ChatoLing

Privacy Policy

Last updated: [DATE] Effective Date: [DATE]

Your Privacy Matters

[SERVICE NAME] ("we," "us," or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, share, and safeguard your information when you use our AI-powered language learning service.

Quick Summary: We collect your messages, conversations, usage data, and contact information to provide our AI language service, save your progress, and send you service updates and promotional content (with your consent). Russian users' data is stored in Russia in compliance with Federal Law 152-FZ. You have full control over your data and can access, modify, or delete it at any time.

Language Note: This Privacy Policy is available in multiple languages. For Russian users, the Russian version governs in case of conflicts.

1. Information We Collect

1.1 Information You Provide Directly

Account Information:

  • Email address (required)
  • Name and profile information (optional)
  • Account preferences (native language, interface settings)
  • Password and authentication credentials

Learning Content:

  • Chat conversations and messages with our AI service
  • Text submitted for translation and saved translations
  • Language learning exercises and responses
  • Test results and assessment scores (when available)
  • Saved phrases, vocabulary, and learning materials

Communication Data:

  • Support requests and correspondence
  • Feedback and survey responses
  • Marketing communication preferences

Payment Information:

  • Subscription billing details (processed securely by third-party payment providers)
  • We do not store complete payment card information

1.2 Information We Collect Automatically

Usage Analytics:

  • Features used and interaction patterns
  • Session duration and frequency of use
  • Learning progress and performance metrics
  • User interface preferences and customizations

Technical Information:

  • Device type, operating system, and browser information
  • IP address and general location (country/region level)
  • Device identifiers and system performance data
  • Error logs and technical diagnostics

Cookies and Similar Technologies:

  • Authentication cookies for login sessions
  • Preference cookies for settings and customizations
  • Analytics cookies for service improvement (with consent)
  • Security cookies for fraud prevention

2. Legal Basis for Processing Your Information

We process your personal information based on the following legal grounds:

2.1 Contract Performance

  • Providing our AI language learning service
  • Managing your subscription and account
  • Processing payments and billing
  • Delivering customer support

2.2 Explicit Consent

  • Sending marketing and promotional emails
  • Using analytics cookies and tracking
  • Processing data for service improvement research
  • Sharing data with specific third-party integrations

2.3 Legitimate Interests

  • Improving service quality and user experience
  • Ensuring platform security and preventing fraud
  • Analyzing usage patterns for product development
  • Providing technical support and troubleshooting

2.4 Legal Obligations

  • Complying with applicable data protection laws
  • Responding to law enforcement requests
  • Maintaining records for tax and accounting purposes

3. How We Use Your Information

3.1 Core Service Provision

  • AI Language Processing: Generating responses to your messages and questions
  • Progress Tracking: Saving your learning history, translations, and achievements
  • Personalization: Customizing content and recommendations based on your learning patterns
  • Account Management: Managing registration, authentication, and subscription services

3.2 Service Improvement

  • Performance Analytics: Understanding how users interact with our service
  • Error Detection: Identifying and fixing technical issues
  • Feature Development: Developing new features based on user needs
  • Quality Assurance: Monitoring service quality and user satisfaction

3.3 Communication

  • Service Notifications: Important account and service updates
  • Customer Support: Responding to your questions and technical issues
  • Marketing Communications: Promotional emails about new features (only with your explicit consent)
  • Legal Notices: Privacy policy updates and terms of service changes

3.4 Security and Compliance

  • Fraud Prevention: Detecting and preventing abuse of our service
  • Security Monitoring: Protecting against unauthorized access
  • Legal Compliance: Meeting obligations under applicable privacy laws
  • Rights Protection: Protecting our intellectual property and user rights

4. How We Share Your Information

4.1 We Do NOT Sell Your Personal Information

We never sell, rent, or trade your personal information to third parties for marketing or commercial purposes.

4.2 Service Providers (Data Processors)

We share information with trusted service providers who help operate our service:

AI Language Models:

  • OpenAI/Anthropic: For AI-powered conversation processing (subject to their privacy policies)
  • Data shared: Your messages and prompts (processed securely)

Infrastructure Providers:

  • Cloud Hosting: Secure servers for data storage and processing
  • Russian Users: Data stored exclusively on Russian Federation servers
  • Email Services: For sending service and marketing communications

Analytics and Support:

  • Analytics Providers: For usage statistics and service improvement
  • Customer Support Platforms: For managing support tickets and inquiries

4.3 Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal processes, subpoenas, or court orders
  • Respond to government requests or law enforcement
  • Protect our rights, property, or safety
  • Prevent fraud, abuse, or violations of our terms
  • Enforce our Terms of Service and other policies

4.4 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction, subject to equivalent privacy protections.

5. International Data Transfers and Localization

5.1 Russian Federation Users

Data Localization Compliance: In accordance with Federal Law No. 152-FZ "On Personal Data," all personal data of Russian citizens is:

  • Stored: On servers physically located within the Russian Federation
  • Processed: Using databases located in Russian territory
  • Protected: According to Russian data protection standards

Cross-Border Transfers: While your primary data copy remains in Russia, limited data may be transferred internationally for:

  • AI processing by approved providers
  • Technical support and maintenance
  • Service improvement analytics

All international transfers comply with Russian law requirements and include appropriate safeguards.

