Privacy policy

fluentwith is operated by an India-based individual sole-proprietorship. For the purposes of GDPR we are the data controller for the personal data described below. Contact: support@fluentwith.com.

• Account identity — name, email, profile image. Provided by Google when you sign in. We don't accept email/password accounts.
• Onboarding answers — your stated goal, native language (optional), and chosen difficulty level.
• Practice content — text of your conversations with the AI partner, the AI's replies, session reports, mistake records, generated drills, drill answers.
• Audio recordings — when you use Reading mode (read-aloud practice), your voice is recorded as a WebM/Opus blob and stored in your browser's IndexedDB on your device only. We do not upload these clips to our servers. See "Where the audio goes" below for details.
• Speaking telemetry — derived numbers: speaking time, words-per-minute, pitch variance, filler counts, intra-turn pause durations. Computed in your browser; we receive only the aggregates, not the raw audio.
• Server logs — IP address, user-agent string, route accessed, response time. Used for rate-limiting and abuse detection. Retained for 30 days.
• Analytics events (only if you accept the analytics cookies banner) — page views, which mode you started, button clicks. See "Cookies and analytics" below.

This is the part that matters most for a voice app. Two paths, depending on the mode:

• Reading practice (read-aloud) — your microphone is recorded as a WebM/Opus audio blob in your browser. The blob is saved to your browser's IndexedDB on your device so you can replay it on the report page. The blob is sent ONCE to our transcription provider (see below) to produce text, then used only by you. We never store, copy, or upload these blobs to our servers. Sign-out wipes the IndexedDB store.
• Conversation practice and drills — when you tap the mic, audio is recorded for the duration of your turn, sent ONCE to our transcription provider, the resulting text is saved to our database, and the audio blob is dropped from memory. We never store conversation/drill audio anywhere — not in your browser, not on our servers.

In neither case do we share your audio with anyone except the transcription provider, and only for the seconds it takes to produce a transcript.

We use the following processors. Each has its own privacy policy; we link them. We have a data processing agreement (DPA) where required.

• Google (OAuth + Authentication) — handles sign-in. Google receives a sign-in event but no other data from us. Google's use of data from your sign-in is governed by the Google Privacy Policy. Stored on our side: your Google email, name, profile image URL.
• Groq (speech-to-text via Whisper) — your audio recordings are sent to Groq for transcription. Groq retains audio only as needed to produce the transcript and per their privacy policy. API requests are not used to train models. We send: the audio file, model name, and language hint.
• Anthropic (Claude) — your conversation transcripts and session history are sent to Anthropic's Claude API to generate AI replies and end-of-session reports. Anthropic does not train on API content per their privacy policy. Data may be processed in regions outside your country.
• Cloudflare — content delivery, DDoS protection, and TLS termination for our domain. Cloudflare logs IP addresses, request paths, and timing for security purposes. Their privacy policy and GDPR posture cover their handling.
• Google Analytics 4 (optional) — page views, button clicks, mode selection. Only loaded after you accept analytics cookies via our consent banner. Configured with IP anonymization and no advertising features. Their privacy policy applies. You can opt out at any time on our cookies page.
• Email provider (transactional only) — we use SMTP via whichever provider we're configured with (e.g., Gmail SMTP, SendGrid, AWS SES) to send the welcome email and any future weekly summary emails. We send: your email address and the message body.
• Inngest (background jobs) — schedules and runs our personalization jobs (mistake extraction, profile refresh, account purge cron). Receives: your user ID and the event payload (e.g., a session ID to process). Their privacy policy.
• Postgres database — operated by us (or our managed-database provider, e.g., Aiven, Neon, Supabase, RDS). Stores account, sessions, transcripts, mistakes, drills, attempts.

