Vesily logo squareVesily logo horizontal

Privacy Policy

Application Owner and Data Controller

The application owner and data controller is: Wojciech Krajewski, Wrocław, Poland; [email protected].

Introduction

Your privacy matters. This Privacy Policy explains what data is collected when you use the application, why it is collected, how it is processed, and what rights you have. The goal is to make everything transparent, respectful, and easy to understand.

Data We Collect

When you use the application, certain types of data may be collected:

  • Learning progress - including correct and incorrect answers, so that the application can adapt the learning process to your level.
  • Voice data - if you participate in speaking exercises, your voice is temporarily processed to check whether a sentence was pronounced correctly. Please note that the recording is processed immediately and automatically deleted; it is never stored permanently. This data is considered sensitive (biometric data) and is processed solely based on your explicit consent.
  • Payment data - information necessary to complete a payment if you purchase access to part or all of the service.
  • Email address - used for communication, account management, and access to the application.
  • Usage data - technical logs, statistics, and information on how the application is used, which helps us improve the service.

Purpose and Legal Basis for Data Processing

Your data is processed for the following purposes and under the following legal bases:

  • (a) personalized learning process (adaptation of content) relies on learning progress and usage data. The legal basis for this processing is the Performance of a contract (Art. 6(1)(b) GDPR), as this is necessary to deliver the core service of the application;
  • (b) access to paid features and account management requires your email address and payment data. The processing is based on the Performance of a contract (Art. 6(1)(b) GDPR), which is essential for fulfilling the commercial agreement;
  • (c) checking pronunciation (voice exercises) involves Voice data. Since this data is considered sensitive (biometric data), its processing is based on your Explicit consent (Art. 9(2)(a) GDPR). Please note that you may withdraw this consent at any time without affecting the lawfulness of processing before the withdrawal;
  • (d) application functioning and improvement (Analytics and Bug fixing) utilizes Usage data. This processing is carried out based on the Legitimate interests of the controller (Art. 6(1)(f) GDPR), specifically to ensure the security, stability, and continuous enhancement of the application's performance;
  • (e) marketing communication (if applicable) uses your Email address. The legal basis will be either your Consent (Art. 6(1)(a) GDPR) or the Legitimate interests of the controller (Art. 6(1)(f) GDPR), subject to the specific requirements of local marketing laws.

Information obligation: providing your data is a contractual requirement necessary to use the application. Failure to provide the required data (e.g., email, payment details for paid features) makes it impossible to provide the service.

Sharing Data with Third Parties and International Data Transfer

Some of your data may be shared with trusted third-party service providers, including:

  • Google Analytics - for anonymous usage statistics and analytics.
  • ChatGPT (Open AI) and Gemini (Google) - for anonymous content generation and language-related analysis. The data shared with these entities for analysis is aggregated and anonymized whenever possible.
  • Payment processing companies - to securely process transactions.

These providers process data only as necessary to deliver their services.

International Data Transfer (transfer outside the EEA):

  • your data may be transferred to third countries outside the European Economic Area (EEA), specifically to the United States (US), where service providers such as Google and Open AI are located;
  • the transfer of data to the US is secured by implementing appropriate safeguards, such as the Standard Contractual Clauses (SCC) approved by the European Commission, which contractually guarantee a level of personal data protection equivalent to that required by GDPR.

Cookies

The application uses cookies to: (a) maintain your session and save your preferences; (b) collect anonymous usage statistics through Google Analytics.

Processing of non-essential cookies requires your prior explicit consent (consent banner).

You can manage or disable cookies in your browser or operating system settings, but this may affect some features of the application.

Data Retention

Personal data is kept only as long as necessary to fulfill the purposes for which it was collected. Criteria for determining the retention period include the duration of the user's account, the need to comply with legal obligations (e.g., tax law), and the necessity of data retention for resolving potential disputes. If processing is based on your consent, you may withdraw that consent at any time. The withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal. Upon withdrawal, your data will be deleted, unless legal obligations require its further retention.

Your Rights

You have rights regarding your personal data, including the right to: (a) access the data we hold about you (Art. 15 GDPR); (b) correct any inaccurate data (Art. 16 GDPR); (c) request deletion of your data ("right to be forgotten"; this right is fully realized when you choose to delete your user account.) (Art. 17 GDPR); (d) restrict how your data is processed (Art. 18 GDPR); (e) object to the processing of your data (Art. 21 GDPR), particularly to processing based on legitimate interests; (f) request transfer of your data to another provider (data portability) (Art. 20 GDPR); (g) withdraw consent at any time (if processing is based on consent).

Right to lodge a complaint: you also have the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office.

We are committed to supporting you in exercising these rights.

Data Security and Governing Law

Technical and organizational measures are in place to protect your data against unauthorized access, loss, or disclosure. Security is taken seriously to safeguard your information.

Updates to This Policy

This Privacy Policy may be updated from time to time. The current version will always be available within the application. Updates are made with transparency and your best interest in mind.

Governing Law

This Privacy Policy is governed by Polish law, in particular by the General Data Protection Regulation (GDPR) of the European Union. For users residing outside the European Economic Area, we strive to comply with their national privacy laws to the extent that these laws impose higher obligations on us than the GDPR.