Privacy Policy

1. Information We Collect

We collect only what is needed to run the service:

• Account data: first name, email address, and the password hash (or the third-party identifier returned by Google or Apple sign-in).
• Learning data: the words you add or import, the collections you choose, your answers in practice sessions, streaks, and spaced-repetition state.
• Device and usage data: device type, operating system, app version, language, time zone, anonymized analytics events, and crash or error logs needed to keep the app working.
• Support content: the messages, attachments, and metadata you send through the in-app contact form.

2. How We Use Your Information

Your information is used exclusively for:

• Personalizing your profile, content, and learning experience.
• Managing your word bank, scheduling reviews, and tracking progress.
• Account recovery, security notifications, and abuse prevention.
• Generating learning content (definitions, examples, mnemonics, audio, images) for the words you study.

We do not sell your data. We do not use it for behavioral advertising. We do not profile you for any purpose unrelated to running the app.

3. Third-Party Processors

We share the minimum data necessary with vetted processors who act on our instructions:

• Google Generative AI (Gemini): we send the words you add (and limited learning context) to generate definitions, example sentences, mnemonics, and translations. We do not send your name, email, or account identifiers.
• Google Cloud Storage: stores generated images and audio for your words. Files are served over HTTPS and bound to your account.
• SendGrid (Twilio): sends transactional email — account verification, password reset, and replies to support requests. SendGrid receives your email address and the message contents.
• Authentication providers: Google and Apple sign-in receive only what is required to verify your identity and return a token. We never see your password for these accounts.
• Hosting and database providers: store the data described above on our behalf in encrypted form.
• Legal compliance: we may disclose information when required by law or in response to a valid request from a public authority.

4. Data Retention

We keep data only as long as we need it:

• Account and learning data: while your account is active, and for up to 30 days after you delete it (to recover from accidental deletion and meet legal obligations).
• Support messages: up to 24 months after the conversation ends.
• Crash, error, and security logs: up to 90 days.
• Anonymized analytics: indefinitely, in a form that cannot be linked back to you.

When the retention period ends, data is permanently deleted or irreversibly anonymized.

5. Data Security

We use industry-standard safeguards: HTTPS in transit, encryption at rest, hashed passwords, scoped access tokens, the principle of least privilege for staff access, and regular dependency and security reviews. No system is 100% secure — if a breach affects you, we will notify you as required by law.

6. Your Rights

Wherever you live, you can:

• Access: see the personal data we hold about you.
• Export: request a machine-readable copy of your account and learning data.
• Correct: update your profile information at any time.
• Delete: permanently delete your account and associated data from the profile screen, or by contacting us.
• Object or restrict: ask us to stop or limit specific types of processing.
• Complain: lodge a complaint with your local data-protection authority. EU/UK users can also contact their national supervisory authority; California residents have rights under the CCPA, including the right not to be discriminated against for exercising them.

We respond to verified requests within 30 days.

7. Children

Dopus is not directed to children under 13 (or under the digital-consent age in your country). If you believe a child has provided us with personal data without parental consent, contact us and we will delete it.

8. International Transfers

Our processors may store and process data in countries outside your own, including the United States and the European Union. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

9. Changes to This Policy

We may update this policy as the product evolves. We will post the new version on this page and update the revision date below. Material changes will be announced inside the app.

10. Contact

Questions or requests? Email shapirolev2@gmail.com. Lev, our founder, personally reviews every message about privacy.