Privacy Policy

Last updated: April 7, 2026 Effective date: April 7, 2026

This Privacy Policy describes how Laguagus ("we," "us," or "our") collects, uses, and shares information when you use our mobile application ("Laguagus" or the "App"). By using Laguagus, you agree to the practices described in this policy.

Data Controller Rentprog Unipessoal Lda Estrada Nacional 2, 7, Carvoeira, 3360-179 Penacova, Portugal NIPC: 519104528 Email: privacy@laguagus.app

1. Our Privacy Philosophy

Laguagus is built with privacy as a core principle:

We do not collect names, phone numbers, or email addresses directly from you. Authentication is anonymous by default.
We do not sell your data. Ever.
We do not use advertising trackers, marketing pixels, or third-party ad networks.
We do not profile you for advertising purposes.
Your learning content stays on your device unless you are a Pro subscriber who has enabled Cloud Sync.
Analytics are opt-in. You decide during onboarding whether to share anonymous usage statistics.

2. Information We Collect

2.1 Information You Provide

When you use Laguagus, you provide:

Learning preferences: native language, target language(s), CEFR level, daily study goal, interests, motivations
Cards and decks: text content you create or generate, including vocabulary, phrases, translations, and tags
Settings: theme, reminder time, notification preferences
Review history: which cards you studied, when, and your self-assessed difficulty ratings

This content is stored locally on your device in a SQLite database. Pro subscribers who enable Cloud Sync also have this content synchronized to our servers (see Section 4).

2.2 Information Collected Automatically

When you use Laguagus, we automatically collect:

Anonymous identifiers:

Device ID: a randomly generated UUID stored locally on your device, used to link your anonymous account to our backend. This is not derived from any hardware identifier.
User ID: a randomly generated UUID created when you first open the app.

Device information:

Platform (iOS or Android)
Operating system version
Application version
Device model
Language and locale settings

Log and usage data:

IP address (used only transiently for rate limiting and security; not stored in databases)
Feature interactions (which screens you open, which cards types you create)
Session duration
Performance metrics (API response times, app load times)
Error and crash logs

Subscription data:

Subscription status (Free or Pro)
Product purchased (monthly or annual)
Purchase and expiration dates

Payment information (credit card numbers, billing addresses) is handled exclusively by Apple App Store and Google Play. We never see or store your payment details.

2.3 Information We Do Not Collect

We do not collect:

Names, phone numbers, email addresses (unless you voluntarily sign in with Apple or Google — see Section 5)
Postal addresses
Precise location or GPS data
Contacts, calendar, or photos
Biometric data
Advertising identifiers (IDFA, AAID)
Browsing history outside our app
Social media accounts

3. How We Use Information

We use the information described above to:

Provide the service: display your decks, schedule reviews, generate AI content, synchronize across devices
Process subscriptions: validate your Pro status through Apple/Google/RevenueCat
Improve the app: analyze anonymous usage patterns to identify bugs and popular features (only with your consent — see Section 6)
Fix crashes and errors: diagnose and resolve technical issues (legitimate interest)
Enforce fair use: prevent abuse of free-tier quotas and rate limits
Comply with legal obligations

We do not use your information for:

Advertising or marketing to third parties
Selling or renting to data brokers
Building profiles for ad targeting
Training AI models (your card content is not used to train models)

4. Cloud Sync (Pro Subscribers Only)

If you are a Pro subscriber and have enabled Cloud Sync in Settings, your learning content (decks, cards, review history, settings) is synchronized to our servers via Cloudflare infrastructure. This enables you to access your data on multiple devices.

What is synced:

Decks (name, color, settings)
Cards (front, back, transcription, tags, extra fields)
SRS state (due dates, ease factor, interval, lapses)
Review history
User settings and preferences

What is NOT synced:

Locally generated audio files (TTS cache)
Ephemeral cards
Temporary UI state

Storage location: Cloudflare D1 databases, primarily hosted in EU regions. Cloudflare operates a global edge network; data may be cached in multiple regions for performance but is primarily stored in EU.

Encryption: Data is encrypted in transit (TLS 1.3) and at rest (Cloudflare default encryption).

Retention: Synced data is retained until you delete your account or cancel your Pro subscription. If you cancel Pro, sync stops but local data remains on your device.

Free users' data is never uploaded to our servers.

5. Optional Account Linking (Sign in with Apple / Google)

If you choose to link your Laguagus account to Apple or Google (available in Settings for Pro subscribers who want to restore their data on a new device), we receive:

Apple Sign-In: an anonymous user identifier and, optionally, your email. If you use "Hide My Email," we only receive a relay address.
Google Sign-In: an anonymous user identifier and your email address.

We store only:

The provider user ID (hashed)
An SHA-256 hash of your email (for deduplication across devices)

We never store:

Your name
Your profile picture
Your password (we never see it)

Account linking is optional. You can use Laguagus fully without ever linking an Apple or Google account.

6. Analytics and Error Tracking

6.1 Product Analytics (Opt-In)

During onboarding, we ask whether you consent to anonymous usage analytics. If you accept:

We use Honeybadger Insights to collect anonymous events such as "onboarding completed," "study session started," "card rated"
Events include only anonymous identifiers (your random userId) and non-identifying metadata
No card content, no text you type, no personal information

If you decline or later disable analytics in Settings, we stop collecting these events.

Third party: Honeybadger (https://www.honeybadger.io/), processed in US.

6.2 Crash Reporting (Legitimate Interest)

We use Rollbar to collect crash reports and error logs automatically. This is necessary to keep the app stable and secure, and qualifies as legitimate interest under GDPR Article 6(1)(f).

