Privacy Policy

This Policy explains what data N-glish AI ("we", "us") collects when you use our spoken English practice app (the "Service"), why we collect it, and what rights you have over it. N-glish AI is operated by an individual sole proprietor. We serve users worldwide.

• Account data: email address, username, and a securely hashed password (we never store your plaintext password).
• Onboarding data: your self-reported English level, learning goal, and (optionally) native language — used to personalize conversations.
• Voice recordings & transcripts: audio you record during a conversation, and the resulting text transcript and AI reply.
• Usage data: conversation minutes used, conversation topics, and message counts, used to enforce plan limits and improve the product.
• Billing data: handled by Paddle (see Section 5) — we receive your subscription status and renewal date, not your full card details.
• Technical data: IP address, device/browser information, and cookies necessary to keep you signed in (see Section 6).

We use this data to: provide and personalize the Service, transcribe and respond to your voice messages, enforce trial/subscription limits, process payments, secure your account, and improve the product. We do not sell your personal data, and we do not use it for advertising.

Audio you record is sent to our transcription provider to generate a text transcript, then discarded — we do not persist the raw audio file. The resulting text transcript and the AI's reply are stored as part of your conversation history so you can review or resume it, until you delete that conversation or your account, at which point they are permanently deleted from our database.

We do not use your voice recordings or transcripts to train AI models, ours or anyone else's. The third-party AI providers listed in Section 5 process your voice and transcript only to generate a reply to you, and do not use it to train their models, per their respective API terms.

We share data with the following processors, solely to operate the Service:

• Groq — a third-party AI provider that helps process your voice messages.
• OpenAI — a third-party AI provider that helps generate the AI's conversational replies.
• Paddle.com Market Limited — our payment provider and Merchant of Record. Paddle processes your payment, calculates and remits applicable sales tax/VAT, and may use your billing details for fraud prevention and invoicing in accordance with Paddle's own Privacy Policy.
• Vercel — hosts the web application you are using.
• Render — hosts our backend API and real-time conversation service.
• Neon — hosts our Postgres database (account, conversation, and message records), located in the EU (Frankfurt).
• Our email-sending provider — delivers account emails (verification, password reset). Used solely to send those emails; not used for marketing.

We do not currently use any third-party analytics or error-tracking tools. This Policy will be updated before we add any.

We use strictly necessary, httpOnly cookies to keep you signed in: a short-lived access-token cookie and a longer-lived refresh-token cookie. These are not used for advertising or cross-site tracking. We do not currently use third-party analytics or advertising cookies; this Policy will be updated if that changes.

We keep your account and conversation data for as long as your account is active. If you delete a conversation, that conversation and its messages are permanently deleted immediately. If you delete your account, your profile, conversations, and messages are permanently deleted from our database. Some records (e.g., billing history) may be retained by Paddle as required by law.

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can:

• View and update your profile from account settings.
• Delete your account and all associated data at any time from account settings.
• Contact us at privacy@n-glish.com for any other request, including data export.

We use industry-standard measures (password hashing, encrypted connections, hashed session tokens) to protect your data, but no system is 100% secure.

Our team and infrastructure may be located outside your country. By using the Service, you consent to your data being processed in those locations, including by the third parties listed in Section 5.

The Service is not directed at children under 16. We do not knowingly collect data from children under that age.

We may update this Policy from time to time. We will update the "Last updated" date above when we do.

Questions about this Policy? Contact us at privacy@n-glish.com.