Privacy Policy
Effective date: 22 April 2026. Last updated: 22 April 2026.
Summary
We collect your Google profile (name, email, avatar) when you sign in, the speech you submit during practice (transcribed to text on the fly — we don't store raw audio), and your learning progress (answers, reaction times, custom words). We use Google Analytics 4 for basic traffic measurement — you can decline analytics cookies on your first visit, or send a Global Privacy Control signal and we'll respect it. We don't sell your data, and we don't share it with advertisers. Ever.
1. Who We Are
Word Exchange Plaza is a free, browser-based language learning app operated by Outdoor Devs, a small studio that builds tools for language learners and cross-language communication. For the purposes of data-protection law, Outdoor Devs is the data controller for the service.
Contact for anything privacy-related: support@wordexchangeplaza.com. A real human reads those emails.
2. What We Collect
Account data (from Google OAuth)
When you sign in with Google, we receive and store: your name, your primary email address, your Google profile picture URL, and your Google subject ID (a stable numeric identifier Google uses for your account). We use Google's standard profile and email scopes — nothing more.
You can optionally add a display name, a short biography, and a city to your profile inside the app. If you do, those are stored too. You can delete them at any time from your account settings, or by emailing us.
Learning data
As you use the app, we record what you practice and how well you do, so the spaced-recall engine can bring words back at the right time. Specifically:
- Courses you enroll in and which course is currently selected.
- Individual answers: which word, which game mode, whether you got it right, how long it took you to respond (reaction time in milliseconds), and a timestamp.
- Aggregate progress counters: streaks, Elo rating, points, mastery levels, extinction states.
- Custom vocabulary you add, corrections you submit to existing content, and songs or madlibs you generate inside the app.
- Your chosen settings: native language, target language, daily goal, input mode, UI preferences.
- If you opt in to push notifications, the web-push endpoint and keys your browser provides.
Speech data
When you practice with your voice, your microphone audio is streamed over a secure WebSocket from your browser to our server, which immediately relays it to Deepgram (a US-based speech-to-text provider). Deepgram returns a text transcript in near-real-time. That transcript is used to grade your answer.
We do not store the raw audio. It flows through the server and is discarded as soon as Deepgram has transcribed it. What gets written to the database is the answer log row described above — the transcript is used in the moment and then aggregated into "correct" or "incorrect" plus a reaction time. No voiceprint, no biometric profile, no audio file on disk.
Usage analytics
On the public marketing pages (homepage, about, blog, this page) we use Google Analytics 4, measurement ID G-GFSF3MWT44. GA4 records standard web analytics: pageviews, referrer, approximate location (country and region), browser, operating system, and screen size. GA4 anonymizes IP addresses by default and we don't change that setting.
GA4 only fires after you grant consent via our cookie banner. We use Google Consent Mode v2, which means the tag loads in a cookieless "denied" mode until you opt in. If you never click "Accept," no analytics cookies are ever written to your browser.
Technical data
Every HTTP request hits our Cloudflare edge and then our origin server. Both layers log the request's IP address, user-agent string, timestamp, and path for the usual operational reasons — debugging, rate limiting, and abuse prevention. We retain these logs for 30 days and then delete them.
3. What We Don't Collect
- No raw microphone recordings. Audio is transcribed live and discarded.
- No payment information. The app is free during alpha and we have no billing system.
- No contacts list, address book, or calendar access.
- No device fingerprinting or advertising identifiers.
- No cross-site tracking pixels. There are no Meta, TikTok, LinkedIn, or ad-network tags anywhere on the site.
- No sale or sharing of your data with data brokers. There is no "do not sell my personal information" button here because there is nothing to opt out of.
4. Why We Process Your Data (Purposes & Legal Bases)
We process the data above for four reasons: to run the service (show you the right lessons, grade your answers, remember your progress), to measure usage in aggregate so we know what's working, to improve course content based on the patterns of mistakes we see, and to email you about your account if something important comes up.
If you are in the EU, UK, or EEA, our legal bases under GDPR are:
- Contract (Art. 6(1)(b)) — we need your account data and learning data to actually deliver the service you signed up for.
- Consent (Art. 6(1)(a)) — for Google Analytics cookies. Consent is freely given, specific, informed, and revocable at any time.
- Legitimate interest (Art. 6(1)(f)) — for security, rate limiting, abuse prevention, and short-term operational logging. We think a reasonable user would expect a web service to keep 30 days of access logs, and the data is minimized.
5. Third-Party Processors
We try to keep the stack small, but there are a few third parties in the loop. Here is everyone who touches your data on our behalf:
| Processor | Purpose | Data shared | Location |
|---|---|---|---|
| Google (OAuth, Fonts, Analytics) | Sign-in, font delivery, traffic analytics | Profile, email, avatar URL; pageview metadata after consent | Global / US |
| Deepgram | Live speech-to-text transcription | Streamed audio, discarded after transcription | US |
| ElevenLabs | Text-to-speech for course audio (server-side only) | No user data — only vocabulary we curate | US |
| Anthropic (Claude) | Course content generation (admin-triggered) | No user data — only prompts we write | US |
| Suno | Song generation when you use the music feature | Lyrics and prompt text you or the app generate — no account data | US |
| MongoDB (self-hosted) | Primary data store | All account and learning data | Canada |
| Redis (self-hosted) | Job queues for generation and extinction timers | Ephemeral processing data | Canada |
| Cloudflare | Edge CDN, TLS termination, security | Request IP, user-agent, path | Global |
ElevenLabs and Anthropic are included because we use them to build the courses — they never see anything about you. We list them for transparency, not because user data flows to them.
