Privacy Policy

Account Data

When you create an account, we collect:

• Email address - for account authentication and communication
• Display name - for personalization and social features
• Chosen language - to provide relevant practice content
• Profile picture/avatar - optional, for personalization
• Account preferences - including notification settings and learning preferences

Practice Data

To provide pronunciation feedback and track your progress, we collect:

• Audio recordings - your pronunciation practice sessions
• Pronunciation feedback - AI-generated analysis and scores
• Progress metrics - practice frequency, improvement trends, and achievements
• Practice history - sentences practiced, scores achieved, and learning patterns
• Certificates - achievement certificates and progress milestones

Usage Data

To improve our service and provide a better user experience, we collect:

• Browser information - device type, browser version, and screen resolution
• Usage patterns - features used, time spent, and interaction patterns
• Performance data - page load times, error rates, and system health metrics
• Analytics data - anonymized usage statistics and feature adoption rates

Anonymous Usage Tracking

Our anonymous tracking system includes:

• Hashed identifiers - created from IP address and browser information using SHA-256
• Daily usage count - tracks practice sessions per day (limited to 3 for anonymous users)
• Automatic cleanup - all anonymous data is deleted after 30 days
• No personal information - we never collect names, emails, or personal details
• Explicit consent - we ask for your permission before implementing tracking

You can decline this tracking and create a free account instead, which provides more practice sessions and better features.

Cookies & Local Storage

We use cookies and local storage for the following purposes:

• Authentication: To maintain your Firebase authentication session
• Preferences: To remember interface preferences such as sidebar state and theme settings
• Learning Settings: To persist settings like selected language and practice cooldown timers
• Analytics: To store analytics parameters and track user interactions
• Performance: To cache frequently used data and improve loading speeds

You can clear these at any time through your browser settings. Note that clearing cookies will log you out of your account.

Third-Party Services

Our service relies on the following third-party providers:

• Firebase (Google): For authentication, database storage, and hosting
• Vercel Blob: For secure file uploads and avatar storage
• Google AI Services: For pronunciation analysis and speech recognition
• Azure Cognitive Services: For additional pronunciation validation
• FlagCDN: For flag images used in language selection
• reCAPTCHA: For bot protection and security

These providers may process data according to their own privacy policies. We ensure all providers meet our security and privacy standards.

Security Measures

We implement comprehensive security measures to protect your data:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest
• Access Control: Strict access controls and authentication requirements
• Input Validation: Comprehensive validation and sanitization of all user inputs
• Security Headers: Implementation of security headers including CSP, HSTS, and XSS protection
• Regular Audits: Regular security audits and vulnerability assessments
• Monitoring: Continuous monitoring for suspicious activities and potential threats

Data Management

You can manage your data through your account settings:

• Review Data: View all personal information we have stored about you
• Update Information: Modify your profile, preferences, and account settings
• Delete Specific Data: Remove individual practice sessions, recordings, or uploaded files
• Manage Sessions: View and terminate active sessions across devices
• Privacy Settings: Control what information is shared publicly

Visit the Privacy & Data section of your account settings to manage your data.

Data Retention

We retain your information for as long as your account is active and as needed to provide our services:

• Account Data: Retained until account deletion
• Practice Data: Retained until account deletion or manual removal
• Usage Analytics: Retained for up to 2 years for service improvement
• Anonymous Tracking: Automatically deleted after 30 days
• Backup Data: Securely deleted within 90 days of account deletion

Account Deletion: When you delete your account, we will remove your personal data and uploaded files from our systems within 30 days.

Data Export

You have the right to request a copy of all your personal data:

• Complete Export: Download all your data in a structured format
• Specific Data: Request specific categories of data
• Format Options: Receive data in JSON, CSV, or other formats
• Processing Time: Exports are typically processed within 7 days

Contact us at support@vernato.org to request a data export.

URL Cleanup System

Our URL cleanup system automatically processes analytics parameters:

• Automatic Detection: Identifies analytics parameters in URLs
• Data Extraction: Stores analytics data for tracking purposes
• URL Cleaning: Removes analytics parameters for a clean user experience
• Privacy Protection: IP addresses are hashed and not stored in plain text
• User Control: Analytics data can be cleared through browser settings

This system helps us understand how users discover our service while maintaining a clean browsing experience.

Performance Monitoring

We monitor service performance to ensure optimal user experience:

• Core Web Vitals: Track loading performance and user experience metrics
• Error Tracking: Monitor and resolve technical issues quickly
• Resource Timing: Optimize page load times and resource delivery
• User Interactions: Understand how users interact with our features
• System Health: Monitor overall service health and availability

All performance data is anonymized and used solely for service improvement.