LexiLex Privacy Policy

Effective Date: 05/20/2025

1. General Information

1.1. This Privacy Policy ("Policy") explains how ILYA KHARYN ("Developer"), residing in Poland, collects, uses, and protects personal data in the LexiLex mobile application ("Application").

1.2. This Policy complies with the EU General Data Protection Regulation (GDPR) and applicable local laws.

1.3. The English version of this Policy prevails. Translated versions are for convenience only.

2. Data Controller

• Developer: ILYA KHARYN
• Location: Poland
• Trademark: Qellum
• Contact: lexilex.qellum@gmail.com

3. Data We Collect

3.1. Required Data:

• Email (for email registration).
• Google/Apple identifiers (for social login).
• User texts, translations, and analyses.
• Flashcards and learning progress.
• Account creation date and last activity.

3.2. Automatically Collected Data:

• Device info (model, OS, app version).
• Technical logs, error data, crash reports via Firebase Crashlytics.
• Usage metadata (session time, feature usage frequency).
• Application performance metrics.

3.3. Audio Data:

• Voice recordings for speech-to-text conversion via Google Cloud Speech-to-Text API.
• Processed on Google Cloud servers and deleted immediately after text conversion.
• No audio data is stored on our servers.

3.4. Images:

• Photos for text recognition (OCR) via Google Cloud Vision API.
• Processed on Google Cloud servers and deleted immediately after text extraction.
• No OCR images are stored on our servers.
• Images attached to support requests are stored on our servers for technical support purposes.

3.5. Not Collected:

• Geolocation data.
• Device contacts.
• Text content is not sent to analytics services (only metadata).

4. Purposes of Data Processing

4.1. Service Provision:

• Account authentication via Firebase Authentication.
• Speech-to-text conversion via Google Cloud Speech-to-Text.
• Optical Character Recognition via Google Cloud Vision.
• Text translation and analysis via Claude API (Anthropic) and OpenAI API.
• Phrase vocalization via Google Text-to-Speech.
• Saving user content and learning progress.
• Flashcard generation and management.

4.2. Improvement:

• Usage analysis via Firebase Analytics and Google Analytics.
• Crash reporting and error tracking via Firebase Crashlytics.
• Technical support and troubleshooting.

5. Legal Grounds

• Contract: To provide Application services.
• Consent: For analytics and non-essential processing, obtained during registration or in-app settings.
• Legitimate Interests: For security, operational stability, and service improvement.

6. Data Transfers

6.1. Google LLC (USA):

• Firebase Authentication, Analytics, Crashlytics.
• Google Cloud Speech-to-Text and Vision APIs.
• Google Text-to-Speech (processes text for vocalization, no storage).
• Protected by Standard Contractual Clauses and Google's adequacy decisions.

6.2. Anthropic (USA):

• Claude API for text translation and analysis.
• Only text content is sent, immediately processed, not stored by Anthropic.
• Protected by Standard Contractual Clauses.

6.3. OpenAI (USA):

• OpenAI API for additional text analysis and processing.
• Only text content is sent, processed according to OpenAI's data usage policies.
• Protected by Standard Contractual Clauses.

6.4. Hetzner Online GmbH (Germany):

• Primary server hosting, GDPR-compliant within the EU.

7. Data Storage

7.1. Location: Primary storage on Hetzner servers, Germany (EU).

7.2. Retention:

• User content and account data: Stored indefinitely until actively deleted by user or account termination.
• Inactive accounts: Data retained for 24 months after last login, then automatically deleted.
• Technical logs and crash reports: Up to 24 months.
• Support communications and attachments: Retained for up to 36 months for quality assurance and legal compliance.
• Analytics data: Retained per Google's and Firebase policies.
• Audio recordings and OCR images: Deleted immediately after processing (not stored).
• Temporary processing data: Deleted within 24 hours.

7.3. Data Deletion:

• Users can delete their accounts and all associated data via in-app settings.
• Upon deletion, all user data is permanently removed from our servers within 30 days.

8. Your Rights (GDPR)

8.1. Access: Request copies of your personal data.

8.2. Rectification: Correct inaccurate or incomplete data.

8.3. Erasure: Delete your data ("right to be forgotten").

8.4. Restriction: Limit how we process your data.

8.5. Portability: Receive your data in a machine-readable format.

8.6. Objection: Object to processing based on legitimate interests.

8.7. Withdraw consent: Revoke consent for analytics and optional features.

8.8. California Residents (CCPA): Right to know, delete, and opt out of data sales (we do not sell data).

8.9. Exercise Rights: Contact lexilex.qellum@gmail.com with your request.

9. Data Security

9.1. Security Measures:

• Data encryption in transit (HTTPS/TLS 1.3).
• Data encryption at rest on servers.
• Secure API authentication and authorization.
• Regular security updates and monitoring.

9.2. Incident Response:

• Security breaches affecting personal data will be reported to users and relevant authorities within 72 hours as required by GDPR.

10. Cookies and Analytics

10.1. Mobile Application:

• Uses local device storage for functionality and user preferences.
• Firebase Analytics for usage patterns and app performance.
• Google Analytics for aggregated usage statistics.
• Firebase Crashlytics for crash reporting and debugging.

10.2. Website (if applicable):

• Google Analytics cookies for website functionality and traffic analysis.
• Essential cookies for website operation.

10.3. Third-Party Analytics:

• Data is anonymized and aggregated where possible.
• No personal text content is sent to analytics services.
• Users can opt out of analytics in app settings.

11. Children's Privacy

11.1. The Application is designed for users aged 18 and older.

11.2. We do not knowingly collect personal data from users under 18.

12. International Data Transfers

12.1. EU Users: Data is primarily stored within the EU (Germany) but may be transferred to the US for processing by Google, Anthropic, and OpenAI under adequate safeguards.

12.2. Non-EU Users: Data may be transferred internationally for processing, always with appropriate safeguards in place.

12.3. Safeguards: Standard Contractual Clauses, adequacy decisions, and certified frameworks ensure data protection during transfers.

13. Changes to the Policy

13.1. Users will be notified of policy changes via in-app notifications or email.

13.2. Material changes will take effect 30 days after notification.

13.3. Significant changes affecting data processing may require renewed consent.

13.4. Continued use after changes implies acceptance of the updated policy.

14. Contact Information

For privacy-related questions:

• Email: lexilex.qellum@gmail.com
• Response time: Within 30 days (GDPR requirement)

For data subject requests:

• Include: Full name, email address, specific request type
• Verification may be required for security purposes

15. Supervisory Authority

EU Residents: Contact your local data protection authority or the Personal Data Protection Office (UODO) in Poland.

Other Jurisdictions: Contact your local privacy regulator or data protection authority.

Trademark: Qellum
Last updated: 05/20/2025