Privacy Policy
Last updated: May 5, 2026
This Privacy Policy explains how Lingolean, operated by Leandro Acevedo ("we", "us", "our"), collects, uses, and protects your personal data. We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR).
1. Data Controller
Leandro Acevedo, Bessemerstraße 51/1.OG, 13055 Berlin, Germany. Email: leandro@lingolean.com.
2. Data We Collect
Account Data
When you create an account via Google sign-in, we receive your name, email address, and profile picture from Google. This is processed by Firebase Authentication.
Analytics Data
We use PostHog (EU-hosted) to collect usage analytics, including pages visited, features used, and general interaction patterns. Analytics cookies are only set after you give consent via our cookie banner. This helps us improve the Service.
Payment Data
Subscription payments are processed by Stripe Payments Europe, Limited (Dublin, Ireland). We do not store your full credit/debit card details — these are tokenized and held by Stripe. We do store, in your user record on Firestore, a Stripe customer ID (a non-sensitive opaque identifier issued by Stripe), your subscription tier ('free' or 'premium'), subscription status, and the end date of any active subscription. Stripe collects and stores additional billing information (name, email, billing address, country, payment method metadata) directly under their own privacy policy.
User Content
Texts you submit for analysis are processed to provide the Service. Saved vocabulary and reading progress are stored in your account.
3. Legal Basis for Processing
We process your personal data on the following legal bases under GDPR Art. 6(1): (a) Consent — for analytics cookies and optional data processing (you can withdraw consent at any time); (b) Contract performance — to provide and maintain the Service, process payments, and manage your account (Art. 6(1)(b)); (c) Legitimate interest — to improve our Service, ensure security, and prevent fraud (Art. 6(1)(f)).
4. How We Use Your Data
We use your data to: provide and improve the Service, process payments, send essential account notifications, and analyze usage patterns to improve our tools. We do not sell your data to third parties.
5. Third-Party Services
We use the following third-party services: Firebase (authentication and data storage, Google LLC), Stripe (payment processing), PostHog (analytics, EU-hosted). Each service processes data according to their respective privacy policies.
6. International Data Transfers
Our backend (Firebase Authentication, Firestore, Cloud Functions) is hosted in the EU region (europe-west1, Belgium). Stripe Payments Europe, Limited (Dublin, Ireland) processes EU customer payments within the EEA; some Stripe operational systems may transfer data to Stripe, Inc. (USA) under Standard Contractual Clauses approved by the European Commission and the EU-US Data Privacy Framework adequacy decision. Firebase/Google services may transfer some operational data to the United States under the same legal mechanisms. PostHog is hosted in the EU and does not transfer personal data outside the EEA.
7. Cookies
We use essential cookies for authentication and session management, which are necessary for the Service to function. Analytics cookies (PostHog) are only set after you grant consent via our cookie consent banner. You can change your cookie preferences at any time by clearing your browser's local storage and reloading the page.
8. Your Rights (GDPR)
Under the GDPR, you have the right to: access your personal data (Art. 15), rectify inaccurate data (Art. 16), request deletion of your data (Art. 17), restrict processing (Art. 18), data portability (Art. 20), and object to processing (Art. 21). To exercise these rights, contact us at leandro@lingolean.com. You also have the right to lodge a complaint with your local data protection supervisory authority. For users in Berlin, this is the Berliner Beauftragte für Datenschutz und Informationsfreiheit (https://www.datenschutz-berlin.de).
9. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you.
10. Data Retention
Account data is retained while your account is active. You may delete your account at any time directly from the app (Profile → Edit Profile → Delete Account); upon deletion, all your decks, vocabulary, learning progress, chat history and account data are erased from our systems, and any active Premium subscription is automatically cancelled in Stripe. Note: Stripe retains records of past transactions and invoices for a legally mandated period (typically 7-10 years under German commercial and tax law, HGB § 257 and AO § 147) for accounting and audit purposes; these records are held by Stripe under their own data controller obligations and are not within our control to delete. Analytics data (PostHog) is anonymized and retained for up to 12 months.
11. Data Security
We implement appropriate technical and organizational measures to protect your data, including encryption in transit (HTTPS) and at rest, secure authentication via Firebase, and access controls.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The latest version is always available on our website.
13. Contact
For privacy-related inquiries, contact: Leandro Acevedo, Bessemerstraße 51/1.OG, 13055 Berlin, Germany. Email: leandro@lingolean.com.