Privacy Policy
Last Updated: August 11, 2025
EU Users: This Privacy Policy complies with the General
Data Protection Regulation (GDPR). As a data subject, you have specific
rights regarding your personal data, including the right to access,
rectify, erase, restrict processing, data portability, and to object to
processing.
1. Data Controller Information
2. Introduction
Welcome to Kielo ("we," "our," or "us"). We are committed to protecting
your privacy and complying with applicable data protection laws,
including the General Data Protection Regulation (GDPR). This Privacy
Policy explains how we collect, use, disclose, and safeguard your
information when you use our mobile application (the "App").
By using our App, you consent to the collection and use of information
in accordance with this policy. If you do not agree with the terms of
this privacy policy, please do not access or use the App.
3. Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds:
-
Contract Performance: To provide our language
learning services and manage your account
-
Legitimate Interests: To improve our services, ensure
security, and provide customer support
-
Consent: For optional features like push
notifications and marketing communications
-
Legal Obligation: To comply with applicable laws and
regulations
4. Information We Collect
4.1 Personal Data
-
Account Information: Email address, password
(encrypted), display name
-
Social Login Data: If you register via Google/Apple:
name, email, profile picture URL (we do not store your social media
password)
-
Profile Information: Chosen learning language, daily
goals, profile picture (optional)
4.2 Learning and Usage Data
-
Progress Data: Lessons completed, vocabulary learned,
reading history, daily streaks
-
Session Data: Login times, feature usage patterns,
app interactions
-
Device Token: Unique identifier for secure session
management (not linked to device hardware)
4.3 AI Conversation Data
-
Voice Recordings: Temporarily processed for speech
recognition, not stored long-term
-
Conversation Transcripts: Text records of practice
sessions for service improvement and learning history
-
Performance Analytics: Anonymized data about
conversation quality and learning effectiveness
4.4 Technical Data
-
App Performance: Crash reports, error logs
(anonymized)
-
Security Logs: Login attempts, security-related
events
5. How We Use Your Information
5.1 Primary Purposes
- Provide and maintain the language learning service
- Create and manage your user account
- Personalize your learning experience and track progress
- Provide AI-powered conversation practice
- Generate learning statistics and insights
5.2 Secondary Purposes
- Improve and optimize our services through usage analysis
- Provide customer support and respond to inquiries
- Send service-related notifications and updates
- Ensure security and prevent fraud
- Comply with legal obligations
5.3 Marketing (With Consent Only)
- Send promotional materials about new features
- Provide learning tips and educational content
- Send push notifications about learning goals (can be disabled)
6. Data Sharing and Third Parties
We do not sell your personal data. We may share your information in the
following circumstances:
6.1 Service Providers
-
Cloud Hosting: Google Cloud Platform (EU region) for
secure data storage
-
AI Services: Third-party AI providers for
conversation features (data processed, not stored)
-
Analytics: Anonymized usage statistics for service
improvement
-
Authentication: Google/Apple for social login
(minimal data exchange)
6.2 Legal Requirements
- Compliance with court orders, subpoenas, or legal process
- Protection of our rights, property, or safety
- Investigation of potential violations of our Terms of Service
6.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your
information may be transferred as part of the transaction, subject to
the same privacy protections.
7. Data Retention
| Data Type |
Retention Period |
Reason |
| Account Information |
Until account deletion + 30 days |
Service provision and security |
| Learning Progress |
Until account deletion |
Personalized learning experience |
| Conversation Transcripts |
2 years or account deletion |
Service improvement and learning history |
| Voice Recordings |
24-48 hours (processing only) |
Real-time speech recognition |
| Support Communications |
3 years after resolution |
Legal compliance and quality assurance |
8. Your Rights Under GDPR
As an EU data subject, you have the following rights:
8.1 Right of Access
Request a copy of your personal data we hold about you.
8.2 Right to Rectification
Request correction of inaccurate or incomplete personal data.
8.3 Right to Erasure ("Right to be Forgotten")
Request deletion of your personal data under certain circumstances.
8.4 Right to Restrict Processing
Request limitation of processing your personal data in specific
situations.
8.5 Right to Data Portability
Request transfer of your data to another service provider in a
machine-readable format.
8.6 Right to Object
Object to processing of your personal data for direct marketing or
legitimate interests.
8.7 Right to Withdraw Consent
Withdraw consent for processing activities that require your consent.
8.8 Exercising Your Rights
To exercise any of these rights, contact us at
connect+privacy@kielo.app. We will respond within one month of receiving your request.
9. Data Security
We implement appropriate technical and organizational measures to
protect your personal data:
-
Encryption: Data encrypted in transit (TLS) and at
rest (AES-256)
-
Access Controls: Role-based access with multi-factor
authentication
-
Regular Audits: Security assessments and
vulnerability testing
-
Data Minimization: We collect only necessary data for
stated purposes
-
Staff Training: Regular privacy and security training
for all personnel
While we implement strong security measures, no method of transmission
or storage is 100% secure. We cannot guarantee absolute security but
commit to promptly addressing any security incidents.
10. International Data Transfers
Your data is primarily stored within the European Economic Area (EEA).
If we transfer data outside the EEA, we ensure adequate protection
through:
- Adequacy decisions by the European Commission
- Standard Contractual Clauses (SCCs)
- Certification schemes or codes of conduct
11. Children's Privacy
Our services are not intended for children under 13 years old. We do not
knowingly collect personal data from children under 13. If we become
aware that we have collected such data, we will take steps to delete it
promptly. Parents or guardians who believe we may have collected
information from a child under 13 should contact us immediately.
12. Cookies and Similar Technologies
We use cookies and similar technologies for:
-
Essential Cookies: Required for app functionality and
security
-
Performance Cookies: Help us understand how users
interact with our app
-
Functional Cookies: Remember your preferences and
settings
You can manage cookie preferences through your device settings.
Disabling certain cookies may limit app functionality.
13. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our
practices or legal requirements. We will:
-
Post the updated policy on this page with a new "Last Updated" date
-
Notify users of material changes via email or in-app notification
-
Provide 30 days notice for significant changes affecting your rights
Your continued use of the App after changes take effect constitutes
acceptance of the updated policy.
14. Supervisory Authority
If you are unsatisfied with our response to your privacy concerns, you
have the right to lodge a complaint with your local data protection
supervisory authority. For EU users, you can find your local authority
at:
https://edpb.europa.eu/about-edpb/board/members_en
15. Contact Information
For privacy-related questions, requests, or concerns, please contact us:
