Privacy Policy

Comprehensive Data Protection Framework

Effective Date: January 15, 2025

V2.1Version 2.1

Comprehensive Coverage: This privacy policy applies universally to all Vernato platform users, encompassing both guest visitors and registered account holders. We maintain an unwavering commitment to transparency and the protection of individual privacy rights.

Overview

Vernato operates as a specialized pronunciation improvement platform, utilizing advanced artificial intelligence to provide targeted speech analysis and enhancement capabilities. This comprehensive privacy policy delineates our data collection practices, utilization protocols, storage methodologies, and protective measures implemented when you engage with our services.

Privacy protection is embedded within our platform architecture through principled design and robust security implementations. Regardless of whether you utilize our services as a guest visitor or maintain a registered account, we uphold complete transparency while providing comprehensive control mechanisms over your personal information.

Information Collection

Information collection varies based on your engagement method with our pronunciation improvement platform. We adhere strictly to data minimization principles, collecting only information essential for service delivery and platform enhancement.

Account Registration Data

Upon account establishment, we collect the following information:

Authentication Information: Email address for account verification and secure communication
Profile Data: Display name for platform personalization and user identification
Language Preference: Selected language to optimize pronunciation training content
Visual Identity: Optional profile imagery for personalized user experience
User Configuration: Notification preferences and platform interaction settings

Pronunciation Training Data

To deliver precise pronunciation analysis and monitor improvement, we collect:

Audio Submissions: Recorded pronunciation practice sessions for analysis
Analysis Results: AI-generated pronunciation evaluation and scoring
Performance Metrics: Practice frequency, accuracy trends, and improvement indicators
Training History: Record of practiced content, achieved scores, and learning progression
Achievement Records: Milestone recognition and pronunciation accomplishment certificates

Platform Analytics

To enhance service quality and optimize user experience, we collect:

Technical Specifications: Device characteristics, browser configuration, and display parameters
Interaction Patterns: Feature utilization, session duration, and user behavior analytics
Performance Metrics: System response times, error incidence, and operational efficiency data
Service Analytics: Anonymized utilization statistics and feature adoption measurements

Privacy-Preserving Guest Access

Privacy-First Architecture: For users who prefer not to establish accounts, we implement privacy-preserving mechanisms to maintain service integrity and prevent system abuse.

Our guest access protection system incorporates:

Cryptographic Identifiers: One-way hashed tokens derived from network and browser characteristics using SHA-256
Usage Monitoring: Daily session tracking (limited to 3 sessions for guest users)
Automated Data Lifecycle: Complete data removal after 30-day retention period
Information Exclusion: No collection of personally identifiable information or contact details
Consent-Based Implementation: Explicit user permission required for tracking activation

Users may decline tracking mechanisms and establish standard accounts, which offer expanded session limits and enhanced platform capabilities.

Information Utilization

Collected information serves the following essential purposes:

Service Delivery

• Delivering AI-powered pronunciation analysis and feedback
• Maintaining progress tracking across multiple devices
• Enabling optional achievement sharing when authorized
• Implementing access controls to ensure service integrity

Platform Enhancement

• Optimizing feature performance and user experience
• Analyzing utilization patterns for service improvement
• Communicating critical updates and security information
• Ensuring legal compliance and rights protection

Data Storage & Security

We implement industry-standard security measures to protect your data and ensure it is stored securely.

Cookies & Local Storage

We use cookies and local storage for the following purposes:

Authentication: To maintain your Firebase authentication session
Preferences: To remember interface preferences such as sidebar state and theme settings
Learning Settings: To persist settings like selected language and practice cooldown timers
Analytics: To store analytics parameters and track user interactions
Performance: To cache frequently used data and improve loading speeds

You can clear these at any time through your browser settings. Note that clearing cookies will log you out of your account.

Third-Party Services

Our service relies on the following third-party providers:

Firebase (Google): For authentication, database storage, and hosting
Vercel Blob: For secure file uploads and avatar storage
Google AI Services: For pronunciation analysis and speech recognition
FlagCDN: For flag images used in language selection
reCAPTCHA: For bot protection and security

These providers may process data according to their own privacy policies. We ensure all providers meet our security and privacy standards.

Security Measures

We implement comprehensive security measures to protect your data:

Encryption: All data is encrypted in transit (TLS 1.3) and at rest
Access Control: Strict access controls and authentication requirements
Input Validation: Comprehensive validation and sanitization of all user inputs
Security Headers: Implementation of security headers including CSP, HSTS, and XSS protection
Regular Audits: Regular security audits and vulnerability assessments
Monitoring: Continuous monitoring for suspicious activities and potential threats

Your Rights & Control

You have comprehensive rights and control over your personal data. We are committed to making it easy for you to exercise these rights.

Data Management

You can manage your data through your account settings:

Review Data: View all personal information we have stored about you
Update Information: Modify your profile, preferences, and account settings
Delete Specific Data: Remove individual practice sessions, recordings, or uploaded files
Manage Sessions: View and terminate active sessions across devices
Privacy Settings: Control what information is shared publicly

Visit the Privacy & Data section of your account settings to manage your data.

Data Retention

We retain your information for as long as your account is active and as needed to provide our services:

Account Data: Retained until account deletion
Practice Data: Retained until account deletion or manual removal
Usage Analytics: Retained for up to 2 years for service improvement
Anonymous Tracking: Automatically deleted after 30 days
Backup Data: Securely deleted within 90 days of account deletion

Account Deletion: When you delete your account, we will remove your personal data and uploaded files from our systems within 30 days.

Data Export

You have the right to request a copy of all your personal data:

Complete Export: Download all your data in a structured format
Specific Data: Request specific categories of data
Format Options: Receive data in JSON, CSV, or other formats
Processing Time: Exports are typically processed within 7 days

Analytics & Tracking

We use analytics and tracking systems to improve our service while respecting your privacy.

URL Cleanup System

Our URL cleanup system automatically processes analytics parameters:

Automatic Detection: Identifies analytics parameters in URLs
Data Extraction: Stores analytics data for tracking purposes
URL Cleaning: Removes analytics parameters for a clean user experience
Privacy Protection: IP addresses are hashed and not stored in plain text
User Control: Analytics data can be cleared through browser settings

This system helps us understand how users discover our service while maintaining a clean browsing experience.

Performance Monitoring

We monitor service performance to ensure optimal user experience:

Core Web Vitals: Track loading performance and user experience metrics
Error Tracking: Monitor and resolve technical issues quickly
Resource Timing: Optimize page load times and resource delivery
User Interactions: Understand how users interact with our features
System Health: Monitor overall service health and availability

All performance data is anonymized and used solely for service improvement.

Legal Compliance

We are committed to complying with applicable privacy laws and regulations:

GDPR Compliance: We comply with the General Data Protection Regulation (GDPR) for users in the European Union
CCPA Compliance: We respect the California Consumer Privacy Act (CCPA) for California residents
COPPA Compliance: We do not knowingly collect personal information from children under 13
Data Protection Principles: We follow data minimization, purpose limitation, and security by design principles
User Rights: We respect your rights to access, rectify, erase, and port your personal data
Breach Notification: We will notify you of any data breaches affecting your personal information

If you believe we have not properly addressed your privacy concerns, you have the right to contact your local data protection authority.

Contact Information

If you have any questions about this privacy policy or our data practices, please contact us:

Email: support@vernato.org

This privacy policy is effective as of January 15, 2025. We may update this policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.