6. Cookies
We use two kinds of cookies, and we treat them differently:
- Essential cookies — a short-lived invite cookie during sign-up and a session identifier. These are strictly necessary to operate the site and do not require consent under ePrivacy rules. Your JWT auth token lives in your browser's memory, not a cookie, and is lost when you close the tab.
- Analytics cookies —
_gaand_ga_GFSF3MWT44from Google Analytics 4. These are only set after you click "Accept" on our cookie banner. Before that, Consent Mode v2 keeps GA4 in a cookieless "denied" mode.
You can change your mind any time by clearing your cookies and returning to the site — the banner will ask again.
7. Data Retention
| Data | How long we keep it |
|---|---|
| Account data (profile, email, settings) | Until you delete your account |
| Learning logs (answers, reaction times, Elo) | Indefinitely while the account is active — they drive the spaced-recall engine. Deleted with the account. |
| Speech transcripts | Attached to the answer log — same lifetime as the answer log. |
| Raw audio | Never stored. Discarded after live transcription. |
| Server and Cloudflare edge logs | 30 days, then purged. |
| Google Analytics event data | 14 months (GA4 default retention). |
8. Your Rights
Depending on where you live, you have the right to access the data we hold about you, correct it, delete it, export it in a portable format, object to certain processing, and withdraw any consent you have given. These rights exist under the EU/UK GDPR, Canada's PIPEDA, California's CCPA/CPRA, and similar laws in other places.
To exercise any of these rights, email support@wordexchangeplaza.com from the Google account you signed up with (or tell us the email address on file). We will respond within 30 days. There is no charge for reasonable requests.
If you think we have handled your data badly and want to complain to a regulator, you can contact your national data-protection authority — in Canada, the Office of the Privacy Commissioner; in the UK, the ICO; in the EU, your member state's supervisory authority. We would rather you email us first so we can fix it, but you do not have to.
9. International Transfers
The service itself is operated from Canada. If you're in the EU, UK, or EEA, your data will be transferred to the United States when it reaches Google, Deepgram, ElevenLabs, Anthropic, Suno, or Cloudflare, and to Canada when it reaches our own servers.
For US transfers we rely on the EU–US Data Privacy Framework (and its UK and Swiss extensions) where the processor is certified, and on the European Commission's standard contractual clauses where it isn't. Canada has an adequacy decision from the European Commission for commercial data.
10. Children
Word Exchange Plaza is not directed at children under 13, and we do not knowingly collect personal data from anyone under 13. If you believe a child under 13 has signed up, email us and we'll delete the account.
For users in the EU and UK, the "digital consent" age varies by country (13 to 16). Users in that range should have parental consent before signing up. We do not currently verify this — we rely on the honesty of the signing-in user and on the fact that Google accounts have their own minimum ages.
11. Security
All traffic to and from the site is encrypted with TLS, terminated at Cloudflare and re-encrypted to the origin. Secrets (JWT signing keys, third-party API keys) are held in environment variables on the server, never checked into source control. Access to the production server is restricted to the developer and uses key-based SSH.
No system is perfect. If you find a security issue, please email support@wordexchangeplaza.com before posting about it. We'll respond quickly and we're grateful for responsible disclosure.
12. Data Breach
If a breach affects you and presents a real risk to your rights or freedoms, we will notify you by email within 72 hours of confirming the breach. We follow the GDPR Article 33 timing as a baseline and apply it to everyone, regardless of where they live. The notice will explain what happened, what data was involved, what we're doing about it, and what you can do to protect yourself.
13. Do Not Track & Global Privacy Control
Browsers send a variety of privacy signals. We honor the Global Privacy Control (GPC) header. If your browser sends GPC on your first visit, we treat that as a "Decline" for analytics cookies and do not show the cookie banner in an "opt-in" state. The older "Do Not Track" header is not a formal standard and browsers have largely dropped it, but if we detect it we treat it the same way as GPC.
14. Changes to This Policy
We may update this policy as the service evolves or as laws change. Material changes — anything that meaningfully affects what we collect, why, or who we share it with — will be announced at least 14 days before they take effect, via the blog and an in-app notice to signed-in users. Minor clarifications and typo fixes we'll just ship with the updated date at the top and bottom of this page.
15. Contact
Privacy questions, data-subject requests, security reports, or just a hello: support@wordexchangeplaza.com.
We're a small indie project. We take privacy seriously because we'd want the same ourselves. If anything here is unclear, email us — a real person will read it.
Last updated: 22 April 2026.