Privacy Policy

Privacy & Data Use

Lina is designed with your privacy at the forefront. You can access the language learning service with minimal data collection—no login or personal identification is required for basic use.

Legal Basis for Processing

We rely on your consent (e.g., when you voluntarily provide your email for a receipt), and our legitimate interest (e.g., to deliver, secure, and improve the service) as the legal bases for processing any personal data under the GDPR and other applicable privacy laws.

Children's Privacy

This service is not intended for children under 13 (or under 16 in the European Union) unless parental consent is obtained. We do not knowingly collect any personal data from children. If you believe a child has provided personal information, please contact us immediately.

Free Trial & Basic Usage

• Anonymous trial access: New users receive a 5-minute free trial with no registration required.
• Privacy-first tracking: Trial usage is tracked using privacy-preserving methods to prevent abuse—no personal data required.
• No conversation storage: All conversations are ephemeral and disappear when you close the page.
• No IP or device logging: Technical details like IP addresses or device IDs are not retained for basic usage.

Payment & Paid Sessions

• Stripe payment processing: Payments are securely processed by Stripe, Inc. When you make a payment, Stripe collects and processes credit/debit card information (securely tokenized), billing address, transaction amounts, and email (if provided). Stripe does not require or store personal identification documents or social security numbers for regular payments.
• Optional payment method saving: You may choose to save payment methods with Stripe for future use. If you do, Stripe securely stores only tokenized payment data, billing information, and transaction history using AES-256 encryption. You maintain full control and can delete saved methods anytime through Stripe Link.
• Anonymous payments: Payment processing does not require account creation or extensive personal information. You can make payments anonymously using only the information needed for transaction processing.
• Secure session management: Paid sessions use secure authentication methods that can be recovered across devices, including magic links and biometric authentication (passkeys), without requiring extensive personal information.
• No payment data storage: We do not store any credit card information, payment details, or billing information on our servers—all payment data is exclusively handled by Stripe's PCI DSS Level 1 certified systems.

Authentication & Access Recovery

• Magic link authentication: You may optionally request secure access links sent to your email for session recovery across devices.
• Biometric authentication (passkeys): Modern devices support secure biometric authentication (Face ID, Touch ID, Windows Hello) for convenient and private access recovery.
• Privacy-first design: Authentication methods are designed to verify access without storing personal data or creating detailed user profiles.
• Voluntary usage: All authentication features are optional and only used when you explicitly request them.

Contact & Communication

• Contact form: Messages sent via our contact form are processed by our system and delivered via Gmail's SMTP service.
• Email transmission: Contact emails are transmitted through Google's Gmail service according to their privacy policy.
• No marketing vendors: Contact submissions are not shared with external marketing or analytics services.
• Voluntary communication: All contact and email communication is initiated by you and is entirely voluntary.

Analytics & Service Improvement

• Minimal analytics: We collect basic usage statistics (trial starts, paid sessions, conversation counts) for service improvement.
• No personal identification: Analytics data is aggregated and anonymous—no individual user tracking or profiling occurs.
• No third-party trackers: We do not use external analytics services, cookies, or tracking pixels.

Data Retention & Security

• Minimal retention: Only essential data for service operation (session tokens) is retained.
• Secure processing: All data transmission is encrypted (HTTPS/WSS) and payment processing meets industry security standards.
• No conversation storage: Conversations are processed in real-time and are never stored on our servers or accessible to our hosting provider.
• Regular audits: We conduct internal security and privacy audits to maintain service integrity.
• Regulatory compliance: While minimal data is collected, we adhere to privacy principles consistent with GDPR, CCPA, and HIPAA standards.

Your Rights & Choices

Depending on your location, you may have the right to:

• Access a copy of your personal data
• Request correction or deletion of your personal information
• Object to or restrict processing of your data
• Withdraw consent (where applicable)
• Lodge a complaint with your local data protection authority

Important Note: Because most users do not provide personal data, we typically cannot identify individual users unless you voluntarily provide contact information (e.g., via Stripe).

Data Management

• Session data: You can manage session access through the available authentication methods or by clearing your browser data.
• Authentication data: Minimal authentication data (when used) can be removed by discontinuing use of authentication features.
• Stripe payment data: Payment information, including optional email addresses for receipts, is collected and stored by Stripe, Inc. We do not control or retain this data and cannot modify or delete it. If you wish to manage or remove your payment information, please use the Stripe customer portal or contact Stripe directly at https://support.stripe.com.
• Service discontinuation: You can stop using the service at any time with no data retention concerns.

Third-Party Services

• Stripe: Payment processing is handled by Stripe, Inc. Stripe operates independently and does not share payment details with us beyond basic transaction confirmations (amount, status, date). Stripe's privacy policy governs all payment data handling, and customers can manage their payment information directly through Stripe Link.
• OpenAI: Conversations are processed in real time via OpenAI's API. We do not store or retain conversation content. OpenAI may temporarily retain API inputs for up to 30 days to monitor for abuse or misuse. Data from the API is not used to train OpenAI's models unless explicitly opted in. OpenAI's privacy policy applies to conversation processing.
• Gmail/Google: Contact form emails are sent via Gmail's SMTP service. Google's privacy policy applies to email transmission.
• Render: The service is hosted on Render's cloud infrastructure. Render provides hosting services only and does not have access to conversation content, which is encrypted in transit. Render's privacy policy governs standard hosting-related data (server logs, connection metadata).
• No other third parties: We do not share data with marketing services, social media platforms, or analytics providers.

Email Retention

If you provide an email address during payment, it is stored by Stripe according to their legal and regulatory obligations. We do not store this email or use it for marketing or analytics. Please refer to Stripe's Privacy Policy for more information.

International Data Transfers

Our service uses third-party providers (Stripe, OpenAI, Render, Gmail), some of which may process data in jurisdictions outside your country. These providers implement appropriate safeguards, including Standard Contractual Clauses (SCCs), where legally required, to ensure your data remains protected.

Cookies and Tracking

We use only essential HTTPOnly cookies for secure session management and authentication. These cookies cannot be accessed by JavaScript and are used solely for maintaining your session across page visits. We do not use tracking cookies, analytics cookies, advertising cookies, or third-party tracking services. Your usage is not tracked or profiled beyond what is necessary for session security and service functionality.

Disclaimer

This service is not a medical device and is not intended to diagnose, treat, or prevent any health conditions.

• Conversations are generated by AI and intended for language learning support only.
• The service is not a substitute for professional language tutoring or formal education.
• Use of the service is voluntary and entirely at your discretion.
• For formal language certification or academic requirements, please consult with licensed educators or certified language instructors.

Contact and Complaints

If you have questions about this privacy policy or your data, please use our contact form. If you are located in the EU or another jurisdiction with data protection laws, you have the right to lodge a complaint with your local data protection authority.

Effective Date: This privacy policy was last updated on September 7, 2025.

By using this service, you agree to these privacy practices, our Terms & Conditions, and acknowledge the minimal data collection described above.