Privacy Policy

Last Updated: October 24, 2025

1. Data Controller Information

Data Controller: Erminai Oy (ID: 3571359-6)

Contact Email: connect+privacy@kielo.app

Support Email: connect+support@kielo.app

EU Representative: To be appointed if required under Article 27 GDPR

2. Introduction

Welcome to Kielo ("we," "our," or "us"). We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App").

By using our App, you consent to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access or use the App.

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

Contract Performance: To provide our language learning services and manage your account
Legitimate Interests: To improve our services, ensure security, and provide customer support
Consent: For optional features like push notifications and marketing communications
Legal Obligation: To comply with applicable laws and regulations

4. Information We Collect

4.1 Personal Data

Account Information: Email address, password (encrypted), display name
Social Login Data: If you register via Google/Apple: name, email, profile picture URL (we do not store your social media password)
Profile Information: Chosen learning language, daily goals, profile picture (optional)

4.2 Learning and Usage Data

Progress Data: Lessons completed, vocabulary learned, reading history, daily streaks
Session Data: Login times, feature usage patterns, app interactions
Device Token: Unique identifier for secure session management (not linked to device hardware)

4.3 AI Conversation Data

Voice Recordings: Temporarily processed for speech recognition, not stored long-term
Conversation Transcripts: Text records of practice sessions for service improvement and learning history
Performance Analytics: Anonymized data about conversation quality and learning effectiveness

4.4 Technical Data

Device Information: Device type, operating system version, app version, unique device identifiers (for app functionality and troubleshooting)
App Performance: Crash reports, error logs (anonymized)
Security Logs: Login attempts, security-related events
Network Data: IP address, connection type (for security and performance monitoring)

4.5 Subscription and Payment Data

Purchase History: Subscription status, purchase receipts, billing information (processed securely through app stores)
RevenueCat Data: Subscription management data handled by our payment processor (RevenueCat) for billing and subscription continuity

4.6 Permissions and Sensor Data

Microphone Access: Voice recordings for AI conversation practice (temporary processing, not stored)
Camera Access: Optional profile pictures and visual learning content
Push Notifications: Device tokens for sending learning reminders and app updates (can be disabled)

5. How We Use Your Information

5.1 Primary Purposes

Provide and maintain the language learning service
Create and manage your user account
Personalize your learning experience and track progress
Provide AI-powered conversation practice
Generate learning statistics and insights

5.2 Secondary Purposes

Improve and optimize our services through usage analysis
Provide customer support and respond to inquiries
Send service-related notifications and updates
Ensure security and prevent fraud
Comply with legal obligations

5.3 Marketing (With Consent Only)

Send promotional materials about new features
Provide learning tips and educational content
Send push notifications about learning goals (can be disabled)

6. Data Sharing and Third Parties

We do not sell your personal data. We may share your information in the following circumstances:

6.1 Service Providers

Cloud Hosting: Google Cloud Platform (EU region) for secure data storage
AI Services: Third-party AI providers for conversation features (data processed, not stored)
Analytics: Anonymized usage statistics for service improvement
Authentication: Google/Apple for social login (minimal data exchange)
Payment Processing: RevenueCat for subscription management and billing (handles payment data securely, we receive only subscription status and receipts)
App Store Services: Apple App Store and Google Play Store receive technical data for app distribution, crash reporting, and analytics

6.2 Legal Requirements

Compliance with court orders, subpoenas, or legal process
Protection of our rights, property, or safety
Investigation of potential violations of our Terms of Service

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, subject to the same privacy protections.

7. Data Retention

Data Type	Retention Period	Reason
Account Information	Until account deletion + 30 days	Service provision and security
Learning Progress	Until account deletion	Personalized learning experience
Conversation Transcripts	2 years or account deletion	Service improvement and learning history
Voice Recordings	24-48 hours (processing only)	Real-time speech recognition
Subscription Data	7 years (legal requirement) or account deletion	Tax compliance and subscription management
Device & Technical Data	2 years or account deletion	Security and service optimization
Support Communications	3 years after resolution	Legal compliance and quality assurance

8. Your Rights Under GDPR

As an EU data subject, you have the following rights:

8.1 Right of Access

Request a copy of your personal data we hold about you.

8.2 Right to Rectification

Request correction of inaccurate or incomplete personal data.

8.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data under certain circumstances.

8.4 Right to Restrict Processing

Request limitation of processing your personal data in specific situations.

8.5 Right to Data Portability

Request transfer of your data to another service provider in a machine-readable format.

8.6 Right to Object

Object to processing of your personal data for direct marketing or legitimate interests.

8.7 Right to Withdraw Consent

Withdraw consent for processing activities that require your consent.

8.8 Exercising Your Rights

To exercise any of these rights, contact us at connect+privacy@kielo.app. We will respond within one month of receiving your request.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

Encryption: Data encrypted in transit (TLS) and at rest (AES-256)
Access Controls: Role-based access with multi-factor authentication
Regular Audits: Security assessments and vulnerability testing
Data Minimization: We collect only necessary data for stated purposes
Staff Training: Regular privacy and security training for all personnel

While we implement strong security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but commit to promptly addressing any security incidents.

10. International Data Transfers

Your data is primarily stored within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure adequate protection through:

Adequacy decisions by the European Commission
Standard Contractual Clauses (SCCs)
Certification schemes or codes of conduct

11. Children's Privacy

Our services are not intended for children under 13 years old. We do not knowingly collect personal data from children under 13. If we become aware that we have collected such data, we will take steps to delete it promptly. Parents or guardians who believe we may have collected information from a child under 13 should contact us immediately.

12. Mobile App Permissions

Our mobile app requests certain permissions to provide core functionality. You can manage these permissions through your device settings:

Microphone: Required for AI conversation practice and speech recognition features
Camera: Optional for profile pictures and visual learning content
Notifications: Optional for learning reminders and app updates (can be disabled anytime)
Storage: For saving learning progress and offline content

We only access these permissions when you explicitly grant them and use the data solely for the stated purposes.

13. App Store Data Sharing

When you download and use our app through the Apple App Store or Google Play Store, certain data is automatically shared with the app stores for distribution and analytics purposes:

App installation and usage statistics
Crash reports and performance data
Device and operating system information
Purchase and subscription data (handled by app store payment systems)

This data sharing is required for app store compliance and cannot be disabled. Please refer to the app store's privacy policy for details on their data practices.

14. Cookies and Similar Technologies

We use cookies and similar technologies for:

Essential Cookies: Required for app functionality and security
Performance Cookies: Help us understand how users interact with our app
Functional Cookies: Remember your preferences and settings

You can manage cookie preferences through your device settings. Disabling certain cookies may limit app functionality.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will:

Post the updated policy on this page with a new "Last Updated" date
Notify users of material changes via email or in-app notification
Provide 30 days notice for significant changes affecting your rights

Your continued use of the App after changes take effect constitutes acceptance of the updated policy.

16. Supervisory Authority

If you are unsatisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority. For EU users, you can find your local authority at: https://edpb.europa.eu/about-edpb/board/members_en

17. Contact Information

For privacy-related questions, requests, or concerns, please contact us:

Privacy Email: connect+privacy@kielo.app
General Support: connect+support@kielo.app
Response Time: We aim to respond within 48 hours for general inquiries and within 30 days for formal GDPR requests