Privacy Policy

Introduction

English FillnLearn ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and mobile application.

By using our service, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Personal Information

• Email address (for account creation and communication)
• Name (if provided during registration)
• Profile information you choose to share
• Payment information (processed securely through third-party payment processors)
• Plan selection and purchase history (1-month or lifetime plans)

Usage Information

• Exercise progress and performance data
• Learning preferences and settings
• Device information (type, operating system, browser)
• IP address and location data (for service optimization)
• Usage patterns and feature interactions

Cookies and Tracking

We use cookies and similar technologies to enhance your experience, remember your preferences, and analyze usage patterns. You can control cookie settings through your browser preferences.

Types of Cookies We Use

• Essential Cookies: Required for basic site functionality and authentication
• Analytics Cookies: Help us understand how users interact with our service (Google Analytics)
• Preference Cookies: Remember your settings and preferences
• Session Cookies: Temporary cookies that expire when you close your browser

You can disable cookies through your browser settings, but this may affect the functionality of our service.

How We Use Your Information

Primary Uses

• Provide and maintain our educational services
• Track your learning progress and personalize content
• Process payments and manage plan access
• Send important updates about your account or our services
• Improve our platform through analytics and user feedback
• Ensure security and prevent fraud
• Comply with legal obligations

Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on the following legal grounds:

• Contract Performance: To provide our educational services
• Legitimate Interest: To improve our services and prevent fraud
• Consent: For marketing communications and optional features
• Legal Obligation: To comply with applicable laws

Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• With your explicit consent
• With service providers who assist in our operations (under strict confidentiality agreements)
• To comply with legal requirements or court orders
• To protect our rights, property, or safety, or that of our users
• In connection with a business transfer or acquisition

Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication systems
• Secure data centers and infrastructure
• Employee training on data protection

Data Retention

We retain your personal information for different periods depending on the type of data and its purpose:

• Account Data: Retained while your account is active and for 30 days after deletion
• Payment Records: Retained for 7 years for tax and legal compliance
• Usage Analytics: Retained for 2 years in anonymized form
• Support Communications: Retained for 3 years
• Marketing Data: Retained until you opt out or for 2 years of inactivity

We may retain certain data longer if required by law or for legitimate business purposes.

Your Rights

You have the following rights regarding your personal information:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete information
• Erasure: Delete your account and associated data
• Portability: Export your data in a portable format
• Restriction: Limit how we process your data
• Objection: Opt out of certain data processing
• Withdraw Consent: Revoke consent for optional data processing

How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@englishfill.com with your request. We will respond within 30 days and may require identity verification.

For EU users, you also have the right to lodge a complaint with your local data protection authority.

Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours of discovery
• Provide details about the breach and potential impact
• Explain steps we are taking to address the issue
• Offer guidance on protective measures you can take
• Report to relevant authorities as required by law

We maintain comprehensive security monitoring and incident response procedures to minimize the risk of data breaches.

Third-Party Services

Our service integrates with third-party providers for essential functions:

• Supabase: Database and authentication services (data stored in secure cloud infrastructure)
• Paddle: Payment processing and plan management (PCI DSS compliant)
• Vercel: Hosting and deployment services (global CDN and edge computing)
• Google Analytics: Website analytics (anonymized data, IP anonymization enabled)

Data Processing Agreements

We have data processing agreements with all third-party providers to ensure they:

• Process your data only as instructed by us
• Implement appropriate security measures
• Notify us of any data breaches
• Delete your data when no longer needed

These providers have their own privacy policies and data practices. We encourage you to review their policies.

Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us to have it removed.

Marketing Communications

We may send you marketing communications about our services, new features, and educational content. You can opt out at any time by:

• Clicking the unsubscribe link in any marketing email
• Updating your preferences in your account settings
• Contacting us at privacy@englishfill.com

We will still send you important service-related communications (account updates, security notices, etc.) even if you opt out of marketing communications.

International Users

If you are accessing our service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated.

GDPR Compliance (EU Users)

For users in the European Union, we comply with the General Data Protection Regulation (GDPR). This includes:

• Obtaining clear consent for data processing
• Providing detailed information about data processing
• Implementing appropriate security measures
• Honoring your data protection rights
• Using standard contractual clauses for international transfers

Data Transfers

When we transfer your data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses and adequacy decisions where applicable.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: