Privacy Policy
Last updated: 2026-05-10
This is the privacy policy for Polyglot, an AI-powered German language-learning app. We're a small, single-developer project, currently in invite-only beta. This page explains plainly what data we collect, where it goes, and what your rights are.
1. Who we are
Polyglot is operated by Gustavo Cabrera, an individual developer. Contact: hello@polyglot.app. The app is hosted on Cloudflare and uses OpenAI's APIs for some AI features.
2. What we collect
From your Google account (when you sign in)
- Your email address
- Your display name
- Your Google profile picture URL
- A stable Google ID used internally to identify your account
We never see or receive your Google password.
From your usage of the app
- Lessons you start and complete
- Exercise attempts (which exercise, what you picked, whether it was correct)
- Tier-test results
- Counts of AI requests per day per endpoint (for rate limiting)
- Voice-call duration in seconds (NOT the audio itself; we don't record voice)
- Standard server-side request metadata: IP address, timestamps, user-agent (kept transiently in Cloudflare logs only)
What we do NOT collect
- We don't record or store the audio of your voice calls.
- We don't store the content of your text chats long-term — chat messages are sent to the AI model in-flight and not persisted in our database.
- We don't use cookies for advertising or analytics tracking. The only cookie we set is your authentication session cookie.
- We don't share data with advertisers or data brokers. We don't have any.
3. Where the data goes
- Cloudflare — hosts the application and stores your account + activity in Cloudflare D1 (their managed SQLite). Cloudflare's privacy policy applies to data in transit through their network.
- Google — handles authentication only. Google sees that you signed into Polyglot, but does not see your activity in the app.
- OpenAI — processes some AI features (real-time voice conversation, speech-to-text, text-to-speech). Audio and text we send are governed by OpenAI's API data policy. According to OpenAI's current policy, API requests are not used to train their models.
- Cloudflare AI Gateway — sits between us and OpenAI for logging and caching. Requests pass through without additional retention beyond what Cloudflare logs.
- Cloudflare Workers AI — handles text moderation and some text-AI features without data ever leaving Cloudflare.
We don't sell your data to anyone, ever.
4. How long we keep it
Your account, lesson progress, and exercise attempts stay in our database until you delete your account. AI usage counts are aggregated by day and stay indefinitely (they're a tiny number per row and useful for understanding usage patterns).
Cloudflare's request logs (IP addresses, etc.) are subject to Cloudflare's own retention policy — typically a few hours to a few days for raw logs.
5. Your rights
You can:
- See your data — your profile and activity stats are visible in the app's Profile tab.
- Edit your name — Profile → Edit name.
- Reset your progress — Profile → Reset progress. This deletes all your lesson/exercise/test events but keeps your account.
- Delete your account — Profile → Delete account. This permanently removes your account and all related events from our database. You'll have to sign in again to come back.
- Request a data export — email hello@polyglot.app; we'll send you a JSON file with everything we have on you, usually within a few days.
6. Cookies
We set one cookie: a signed authentication session cookie. It's HTTP-only, Secure (over HTTPS), SameSite=Lax, and lasts 30 days. We don't use any third-party tracking cookies.
7. Changes to this policy
If we change anything material in this policy, we'll email you (using the address from your Google account) before the change takes effect. Minor edits — typo fixes, clarifications — will just be reflected here without notification.
8. Contact
Questions, concerns, or requests: hello@polyglot.app. We aim to respond within a few business days.