POLYPRO
Menu
01Home02About03Prices04Contact
Log inGet started

Privacy Policy

Last updated: 2026-05-22

This page explains what data POLYPRO collects, why we collect it, who we share it with, and what rights you have. We aim for transparency — if anything is unclear, contact privacy@polypro.com.

1. Data we collect

  • Account data: name, email, password (hashed), country, phone (optional), CEFR level, preferred language.
  • Learning data: lesson progress, exercise attempts, quiz scores, AI conversation history, placement-test answers.
  • Payment data: handled by Stripe; we store only the payment intent ID and a snapshot of the transaction.
  • Technical data: IP address, browser/user-agent, page paths visited (for audit logging).

2. Why we collect it

  • Deliver the learning experience (track progress, unlock content, grade exercises).
  • Provide AI tutoring (conversation history is needed for the model to remember context).
  • Process payments (Stripe legal requirement).
  • Detect abuse and protect the platform (audit logs).
  • Send transactional emails: account verification, password reset, payment receipts.

3. Legal basis (GDPR)

  • Performance of contract — for account, learning, and payment data.
  • Legitimate interest — for audit logs and abuse prevention.
  • Consent — for marketing emails (opt-in only; you can opt out anytime).

4. Data sharing

  • We do not sell your data.
  • Sub-processors we use: Stripe (payments), Resend (transactional email), Google Gemini & ElevenLabs & Azure (AI providers — anonymized prompts where possible).
  • We may disclose data if compelled by law or to protect platform safety.

5. Data retention

  • Account data is retained while your account is active and for 12 months after deletion (for legal/tax reasons).
  • Payment receipts are retained for 10 years (tax compliance).
  • AI conversation history is retained for 90 days unless required for ongoing learning context.
  • Audit logs are retained for 24 months.

6. Your rights

  • Access — request a copy of your data (Settings → Export data).
  • Rectification — edit your profile anytime.
  • Erasure — delete your account (Settings → Delete account). Some data is retained as noted above.
  • Portability — receive your data in a machine-readable format.
  • Objection — withdraw consent for marketing or AI processing.

7. Cookies

  • We use strictly-necessary cookies for authentication (JWT tokens) and affiliate tracking (30-day first-touch attribution).
  • We do not use third-party analytics cookies by default.
  • See our Cookie Policy for details.

8. Security

  • Passwords are hashed with Argon2id.
  • JWT tokens are signed with HS256 and rotated.
  • Data in transit is encrypted with TLS 1.3.
  • Database backups are encrypted at rest.

9. Contact

  • For privacy questions, write to privacy@polypro.com.
  • EU users can lodge a complaint with their local Data Protection Authority.

Questions? Email privacy@polypro.com. We respond within 30 days as required by GDPR.

Terms of Service·Cookie Policy·Contact us