Crash reports include:

Stack traces and error messages
Device type, OS version, app version
Breadcrumbs (recent non-sensitive actions before the crash)

Crash reports are automatically filtered before transmission to remove:

Card text (front, back, transcription)
User input text
API request bodies containing user content

Third party: Rollbar (https://rollbar.com/), processed in US.

You cannot opt out of crash reporting because it is essential for app security and stability. Reports contain no personal identifiers you provided.

7. AI Services

Laguagus uses AI to generate flashcards, translations, and (for Pro subscribers) images. When you use AI features:

Anthropic Claude is used for text generation. We send your chosen topic and card parameters to Anthropic through our secure backend proxy. Anthropic does not train models on our API traffic per their data usage policy.
Replicate / fal.ai (Pro only, Phase 3.5) is used for image generation. Only the word you want to illustrate is sent, not any personal data.
OpenAI (Pro only, Phase 3+) will be used for text-to-speech and speech-to-text for listening cards and pronunciation practice.

We do not send:

Your name, email, or any identifier
Your complete card library
Your progress data or history

All AI API calls route through our backend proxy (api.laguagus.app) hosted on Cloudflare Workers. Your API keys are never exposed to the client.

8. Third Parties We Share Data With

We share limited data with the following providers:

Provider	Purpose	Data shared	Location
Apple App Store	Payment processing	Purchase events	Apple infrastructure
Google Play	Payment processing	Purchase events	Google infrastructure
RevenueCat	Subscription management	Anonymous userId, subscription status	US
Cloudflare	Infrastructure (backend, CDN)	All API requests	Global (primarily EU)
Anthropic	AI text generation	Topic, generation parameters	US
Replicate / fal.ai	AI image generation (Pro, Phase 3.5)	Word to illustrate	US
OpenAI	TTS / Speech recognition (Pro, Phase 3+)	Text or audio	US
Rollbar	Crash reporting	Error logs, device info	US
Honeybadger	Product analytics (opt-in)	Anonymous usage events	US

We do not share data with:

Advertising networks
Data brokers
Marketing partners
Social media platforms

9. International Data Transfers

Laguagus operates from Portugal (EU). Some of our service providers are located in the United States. When your data is transferred outside the EU:

We rely on Standard Contractual Clauses (SCCs) approved by the European Commission
We use providers that are compliant with EU-US Data Privacy Framework where applicable
We minimize the data shared to only what is necessary for the service

10. Data Retention

Local data on your device: retained as long as the app is installed. Deleting the app removes all local data.
Cloud Sync data (Pro): retained until you delete your account or cancel Pro subscription. After cancellation, synced data is retained for 30 days as a grace period, then permanently deleted.
Anonymous account: retained indefinitely unless you delete it. Inactive accounts (no sessions for 2 years) are automatically deleted along with all associated data.
Crash logs: retained by Rollbar for 180 days, then automatically deleted.
Analytics events: retained by Honeybadger for 12 months, then aggregated and anonymized.
Subscription data: retained for 7 years as required by tax and accounting laws in Portugal.

11. Your Rights

Under the GDPR and applicable laws, you have the following rights:

Right of access: you can request a copy of all data we hold about you
Right to rectification: you can correct inaccurate data
Right to erasure (right to be forgotten): you can delete your account and all associated data
Right to restrict processing: you can ask us to limit how we use your data
Right to data portability: you can export your data in a machine-readable format (JSON)
Right to object: you can object to processing based on legitimate interest
Right to withdraw consent: you can revoke analytics consent at any time
Right to lodge a complaint: you can contact the Portuguese Data Protection Authority (CNPD, www.cnpd.pt)

How to exercise your rights:

Delete account: Settings → Account → Delete Account (inside the app)
Export data: Settings → Data → Export All Data (inside the app)
Toggle analytics: Settings → Privacy → Analytics toggle
Other requests: email privacy@laguagus.app

We respond to all requests within 30 days.

12. Children's Privacy

Laguagus is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at privacy@laguagus.app and we will delete it immediately.

For users between 13 and 16 in the EU, parental consent may be required for analytics under GDPR. By default, analytics are disabled unless consent is explicitly given during onboarding.

13. Security

We implement industry-standard security measures:

Encryption in transit: TLS 1.3 for all API communications
Encryption at rest: Cloudflare default encryption for D1 databases and R2 storage
Authentication: HS256-signed JWT tokens with 7-day expiry
Rate limiting: per-user and per-IP limits to prevent abuse
Access controls: minimal service permissions, least-privilege principles
No password storage: we never store passwords because we don't use them (authentication is anonymous or through Apple/Google OAuth)
PII filtering: crash reports are filtered to remove sensitive content before transmission

Despite these measures, no system is 100% secure. We encourage users to keep their device's operating system and the Laguagus app updated.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we do:

The "Last updated" date at the top will change
Material changes will be announced in the app with an in-app notification
Continued use of Laguagus after changes constitutes acceptance of the updated policy

We archive previous versions upon request.

15. Contact Us

For privacy-related questions or to exercise your rights:

Email: privacy@laguagus.app Postal mail: Rentprog Unipessoal Lda, Estrada Nacional 2, 7, Carvoeira, 3360-179 Penacova, Portugal

Data Protection Authority (Portugal): Comissão Nacional de Proteção de Dados (CNPD) Av. D. Carlos I, 134, 1º 1200-651 Lisboa Portugal www.cnpd.pt

This Privacy Policy is provided in English. Translations to other languages are provided for convenience; in case of conflict, the English version prevails.