Privacy Policy

Personal Information

When you register for an account, we may collect:

• Name and email address
• Account credentials (password is encrypted)
• Profile information (target exam, current German level)
• Payment information (processed securely via Stripe)

Usage Data

We automatically collect information about how you use our platform:

• Learning progress and exercise completion
• Writing and speaking submissions (for AI feedback)
• Device information and browser type
• IP address and general location

We use the information we collect to:

• Provide and improve our AI-powered learning services
• Personalize your learning experience based on your level and goals
• Process payments and manage subscriptions
• Send important account notifications and updates
• Send marketing emails (only with your consent)
• Analyze usage patterns to improve our platform
• Provide customer support

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit using SSL/TLS
• Passwords are hashed and never stored in plain text
• Payment processing is handled by Stripe (PCI-DSS compliant)
• Regular security audits and updates
• Access controls and authentication for our team

We work with trusted third-party services to provide our platform:

• Supabase: Database and authentication
• Stripe: Payment processing
• OpenAI: AI-powered feedback and analysis
• Resend: Transactional emails
• Vercel: Website hosting

These providers have their own privacy policies and handle your data according to their terms.

If you are in the European Economic Area (EEA), you have the following rights:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data
• Portability: Receive your data in a portable format
• Objection: Object to processing of your data
• Withdraw Consent: Withdraw consent for marketing emails

To exercise these rights, contact us at privacy@certilang.com.

We retain your personal data for as long as your account is active or as needed to provide services. If you delete your account:

• Your personal data will be deleted within 30 days
• Some anonymized data may be retained for analytics
• Legal and financial records may be kept as required by law

If you have questions about this Privacy Policy or how we handle your data, please contact us:

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this page periodically.