Legal

Privacy Policy

Last updated: 27 March 2026

1. Introduction

This Privacy Policy explains how Bruno Coenen ("I", "me", "my"), operating the Lingo Practice application and associated marketing website (collectively, "the Service"), collects, uses, stores, and shares your personal data.

I am the Data Controller within the meaning of Regulation (EU) 2016/679 ("GDPR").

Contact:
Bruno Coenen
Brusselsesteenweg 50, 1980 Zemst, Belgium
support@lingopractice.com

2. Age Restriction

Lingo Practice is intended for users aged 13 and older. By creating an account, you confirm that you are at least 13 years old. If you are between 13 and 15 years old, you may require parental or guardian consent depending on the laws of your country.

I do not knowingly collect personal data from children under 13. If I become aware that a child under 13 has registered, I will delete that account and its associated data without delay.

3. Data I Collect

3.1 Account Data

When you register, I collect:

  • Email address — to identify your account
  • Native language — to tailor the learning experience
  • Preferences (optional) — hobbies and activities you choose to share, used to personalise lesson content

3.2 Learning and Usage Data

As you use the App, I collect:

  • Words and vocabulary you practise
  • Daily streaks and login activity
  • Experience points (XP) and level progression
  • Leaderboard ranking

3.3 Audio and Speech Data

When you use speech-based features, your device's microphone captures audio. This audio is immediately transcribed to text using the speech recognition API provided by your device platform (Apple, Google, or your browser). The raw audio is never stored on my servers. Only the resulting text transcription is sent to Google Gemini to generate an AI tutor response, and then discarded.

3.4 Technical and Device Data

I automatically collect:

  • IP address
  • Device type, operating system, and app version
  • Crash logs and error reports

3.5 Payment Data

If you subscribe to Lingo Practice Premium, payment is processed entirely by:

  • Stripe — on the web platform
  • Apple In-App Purchases — on iOS
  • Google Play Billing — on Android

I do not store your card number or full payment details. I retain only transaction identifiers and your subscription status, as provided by the payment processor.

4. How I Collect Your Data

  • Directly from you — when you register, set preferences, use features, or contact support
  • Automatically — through Firebase Analytics, Google Analytics, Firebase Crashlytics, cookies, and session identifiers
  • Through third-party sign-in — if you use Google or Apple OAuth, I receive your email address from those providers
  • Through advertising partners — via Facebook Pixel and Google Ads SDKs when you interact with advertising campaigns

5. Legal Basis for Processing

Processing ActivityLegal Basis
Account creation and managementPerformance of a contract (Art. 6(1)(b))
Delivering learning features (AI tutor, XP, streaks, leaderboard)Performance of a contract (Art. 6(1)(b))
Analytics cookies (Google Analytics, Firebase Analytics)Consent (Art. 6(1)(a))
Advertising (Facebook Pixel, Google Ads, Apple Ads)Consent (Art. 6(1)(a))
Push notificationsConsent (Art. 6(1)(a))
App stability monitoring (Firebase Crashlytics)Legitimate interests (Art. 6(1)(f))
Retaining payment recordsLegal obligation — Belgian accounting law (Art. 6(1)(c))
Deleting inactive accounts after 24 monthsLegitimate interests — data minimisation (Art. 6(1)(f))

6. How I Use Your Data

  • Create and manage your account
  • Deliver and personalise the language learning experience
  • Operate the AI tutor by sending text input and speech transcriptions to Google Gemini
  • Maintain global leaderboards and track your learning progress
  • Process subscription payments and manage your plan
  • Send push notifications (if you have opted in)
  • Monitor app performance and diagnose crashes
  • Measure the effectiveness of advertising campaigns
  • Comply with legal and regulatory obligations

7. Third-Party Services and Data Sharing

I share your data with the following third parties only to the extent necessary to operate the Service:

ServiceProviderPurposeData Shared
Firebase AuthenticationGoogle LLCAccount sign-inEmail, auth tokens
Firebase / Google CloudGoogle LLCDatabase, hosting, backendAccount and usage data
Google GeminiGoogle LLCAI tutor responsesText inputs, speech transcriptions
Google AnalyticsGoogle LLCWebsite analyticsAnonymised usage data, IP address
Firebase AnalyticsGoogle LLCIn-app analyticsApp usage events
Firebase CrashlyticsGoogle LLCCrash reportingDevice info, crash logs
Firebase Cloud MessagingGoogle LLCPush notificationsDevice tokens
StripeStripe, Inc.Payment processing (web)Email, transaction identifiers
Apple In-App PurchaseApple Inc.Payment processing (iOS)Transaction identifiers
Google Play BillingGoogle LLCPayment processing (Android)Transaction identifiers
Meta Ads / Facebook PixelMeta Platforms, Inc.Advertising and retargetingBrowsing behaviour, device identifiers
Google AdsGoogle LLCAdvertisingBrowsing behaviour, device identifiers
Apple AdsApple Inc.AdvertisingAnonymised device identifiers

I do not sell your personal data to any third party.

