 days for abuse monitoring. We separately store transcripts to power your analytics.
  • Render: Cloud hosting provider managing infrastructure, logs, and uptime metrics.
  • Google (Gmail): Email transport for support communications.
  • Operational tools: Internal monitoring and logging services (with EU or SCC-backed safeguards) supporting diagnostics and incident response.

Where processors transfer data outside the European Economic Area, they rely on EU Standard Contractual Clauses, adequacy decisions, or equivalent safeguards.

Your Rights

Depending on your jurisdiction, you may have the right to request access, rectification, deletion, portability, restriction, or objection to processing. You may also withdraw consent or lodge a complaint with your local data protection authority.

To exercise your rights, submit a verified request via the in-app privacy tools or the contact form. We will verify your identity using your login credentials, PIN, or recovery token before fulfilling the request.

Data Management Tools

  • Exports: Request an encrypted export of transcripts, grammar feedback, and analytics through the in-app export flow.
  • Deletion: Initiate a verified deletion request using your PIN and latest recovery token. We remove personal data within 30 days unless retention is legally required.
  • Authentication updates: Rotate PINs or regenerate recovery tokens in your account settings.
  • Stripe data: Manage saved payment methods directly through Stripe Link or by contacting Stripe Support.

Security

We employ HTTPS/WSS encryption, role-based access controls, audit logging, least-privilege principles, and periodic security reviews. Credentials are stored using strong hashing algorithms, and conversation data is logically segregated per account.

Cookies & Local Storage

We use essential HTTPOnly cookies to maintain authenticated sessions. We may use first-party analytics cookies or local storage entries to remember preferences such as dark mode or language settings. We do not deploy advertising cookies or third-party trackers.

International Data Transfers

Because we rely on global infrastructure providers, your data may be processed outside your country. We ensure appropriate safeguards (such as SCCs, encryption, and access controls) are in place before any transfer occurs.

Updates to This Policy

We may update this Privacy Policy to reflect product changes or legal requirements. Material updates will be announced within the app, and the "Effective Date" below will change. Continued use of the Service constitutes acceptance of the revised policy.

Contact & Complaints

If you have questions or concerns, use our contact form. EU residents may also contact their local supervisory authority for unresolved complaints.

By using this Service, you agree to these privacy practices, our Terms & Conditions, and acknowledge the data handling described above.

Effective date: March 28, 2026