Privacy Policy
Last updated: 16 May 2026
1. Data Controller
The data controller responsible for the processing of your personal data within the meaning of Art. 4(7) of the EU General Data Protection Regulation (GDPR) is:
Guilherme Fares Ferreira
Eichborndamm 24
13403 Berlin, Germany
Email: cservice@linguaprova.com
Operating as a sole proprietorship; see Impressum for full provider identification.
A formally appointed Data Protection Officer is not required under Art. 37 GDPR for this processing. For all privacy-related questions or requests to exercise your rights, please use the contact details above.
2. Data We Collect
Account data: name, email address, and password (hashed — never stored in plain text).
Payment data: billing details are processed directly by Stripe and are not stored on our servers. We store only a Stripe customer ID and subscription status.
Usage data: exam attempts, answers, essay submissions, and AI grading results. This data is used to power your practice history and statistics.
Technical data: IP address, browser type, and logs generated by our infrastructure for security and debugging purposes.
3. How We Use Your Data
- To provide and improve the Service (legal basis: contract performance).
- To process payments and manage subscriptions (legal basis: contract performance).
- To send transactional emails such as payment confirmations and important account notices (legal basis: contract performance / legitimate interest).
- To comply with legal obligations (legal basis: legal obligation).
- To detect and prevent fraud or abuse (legal basis: legitimate interest).
4. Third-Party Processors
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, file storage | EU / USA |
| Stripe | Payment processing | USA (SCCs) |
| Brevo | Transactional email delivery | EU |
| Anthropic | AI essay grading | USA (SCCs) |
| Vercel | Web hosting, CDN and analytics | USA / EU (SCCs) |
| Cloudflare | DNS, email routing, edge security | USA / EU (SCCs) |
SCCs = Standard Contractual Clauses (Art. 46 GDPR-compliant transfer mechanism for processors outside the EU/EEA).
5. Data Retention
- Account and usage data: retained for the duration of your account plus 2 years.
- Payment records: retained for 7 years as required by tax law.
- You may request deletion of your account at any time (see Your Rights below).
6. Your Rights (GDPR)
If you are in the European Economic Area or UK, you have the right to:
- Access the personal data we hold about you.
- Rectification of inaccurate data.
- Erasure ("right to be forgotten"), subject to legal retention obligations.
- Restriction of processing in certain circumstances.
- Data portability — receive your data in a structured, machine-readable format.
- Objection to processing based on legitimate interest.
- Lodge a complaint with your local supervisory authority.
To exercise any right, email cservice@linguaprova.com. We will respond within 30 days.
The supervisory authority for our processing in Berlin is the Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI). You may also lodge a complaint with the data protection authority of your country of residence.
7. Cookies
We use strictly necessary cookies for authentication sessions (managed by Supabase) and locale preference. We do not use advertising or tracking cookies. No third-party analytics scripts are loaded.
8. Security
We use industry-standard measures including TLS encryption in transit, hashed passwords, and role-based access controls. Despite these measures, no system is 100% secure.
9. Children
The Service is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with data, contact us to have it removed.
10. Changes to This Policy
We may update this policy periodically. Material changes will be communicated by email at least 15 days before they take effect.