• We don't sell your data — to anyone, ever.
• We don't use your conversations to train AI models. Neither do our processors, per their API terms.
• We don't serve advertising. We don't use ad-tech tracking pixels (Meta Pixel, TikTok Pixel, Google Ads, etc.).
• We don't share your data with brokers, scrapers, or affiliates.
• We don't fingerprint or cross-site track visitors.
• We don't require you to install anything outside your browser.

We use two categories of cookies:

• Strictly necessary (always on, no consent required): the auth session cookie set by Auth.js when you sign in. Without it, you can't stay signed in. Cleared on sign-out.
• Analytics (off by default, opt-in): Google Analytics 4 cookies (_ga, _ga_*) for page-view counting and basic funnel measurement. Loaded only after you click "Accept" on the cookie banner. You can change your choice any time on the cookies page.

We also use browser localStorage for non-cookie functional state: your difficulty preference, the dismissed-banner flag, and the voice-disclosure acknowledgment. These never leave your device.

We use browser IndexedDB to store Reading-mode audio clips on your device, as described above. Cleared on sign-out.

Account and practice data: kept on your account until you delete it. If you delete your account, we mark it for removal and hard-delete all related rows within 30 days (you can restore within those 30 days by signing back in). Backups are rotated within the same window.

Server logs: 30 days, then deleted.

Audio clips in your browser: until you sign out or clear browser storage. We don't control retention here — your browser does.

Our database is hosted with a managed Postgres provider in a region we choose for latency and availability. Third-party processors (Groq, Anthropic, Google, Cloudflare, Inngest) operate globally and may process data in regions outside your country, including the US and EU. Where required for GDPR transfers, we rely on the processor's Standard Contractual Clauses (SCCs) or equivalent transfer mechanism.

If you live in the EEA, UK, or Switzerland, you have the right to:

• Access — get a copy of your personal data. Use the export button on your account page for a JSON dump, or email us.
• Rectify — correct inaccurate data. Edit goal/language on your account page, or email us.
• Erase — delete your account and all related data. Account page → Delete. We hard-delete within 30 days.
• Restrict / object — ask us to stop processing for a specific purpose. Email us.
• Data portability — receive your data in a machine-readable format. The JSON export satisfies this.
• Withdraw consent — for analytics, do this any time on the cookies page.
• Lodge a complaint — with your local supervisory authority. UK users: ICO.

Our legal bases for processing under GDPR Article 6:

• Performance of a contract (Art 6(1)(b)) — to provide the practice service you signed up for.
• Legitimate interests (Art 6(1)(f)) — abuse prevention, security logs, service improvement.
• Consent (Art 6(1)(a)) — analytics cookies and any future marketing emails.

If you're in India, you have the right to:

• Access a summary of personal data being processed.
• Correct inaccurate or incomplete data.
• Erase data when it's no longer needed for the purpose collected.
• Withdraw consent at any time.
• Nominate someone to exercise these rights on your behalf in case of incapacity or death.
• Lodge a grievance with us first; if unresolved, with the Data Protection Board of India.

For grievance redressal under the DPDP Act, our designated contact is support@fluentwith.com. We will respond within the timeframes specified by the Act.

fluentwith is not intended for children under 13 (or under the digital-consent age in your jurisdiction; 16 in some EU countries). We don't knowingly collect data from children. If you believe a child has signed up, email us and we'll delete the account.

We use TLS for all connections, hash all session tokens, scope every database query to the authenticated user, and rate-limit our APIs. Passwords aren't a thing for us — Google handles authentication. We have a Content Security Policy that blocks third-party script injection. We keep dependencies current and run security audits before each release.

No system is perfectly secure. If you notice a vulnerability, email support@fluentwith.com with "security" in the subject line.

If we make a material change (new processor, new data category, change of legal basis), we will update the "Last updated" date at the top and email signed-up users at least 14 days before the change takes effect for ongoing data. Minor edits (typos, link fixes) are updated in place without notification.

Privacy questions, GDPR/DPDP requests, or anything else: support@fluentwith.com.