← Back to Home

Privacy Policy

Last Updated: May 14, 2026 · Effective Date: May 14, 2026

1. Introduction

SpeaksyAI (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application SpeaksyAI (“App”). Please read this policy carefully. If you disagree with its terms, please discontinue use of the App immediately.

This policy is compliant with applicable privacy laws including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), India's Digital Personal Data Protection Act (DPDPA 2023), Apple App Store Guidelines, and Google Play Store Developer Program Policies.

2. Information We Collect

2.1 Account & Identity Information

  • Full name
  • Email address
  • Profile photo (optional, via Google/Apple sign-in)
  • Date of birth (for age verification)
  • Username or display name
  • Authentication credentials (stored securely via JWT tokens)

2.2 Voice & Audio Data

  • Voice recordings captured during AI tutoring sessions
  • Processed audio streams sent to Google Gemini 2.5 Flash for real-time AI responses
  • Audio session metadata (duration, timestamps, session ID)
  • Pronunciation assessments and speech evaluation scores
  • Session recordings may be stored on Google Cloud Storage for learning progress analysis

2.3 Learning & Usage Data

  • Languages selected for learning
  • Native language and proficiency level
  • Lesson progress, completion rates, and scores
  • Game session data and performance metrics
  • Quiz answers and exercise responses
  • Streak counts, XP points, and gamification data
  • Course enrollment and completion status
  • Time spent on individual lessons and features

2.4 Device & Technical Information

  • Device type, model, and operating system version
  • App version and crash logs
  • IP address (used for geolocation and security)
  • Unique device identifiers
  • Push notification tokens (via Firebase)
  • Network connectivity status
  • Time zone and locale settings

2.5 Payment & Subscription Information

  • Subscription plan and status (free/premium)
  • Purchase history and transaction IDs
  • Payment processing is handled by Apple In-App Purchase, Google Play Billing, or Razorpay — we do NOT store your card or payment card details directly
  • Billing country and currency

2.6 Analytics & Behavioral Data

  • Features accessed and interaction patterns
  • Session frequency and engagement metrics
  • Error logs and app performance telemetry (via OpenTelemetry)
  • A/B test group assignments
  • Page views, user journeys, and session data collected via Google Analytics 4 (web)
  • App usage events, screen views, and engagement metrics via Firebase Analytics (mobile)

2.7 OAuth & Third-Party Sign-In Data

  • Google account display name and email (via Google Sign-In)
  • Apple ID verified email or relay email (via Sign in with Apple)
  • We do not access your contacts, calendar, or other personal data from these providers

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide the Service

  • Authenticate your account and maintain your session
  • Deliver AI-powered voice tutoring sessions via Google Gemini
  • Personalize your language learning path and curriculum
  • Track and display your learning progress, streaks, and achievements
  • Enable in-app games, quizzes, and exercises

3.2 To Improve Our Service

  • Analyze anonymized usage patterns to improve app features
  • Debug crashes and fix technical issues
  • Conduct internal research on learning effectiveness
  • Train and improve AI models using anonymized, aggregated data only (not your identifiable recordings without explicit consent)

3.3 Communication

  • Send push notifications about lesson reminders, streaks, and achievements
  • Notify you of subscription changes and billing
  • Send important service or security announcements
  • Respond to your support requests

3.4 Legal & Safety

  • Enforce our Terms of Service
  • Prevent fraud and abuse
  • Comply with legal obligations
  • Protect the rights and safety of users and SpeaksyAI

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data under these legal bases:

  • Contract performance: To provide the App's core language learning services
  • Legitimate interests: For analytics, security, and service improvement
  • Consent: For marketing communications, storing voice recordings for AI training, and optional features
  • Legal obligation: For tax, fraud prevention, and regulatory compliance

5. Data Sharing & Disclosure

We do not sell your personal data. We share data only in these circumstances:

5.1 Service Providers

  • Google Cloud Platform (GCP): Hosting, storage (Cloud SQL, GCS), and AI processing
  • Google Gemini API: Voice and AI conversation processing
  • Google Firebase: Push notifications and authentication
  • Google Cloud Translate: Dynamic UI translation
  • Razorpay: Payment processing (India)
  • Apple / Google: In-app purchase processing
  • Google Analytics 4 (GA4): Web usage analytics, page views, and user behavior tracking
  • Firebase Analytics (Google): Mobile app usage analytics and engagement metrics

5.2 Legal Requirements

  • Law enforcement or government authorities when required by law
  • To protect the safety or rights of any person
  • In connection with legal proceedings

5.3 Business Transfers

  • In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before data is transferred and subject to a different privacy policy.

6. Voice Data & AI Processing

SpeaksyAI's core feature involves real-time voice interaction. Here's exactly how your voice data is handled:

  • Voice audio is streamed to Google Gemini 2.5 Flash in real-time for AI tutoring responses
  • Audio is transmitted as Opus-compressed audio at 16kHz sample rate
  • Session recordings may be stored on Google Cloud Storage for up to 90 days for quality review and learning analytics
  • You can delete your voice recordings at any time from your Profile settings
  • We obtain explicit microphone permission before any recording begins
  • Voice data is never shared with advertising networks or third-party marketers
⚠️

Voice recordings may constitute Sensitive Personal Data (Biometric Data) under GDPR, CCPA/CPRA, and India's DPDPA. We obtain your explicit consent before storing voice sessions for any purpose beyond real-time tutoring.

