Privacy Policy

Last updated: May 14, 2026 — Version 1.1

LingoTV is committed to GDPR, LGPD, and CCPA-aligned data protection. This policy explains what we collect, how we use it, who processes it on our behalf, and how you can exercise your rights.

What we collect

When you create an account, we collect:

• Email address — for sign-in, verification, and transactional notifications.
• Encrypted password — never stored in plaintext (Supabase Auth uses bcrypt).
• Display name (optional).
• Native language and English level (self-reported).
• Consent records — version, IP address, and User-Agent at signup, for compliance audit.

When you use the service, we collect:

• Lesson progress — which line of which episode you last reached.
• Analysis feedback — if you mark an analysis helpful or not.
• Subscription state — managed by Stripe; we cache the active period and status.
• Error reports — via Sentry, with PII scrubbed.
• Request logs — IP and User-Agent in our log drain (Better Stack), retained 30 days.

How we use it

To provide and improve the service: render lessons in your native language, track your progress, send transactional notifications (verification, password change, deletion confirmation, billing), and protect against fraud and abuse via rate limiting.

We do not sell or rent your personal data. We do not use your data for behavioral advertising.

Legal bases (GDPR Art. 6 / LGPD Art. 7 / CCPA)

• Contract performance (Art. 6(1)(b)) — account creation, lesson delivery, billing.
• Legitimate interest (Art. 6(1)(f)) — fraud prevention, rate limiting, operational logs.
• Consent (Art. 6(1)(a)) — marketing communications (you opt in separately; none at MVP).
• Legal obligation (Art. 6(1)(c)) — consent records, billing records retained for accounting.

Sub-processors

We engage the following sub-processors to provide the service. All sub-processor DPAs are being signed prior to launch (Phase 9). The full sub-processor list (updated as processors change) is available at docs/compliance/sub-processors.md.

| Processor | Role | What they process | |-----------|------|-------------------| | Supabase | Database and auth | auth.users, all learner-facing tables, Auth tokens | | Stripe | Payment processing | Payment method, billing address, customer email | | Cloudflare R2 | Audio asset storage | Audio asset bytes (no user PII) | | Resend | Transactional email | Email address, email content (templates) | | Better Stack | Operational logs | Log events (hashed email, hashed user_id) | | Sentry | Error reporting | Error payloads (PII-scrubbed via sendDefaultPii=false), stack traces | | Upstash | Rate-limit counters | Rate-limit keys (hashed email, IP) | | Vercel | Application hosting | HTTP request logs (IP, headers) | | Inngest | Background jobs | Event payloads (user_id, deletion request IDs) | | OpenAI | Line analysis generation | Line text for analysis (no user PII in prompts). Zero-retention API tier. | | ElevenLabs | Audio synthesis (primary) | Line text for TTS (no user PII) | | Telnyx | Audio synthesis (secondary) | Line text for TTS (no user PII) | | AssemblyAI | Audio alignment | Audio bytes for alignment (derived; no user PII) | | Runware | Vocabulary illustrations | Illustration prompt text (no user PII) |

Last reviewed: 2026-05-14. For the complete, always-current sub-processor list including DPA status, see docs/compliance/sub-processors.md.

Retention periods

• While your account is active: data is kept indefinitely.
• After deletion request: a 30-day grace period applies during which you can cancel by signing in. After 30 days, your profile, lesson progress, and analysis feedback are permanently deleted. Consent records and subscription records are retained with your user identifier removed (legal compliance and accounting requirements).
• Operational logs: 30 days, with hashed identifiers only after rotation.

Your rights

You can exercise the following rights at any time:

• Access: Download your data via account settings → Data & privacy → Download my data.
• Erasure: Request deletion via account settings → Data & privacy → Delete account. A 30-day grace period applies; sign in any time to cancel.
• Rectification: Update your profile via account settings.
• Restriction / Objection: Email support@lingotv.us.
• Portability: Your data export includes your profile, progress, and consent records in JSON format.

For users in the EU, UK, Brazil (LGPD), or California (CCPA), the rights above apply with the protections of GDPR, LGPD, and CCPA respectively. You may contact your local data protection authority if you believe we have not handled your data properly.

Data residency

Your data is stored in the United States (US East). We do not currently offer EU data residency.

Children

LingoTV is not intended for children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has created an account, please contact us so we can remove the account.

Cookies

See our Cookie Notice for details on what cookies we set.

Changes

We may update this policy. Material changes will be communicated by email at least 14 days before they take effect.

Questions or data protection requests? Contact support@lingotv.us.