Privacy Policy

Effective date: January 1, 2026

1. General information

1. This Privacy Policy describes the rules for processing personal data of users of the BiteLang service/application (hereinafter: the “Service”).
2. The controller of personal data is Aslip Janusz Parfieniuk, VAT ID PL 543-1986-770 (hereinafter: the “Controller”). Contact: [email protected].
3. Personal data is processed in accordance with GDPR and other applicable laws.
4. This Policy applies to all Users of the Service.

2. Scope of collected data

1. The Controller may process the following categories of data:

A) Contact data

• email address,
• phone number (if provided).

B) Payment data

• data necessary to process payments – handled by external payment providers in accordance with their terms.

C) Technical data

• device data, IP address, device identifiers, login data,
• data collected to prevent abuse and protect the Account.

Purpose: legitimate interest of the Controller – ensuring the security of the Services.

D) Educational data

• data regarding language proficiency, answers in tests and exercises,
• information about progress, lesson history, and interactions with the system (including voice data or recordings – if the feature is available),
• data necessary for content personalization: name, age, gender (optional).

Purpose: performance of the contract and provision of personalized educational services.

E) Marketing data (with consent)

• marketing consents,
• email address for sending marketing content.

F) Statistical and analytical data

• data collected to improve the Service and analyze feature usage.

Purpose: legitimate interest of the Controller – development and operation of the Service.

3. Purposes and legal bases for data processing

Data is processed for the following purposes:

• providing services and performing the contract (Art. 6(1)(b) GDPR),
• analysis and personalization of the learning process (Art. 6(1)(b) and (f) GDPR),
• ensuring the security of Users and the Service (Art. 6(1)(f) GDPR),
• fulfilling legal obligations (Art. 6(1)(c) GDPR),
• direct marketing based on consent (Art. 6(1)(a) GDPR).

4. Data sharing

1. Data may be shared with entities cooperating with the Controller:

• payment providers,
• hosting and IT service providers,
• analytics and marketing tool providers,
• entities authorized under applicable law.

2. These entities process data solely in accordance with data processing agreements and the Controller’s instructions.

5. Data transfers outside the EEA

1. Data may also be processed outside the European Economic Area if necessary to provide the Services.
2. The Controller ensures the use of GDPR-compliant mechanisms, such as standard contractual clauses.

6. User rights

The User has the right to:

• access their data,
• rectify their data,
• erase their data (“right to be forgotten”),
• restrict processing,
• data portability,
• object to data processing,
• withdraw consent at any time,
• lodge a complaint with a supervisory authority.

7. Data retention period

Data is stored:

• for the duration of the service agreement,
• until consent is withdrawn – for data processed based on consent,
• for the period required by law – for legal obligations.

Technical and statistical data may be stored for as long as necessary for analytical and security purposes.

8. Cookies and tracking technologies

1. The Service uses cookies to ensure proper operation and content personalization.
2. Users can manage cookies via browser settings. Limiting cookies may affect the functionality of the Service.

9. Data security

1. The Controller applies appropriate technical and organizational security measures, including encrypted data transmission protocols.
2. Data will not be processed in an automated manner producing legal effects concerning the User without their consent.

10. Final provisions

1. The Controller may update this Policy. The current version will be published in the Service.
2. Using the Service constitutes acceptance of this Policy.