PRIVACY POLICY

This Privacy Policy explains how independent developer Serhii Chertkov (hereinafter the "Developer", "we") collects, uses, and protects your personal information when using the mobile application "English Notes" (EduScar) (hereinafter the "Application").

We respect your privacy. We do not sell your personal data to data brokers or third-party advertising agencies.

1. INFORMATION WE COLLECT

We collect the minimum necessary amount of data to ensure the operation of the Application:

1.1. Data provided by you:

• Registration Data: Name, email address, and unique user identifier (UID) obtained during registration via Apple, Google, or Email (using Firebase Authentication).
• Profile Data: Nickname, selected English level, learning goals, pace, and native language.

1.2. Data collected automatically:

• Analytics and Usage: Information about completed tests, number of added words, statistics on spaced repetition (FSRS), and session times.
• Technical Data: OS version, Application version, time zone, device language, anonymized Device ID, and IP address.
• Push Notifications: Firebase Cloud Messaging (FCM) and Apple Push Notification service (APNs) tokens to send you study reminders.

1.3. Local and Synchronized Data:

Your personal text notes and added words are stored locally on your device.

To ensure the safety of your information and allow access from different devices, the Application may perform automatic backups and synchronization of this data with our secure cloud servers.

2. HOW WE USE YOUR INFORMATION

2.1. We use the collected data solely for the following purposes:

• Ensuring the operation of algorithms and personalization of tests.
• Synchronizing your data, profile, and progress between devices.
• Sending transactional emails (e.g., password resets), as well as informational and marketing email newsletters (e.g., weekly statistics or Application news), if you have given explicit consent in the profile settings. You may opt-out of marketing mailings at any time via Application settings or the "Unsubscribe" link in the email itself.
• Sending push notifications (study reminders, achievements), if you have given consent.
• Analyzing crashes (Crashlytics) and improving user experience using our own analytical system.

2.2. The texts of your personal notes and added words are processed by the Application automatically.

Developer access to your entries may be carried out solely for technical purposes (e.g., to fix a database error upon your request to support).

The Developer may also analyze words you have added in a strictly anonymized form (without association with your account) to understand general learning trends and improve the Application's dictionaries.

3. THIRD-PARTY SERVICES

3.1. As the Application is maintained by an independent developer, we use reliable third-party cloud services (BaaS) for data processing:

• Google (Firebase): For user authentication (Firebase Auth), sending notifications (FCM), and collecting basic crash analytics.
• Apple: For authorization (Sign in with Apple).
• Cloudflare: For secure routing of analytical data and profile synchronization.
• Resend: For secure sending of transactional emails (password reset, account confirmation), as well as informational and marketing newsletters (subject to your consent).

These providers comply with strict international security standards (GDPR, CCPA) and process data only according to our instructions.

3.2. Cross-border Data Transfer: As we use international cloud services (Google, Cloudflare, Resend), your information may be transferred to and processed on servers located outside your country of residence (including the USA). By using the Application, you consent to such transfer.

4. DATA SECURITY

4.1. Cloud Infrastructure and Certificates: All data transmitted for synchronization and analytics is processed and stored using Cloudflare's advanced cloud infrastructure.

Network requests are protected by HTTPS encryption protocol and authorization tokens.

Cloudflare's infrastructure regularly undergoes independent audits and possesses leading international security and privacy certificates, ensuring the protection of your data at the highest industry standards. Cloudflare’s certifications include:

• ISO/IEC 27001 (Information Security Management Standard) - Read more
• ISO/IEC 27701 (Privacy Information Management Standard) - Read more
• ISO/IEC 27018 (Protection of Personal Data in the Cloud) - Read more
• SOC 2 Type II - Read more
• Full compliance with GDPR (Read more) and CCPA (Read more)

4.2. Despite using advanced protection technologies, no method of transmission over the Internet or electronic storage is 100% secure. The Developer makes all reasonable efforts to protect your personal information but cannot guarantee its absolute security against cyberattacks outside of our control.

5. DATA STORAGE AND DELETION

We store your data as long as your account is active.

Account Deletion: You can fully delete your account at any time directly in the Application (Profile -> Personal Data -> Delete Account).

Upon initiating deletion:

• Your account and data are immediately removed from Firebase Auth.
• Your profile and data are removed from our servers (Cloudflare).
• A local data wipe of all your words, notes, and test history occurs on the device.

Please note: deleted data is non-recoverable.

6. YOUR RIGHTS (GDPR / CCPA)

Depending on your jurisdiction, you have the right to:

• Request access to your personal data.
• Demand correction of inaccurate data.
• Demand full deletion of your data.
• Withdraw consent for push notifications (via your device settings).

To exercise your rights, you can use the built-in functions of the Application or contact us via email.

7. AGE RESTRICTIONS

The Application is intended exclusively for users over 16 years of age.

We do not intentionally collect, store, or process personal data of persons under 16. If you are a parent or guardian and believe your child has provided us with their data, please contact us, and we will immediately delete this information from all our servers and databases.

8. CHANGES TO THE POLICY

We may periodically update this Privacy Policy. In the event of significant changes, we will notify you through the Application.

Continued use of the Application after changes are made signifies your agreement with the new edition of the Policy.

9. CONTACTS

If you have questions, suggestions, or requests regarding your privacy, please contact us:

Developer: Serhii Chertkov
E-mail: [email protected]