5.2 Other Countries

For users outside Russia, data may be processed internationally with appropriate safeguards:

  • Standard Contractual Clauses: Legal agreements ensuring data protection
  • Adequacy Decisions: Transfers to countries with adequate privacy protections
  • Technical Safeguards: Encryption and security measures during transfer

6. Data Security

6.1 Technical Safeguards

  • Encryption: Data encrypted in transit (HTTPS/TLS) and at rest (AES-256)
  • Access Controls: Multi-factor authentication and role-based access
  • Infrastructure Security: Secure cloud infrastructure with regular updates
  • Network Protection: Firewalls, intrusion detection, and monitoring systems

6.2 Organizational Measures

  • Staff Training: Regular security and privacy training for all employees
  • Access Limitation: Strict need-to-know basis for accessing personal data
  • Regular Audits: Periodic security assessments and vulnerability testing
  • Incident Response: Procedures for detecting and responding to data breaches

6.3 Data Breach Notification

In the event of a data breach affecting your personal information, we will:

  • Immediate Response: Contain and assess the breach within 24 hours
  • Authority Notification: Report to relevant authorities within 72 hours
  • User Notification: Inform affected users promptly with breach details
  • Remedial Action: Implement measures to prevent similar incidents

7. Your Privacy Rights

7.1 Universal Rights (All Users)

Access Rights:

  • Request information about what personal data we collect and process
  • Receive a copy of your personal data in a readable format
  • Understand how and why we process your information

Control Rights:

  • Rectification: Correct inaccurate or incomplete personal data
  • Deletion: Request deletion of your personal data ("right to be forgotten")
  • Restriction: Limit how we process your personal data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing for direct marketing or legitimate interests

7.2 Regional-Specific Rights

Russian Federation Users (Federal Law 152-FZ):

  • Right to information about data processing purposes and legal basis
  • Right to withdraw consent at any time
  • Right to demand cessation of processing for direct marketing
  • Right to compensation for damages caused by violations
  • Contact Authority: Roskomnadzor (rkn.gov.ru, +7 (495) 987-67-67)

Brazilian Users (LGPD):

  • Right to confirmation of data processing
  • Right to access personal data and processing information
  • Right to correction of incomplete or inaccurate data
  • Right not to be subject to automated decision-making
  • Contact Authority: ANPD (anpd.gov.br)

Argentine Users (Personal Data Protection Law):

  • "Habeas Data" rights for access, rectification, and deletion
  • Right to information about data processing
  • Right to object to processing
  • Contact Authority: AAIP (argentina.gob.ar/aaip)

Mexican Users (LFPDPPP):

  • ARCO Rights: Access, Rectification, Cancellation, Opposition
  • Right to limit use and disclosure of personal data
  • Right to withdraw consent
  • Contact Authority: INAI (inai.org.mx)

7.3 How to Exercise Your Rights

Self-Service Options:

  • Account Settings: Access privacy controls in your user dashboard
  • Download Data: Export your data directly from account settings
  • Delete Account: Initiate account deletion through settings

Contact Methods:

  • Email: [privacy@yourservice.com]
  • Online Form: [Privacy Request Form URL]
  • Written Request: [Business mailing address]

Response Times:

  • Acknowledgment: Within 5 business days
  • Completion: Within 30 days (or as required by local law)
  • Complex Requests: May require up to 60 days with notification

8. Marketing Communications and Consent

8.1 Email Marketing Consent

Opt-In Requirements: We only send promotional emails to users who have provided explicit consent by:

  • Checking the marketing consent checkbox during registration (unchecked by default)
  • Opting in through account settings
  • Confirming subscription via double opt-in email verification

What We Send:

  • New feature announcements and product updates
  • Educational content and learning tips
  • Special offers and promotions
  • Service news and company updates

8.2 Withdrawal of Consent

You can withdraw marketing consent at any time through:

  • Unsubscribe Links: Click unsubscribe in any marketing email
  • Account Settings: Modify email preferences in your dashboard
  • Direct Contact: Email us at [support@yourservice.com]

Processing Time: Unsubscribe requests processed within 5 business days.

8.3 Transactional Communications

Some communications are necessary for service operation and cannot be opted out of:

  • Account security alerts and password resets
  • Subscription billing and payment notifications
  • Critical service updates and maintenance notices
  • Terms of Service or Privacy Policy changes

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

Essential Cookies (Always Active):

  • User authentication and login sessions
  • Account preferences and settings
  • Security and fraud prevention
  • Basic functionality and navigation

Analytics Cookies (With Consent):

  • Usage statistics and performance metrics
  • Feature usage and user interaction patterns
  • Error tracking and technical diagnostics
  • Service improvement insights

Preference Cookies (With Consent):

  • Language and interface customizations
  • Saved preferences and personalizations
  • Learning progress and achievements

9.2 Third-Party Cookies

  • Analytics Services: [Google Analytics] for usage insights
  • Support Services: Customer support chat functionality
  • Payment Processing: Secure payment form functionality

9.3 Managing Cookies

Browser Controls:

  • Configure cookie settings through your browser preferences
  • Block or delete cookies at any time
  • Opt out of tracking through browser settings

Our Controls:

  • Cookie preference center (where available)
  • Granular consent options during first visit
  • Account settings for ongoing preference management

10. Data Retention

10.1 Active Accounts

We retain your personal information while your account is active and for the duration necessary to provide our services.