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where the servers of Google, Meta, Stripe, and Apple are located.

These transfers are carried out using:

  • Standard Contractual Clauses (SCCs) under GDPR Art. 46(2)(c) — I have accepted Google's Data Processing Addendum and Meta's Data Processing Terms, both of which incorporate SCCs.
  • Adequacy decisions where applicable.

You may request a copy of the applicable transfer safeguards by contacting support@lingopractice.com.

9. Data Retention

Data TypeRetention Period
Account data (email, preferences, learning progress)Until account deletion, or 24 months after last activity
Audio inputImmediately discarded — never stored
Crash logs and technical dataUp to 90 days
Anonymised analytics dataUp to 26 months
Payment transaction records7 years (Belgian legal obligation)

When you delete your account, your personal data is immediately and permanently deleted, except where retention is required by law (e.g. financial records).

Accounts that have been inactive for 24 consecutive months are automatically deleted, and you will be notified by email before deletion occurs.

10. Cookies and Tracking Technologies

TypePurposeLegal Basis
Session cookiesMaintain your login session on the web appContract
Language preference cookiesRemember your language choiceLegitimate interests
Analytics cookies (Google Analytics, Firebase)Understand how users interact with the ServiceConsent
Advertising cookies (Facebook Pixel, Google Ads)Measure and optimise ad campaignsConsent

When you first visit the website or web app, a cookie consent banner will ask for your preferences. You may accept all, reject non-essential, or customise your choices. You may update or withdraw consent at any time via the cookie settings link in the footer.

11. Push Notifications

If you opt in to push notifications, I use Firebase Cloud Messaging (Google) to send you streak reminders and updates. You can opt out at any time via My Account → Notification Settings in the App, or through your device's system notification settings.

12. Your Rights Under GDPR

As a user located in the EU/EEA, you have the following rights:

Access (Art. 15)Request a copy of the personal data I hold about you.
Rectification (Art. 16)Update your username and preferences directly in the App. For other corrections (e.g. email), contact support@lingopractice.com.
Erasure (Art. 17)Delete your account at any time via My Account → Delete Account. All personal data is immediately and permanently deleted, subject to legal retention obligations.
Restriction of processing (Art. 18)Request that I limit how I use your data in certain circumstances.
Data portability (Art. 20)Automated export is not yet available. You may request a copy of your personal data by emailing support@lingopractice.com. I will respond within 30 days.
Object to processing (Art. 21)Object to processing based on legitimate interests.
Withdraw consentWhere processing is based on consent (analytics, advertising, push notifications), you may withdraw at any time via the cookie settings, notification settings, or by contacting me. Withdrawal does not affect the lawfulness of processing before withdrawal.
To exercise any right: Email support@lingopractice.com. I will respond within 30 days. In complex cases, I may extend this by a further 30 days and will notify you accordingly.

13. Security

I take the following measures to protect your personal data:

  • Encryption in transit via HTTPS/TLS for all data transmissions
  • Encryption at rest via Google's Firebase and Google Cloud infrastructure
  • Access to personal data is limited to Bruno Coenen only
  • Payment processing is fully delegated to PCI-DSS-compliant providers (Stripe, Apple, Google)

No method of internet transmission is 100% secure. In the event of a personal data breach posing a risk to your rights and freedoms, I will notify the Belgian Data Protection Authority within 72 hours and, where required, notify affected users without undue delay.

14. Complaints — Supervisory Authority

If you believe your personal data is being processed unlawfully, you have the right to lodge a complaint with the Belgian Data Protection Authority:

Gegevensbeschermingsautoriteit (GBA)
Drukpersstraat 35, 1000 Brussels, Belgium
contact@apd-gba.be
www.gegevensbeschermingsautoriteit.be

15. Changes to This Policy

I may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will always reflect the most recent version. For material changes, I will notify you by email or via an in-app notification at least 30 days before the change takes effect.

16. Contact

Bruno Coenen
Brusselsesteenweg 50, 1980 Zemst, Belgium
support@lingopractice.com