7. Data Retention

We retain your data for the following periods:

  • Account data: Until you delete your account + 30 days
  • Voice recordings: Up to 90 days, then permanently deleted
  • Learning progress data: Duration of your account
  • Anonymized analytics: Up to 2 years
  • Financial/billing records: 7 years (legal requirement)
  • Support communications: 2 years

8. Your Privacy Rights

Depending on your location, you may have these rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion ("Right to be Forgotten"): Request deletion of your personal data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Restriction: Request restriction of processing in certain circumstances
  • Withdraw Consent: Withdraw consent at any time (for consent-based processing)
  • Opt-out of push notifications: Via device settings at any time
  • Automated Decision-Making: Object to or request human review of decisions made solely by automated means, including AI pronunciation scoring
  • Lodge a Complaint: Contact your national Data Protection Authority. UK: Information Commissioner's Office (ico.org.uk). EU: your national supervisory authority. India: the Data Protection Board of India.

To exercise any of these rights, email us at: contact@speaksyai.com or use the “Delete Account” option in your Profile settings.

9. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

9.1 Your California Rights

  • Know: Right to know what personal information we collect, use, share, and sell
  • Delete: Right to request deletion of your personal information
  • Correct: Right to correct inaccurate personal information we hold about you
  • Opt-Out of Sale or Sharing: We do not sell your personal information. However, you may direct us not to share your data for cross-context behavioral advertising
  • Limit Sensitive Personal Information (SPI): Voice recordings are classified as SPI under CPRA. You may limit our use of your voice data to what is strictly necessary to provide the service
  • Non-Discrimination: We will not discriminate against you for exercising any of these rights
  • Opt-Out of Automated Decision-Making: You may opt out of AI-based profiling that produces legal or similarly significant effects

9.2 "Do Not Sell or Share" Opt-Out

  • We do not sell your personal information to third parties
  • To opt out of any sharing for advertising purposes, email us at: privacy@speaksyai.com with subject line "CCPA Opt-Out Request"

9.3 Submitting a California Rights Request

  • Email: privacy@speaksyai.com with subject "California Privacy Request"
  • We will verify your identity and respond within 45 days (extendable by an additional 45 days with notice)
  • You may designate an authorized agent to make requests on your behalf

10. Children's Privacy

SpeaksyAI is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal data from children under these ages. If you believe we have inadvertently collected data from a child, please contact us immediately at contact@speaksyai.com and we will delete it promptly.

11. Data Security

We implement industry-standard security measures to protect your data:

  • All data transmitted over HTTPS/TLS encryption
  • JWT tokens stored in encrypted secure storage on your device
  • Passwords hashed with bcrypt
  • RS256 asymmetric JWT signing
  • GCP infrastructure with VPC isolation and IAM access controls
  • Regular security audits and monitoring via OpenTelemetry

While we strive to protect your data, no method of internet transmission or electronic storage is 100% secure. Please use a strong password and enable account security features.

12. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify relevant supervisory authorities within 72 hours of becoming aware of the breach (where required by GDPR / UK GDPR)
  • Notify affected users without undue delay when the breach is likely to result in a high risk to your rights
  • Notifications will be sent to your registered email address and via in-app alert
  • Our breach response team can be reached at: security@speaksyai.com

13. International Users

Brazil (LGPD)

  • Brazilian users are protected under the Lei Geral de Proteção de Dados (LGPD)
  • Legal basis: Contract performance and consent for data processing
  • You may exercise your rights by contacting: contact@speaksyai.com
  • You may lodge a complaint with the ANPD (Autoridade Nacional de Proteção de Dados) at gov.br/anpd

Canada (PIPEDA)

  • Canadian users are protected under PIPEDA and applicable provincial privacy laws
  • Our designated Privacy Officer handles Canadian privacy inquiries: contact@speaksyai.com
  • Unresolved complaints may be referred to the Office of the Privacy Commissioner of Canada

Australia (Privacy Act 1988)

  • Australian users are protected under the Australian Privacy Principles (APPs)
  • You may contact us to access, correct, or complain about handling of your personal information
  • Unresolved complaints may be referred to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

14. International Data Transfers

Your data is processed and stored on Google Cloud Platform servers, which may be located outside your country of residence, including in the United States. We ensure appropriate safeguards are in place for international transfers, including Google's Standard Contractual Clauses (SCCs) for EEA users.

15. Cookies & Local Storage

The SpeaksyAI mobile app uses the following local storage mechanisms:

  • Shared Preferences: App settings, language preferences, theme
  • Hive (local database): On-device translation cache for offline use
  • Flutter Secure Storage: JWT tokens and authentication credentials (encrypted)
  • No third-party advertising cookies are used in the mobile app

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via an in-app notification or email at least 30 days before changes take effect. Your continued use of the App after changes constitute acceptance of the updated policy. The “Last Updated” date at the top reflects the most recent revision.

17. Contact Us

For privacy-related inquiries or to exercise your rights:

  • Email & Support: contact@speaksyai.com
  • Address: Nigdi, Pune, Maharashtra, India - 411044
  • Data Protection Officer: contact@speaksyai.com

This Privacy Policy was last reviewed by our legal team on May 31, 2026. SpeaksyAI is compliant with GDPR, CCPA, DPDPA 2023, Apple App Store, and Google Play Store privacy requirements.