Specific Retention Periods:

  • Account Information: While account is active + 30 days after deletion
  • Conversation History: While account is active + 30 days after deletion
  • Usage Analytics: 2 years from collection (anonymized after 1 year)
  • Support Communications: 3 years for quality assurance purposes
  • Payment Records: As required by tax and accounting laws (typically 7 years)

10.2 Account Deletion

When you delete your account:

  • Immediate: Account access disabled and deletion process initiated
  • 30 Days: Personal data permanently deleted from active systems
  • 90 Days: Data removed from backups and archives
  • Legal Retention: Some data may be retained longer for legal compliance

10.3 Inactive Accounts

Accounts inactive for 3+ years may be automatically deleted after:

  • Email notification 60 days before deletion
  • Final warning 30 days before deletion
  • Opportunity to reactivate account and retain data

11. Children's Privacy

11.1 Age Restrictions

Our service is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13.

11.2 Parental Rights

If you believe your child under 13 has provided us with personal information:

  • Contact us immediately at [privacy@yourservice.com]
  • Provide verification of parental relationship
  • We will delete the information within 30 days of verification

11.3 Teen Privacy (13-17)

Users between 13-17 should:

  • Have parental consent before using our service
  • Review this policy with a parent or guardian
  • Understand their privacy rights and data collection practices

12. Third-Party Integrations

12.1 AI Language Providers

OpenAI/Anthropic Claude:

  • Data Shared: Your messages and prompts for AI processing
  • Purpose: Generating language learning responses
  • Their Policy: Subject to their respective privacy policies
  • Retention: Processed according to their data retention policies

12.2 Translation Services

[Translation Provider]:

  • Data Shared: Text submitted for translation
  • Purpose: Providing translation functionality
  • Retention: Not stored permanently by translation provider

12.3 Analytics and Support

Analytics Providers:

  • Anonymized usage data for service improvement
  • No personally identifiable information shared

Customer Support:

  • Support ticket content and correspondence
  • Used solely for providing technical assistance

13. Updates to This Privacy Policy

13.1 Policy Changes

We may update this Privacy Policy to reflect:

  • Changes in our service or business practices
  • New legal requirements or regulatory changes
  • Enhanced privacy protections or user controls
  • User feedback and service improvements

13.2 Notification Process

Material Changes:

  • Email notification to all registered users
  • Prominent notice on our website and in-app
  • 30-day advance notice before changes take effect

Minor Changes:

  • Updated "Last Modified" date
  • Notification through our service
  • Continued use constitutes acceptance

13.3 Version Control

  • Previous versions available upon request
  • Record of when users accepted each version
  • Clear changelog of modifications made

14. Regional Compliance Information

14.1 Russian Federation

Governing Law: Federal Law No. 152-FZ "On Personal Data" Data Localization: All Russian user data stored within Russian Federation Authority: Roskomnadzor Local Representative: [To be appointed]

14.2 Brazil

Governing Law: Lei Geral de Proteção de Dados (LGPD) Authority: Autoridade Nacional de Proteção de Dados (ANPD) DPO: [Data Protection Officer contact]

14.3 Argentina

Governing Law: Personal Data Protection Law No. 25,326 Authority: Agencia de Acceso a la Información Pública (AAIP)

14.4 Mexico

Governing Law: Ley Federal de Protección de Datos Personales (LFPDPPP) Authority: Instituto Nacional de Transparencia (INAI)

15. Contact Information

15.1 General Inquiries

Email: [hello@yourservice.com] Support: [support@yourservice.com] Address: [Business Address]

15.2 Privacy-Specific Contacts

Privacy Officer: [privacy@yourservice.com] Data Protection Officer: [dpo@yourservice.com] (if applicable) Russian Representative: [russia@yourservice.com] (when established)

15.3 Regulatory Authorities

If you have concerns about our privacy practices, you may also contact:

Russia: Roskomnadzor (rkn.gov.ru) Brazil: ANPD (anpd.gov.br) Argentina: AAIP (argentina.gob.ar/aaip) Mexico: INAI (inai.org.mx)

15.4 Response Commitments

  • Privacy Inquiries: Response within 5 business days
  • Rights Requests: Completion within 30 days
  • Urgent Matters: Response within 24 hours
  • Complex Requests: Up to 60 days with progress updates

Language Versions: This Privacy Policy is available in multiple languages. In case of conflicts between language versions, the version in your local language (Russian for Russian users, Spanish/Portuguese for Latin American users) shall govern.

Effective Date: This Privacy Policy is effective as of [DATE] and was last updated on [DATE].

By using our service, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your personal information as described in this Privacy Policy.

← Back to Home