Privacy Policy

Last updated: November 2025

Introduction

Welcome to Talk with Ren (Beta). We are committed to protecting your personal data and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our language learning platform.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

1. Data Controller

The data controller responsible for your personal data is:

Mikio Braun

Beckerstr. 11

12157 Berlin, Germany

Contact for data protection inquiries:
Email: [email protected]

2. Data We Collect

We collect several types of information from and about users of our application, including:

2.1 Account Information

  • Username
  • Email address
  • Password (encrypted/hashed)
  • Preferred learning languages
  • Avatar preference
  • Invite code (during registration)

2.2 Learning Session Data

  • Session duration and timestamps (start, pause, end times)
  • Message count per session
  • Selected topic and language for each session
  • Session status (active/paused/completed)
  • Session summaries and one-line recaps

2.3 Conversation Content

  • All messages you send during learning sessions
  • AI-generated responses (from Google Gemini)
  • Function call metadata (vocabulary management operations)
  • AI thinking steps and reasoning
  • Conversation timestamps

2.4 Vocabulary Data

  • Words and phrases you encounter
  • Word readings/pronunciations
  • Parts of speech
  • Meanings and translations
  • Example usage sentences
  • Language of the vocabulary entry
  • Context from conversations where the word appeared
  • Tags and difficulty levels
  • Review history (for spaced repetition)
  • Accuracy rates and mastery levels

2.5 Usage Analytics

  • Learning progress metrics
  • Review statistics (accuracy, streak days, review counts)
  • Session feedback (thumbs up/down ratings and optional notes)
  • Time spent on various activities

2.6 Technical Data (Browser Storage)

We store data locally in your browser using localStorage (not cookies):

  • auth_token - JWT authentication token
  • user - Your complete user profile (JSON)
  • postvoc_active_conversation_id - Current conversation UUID
  • postvoc_chat_language - Selected language code
  • postvoc_chat_topic - Current topic
  • postvoc_recently_added_words - Session vocabulary tracking
  • vocabulary_review_session - Review session state

ℹ️ Note: We do not use cookies. All authentication and session management is handled through localStorage in your browser.

3. How We Use Your Data

We use the information we collect for the following purposes:

  • Provide the Service: To enable you to use our language learning platform, including AI-powered conversations through Google Gemini
  • Personalization: To adapt learning content to your level and track your vocabulary knowledge
  • Spaced Repetition: To schedule vocabulary reviews based on your performance and memory retention
  • Progress Tracking: To show you analytics, statistics, and learning progress over time
  • Service Improvement: To analyze usage patterns and improve our platform (based on aggregated, anonymized data)
  • Communication: To send you service-related notifications (if applicable)
  • Security: To detect, prevent, and address technical issues and fraudulent activity

4. Third-Party Data Processing

⚠️ IMPORTANT: Your conversation data is processed by third-party AI services.

4.1 Google Gemini API

To power our AI conversation features, we send your messages and conversation context to Google's Gemini API (specifically Gemini Flash). This includes:

  • All messages you send during learning sessions
  • Your vocabulary knowledge state (to personalize responses)
  • System prompts with learning context

Google processes this data to generate AI responses. We use paid API services with Cloud Billing enabled, which means Google does not use your prompts or responses to improve their products according to their terms. Data is retained only for a limited period for detecting policy violations and legal compliance.

Google's use of this data is governed by their terms and privacy policies:

ℹ️ Note: Because we use paid Gemini API services, your conversation data is not used by Google to train or improve their AI models. Data is processed according to Google's Data Processing Addendum for enterprise customers.

4.2 Analytics Services

We use privacy-focused analytics services to understand how users interact with our platform:

  • Fathom Analytics: Privacy-focused web analytics (no cookies, GDPR compliant)
  • Ahrefs Analytics: Website analytics for SEO and performance monitoring

5. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your data based on:

  • Consent (Art. 6(1)(a)): You provide consent when creating an account and using our services
  • Contract Performance (Art. 6(1)(b)): Processing is necessary to provide the learning services you requested
  • Legitimate Interest (Art. 6(1)(f)): We have a legitimate interest in improving our service and ensuring security

6. Your Data Protection Rights (GDPR)

Under GDPR, you have the following rights:

  • Right to Access (Art. 15): Request copies of your personal data
  • Right to Rectification (Art. 16): Request correction of inaccurate data
  • Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
  • Right to Restriction (Art. 18): Request limitation of processing
  • Right to Data Portability (Art. 20): Receive your data in a machine-readable format
  • Right to Object (Art. 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent (Art. 7): Withdraw consent at any time

To exercise any of these rights, please contact us using the information in the Contact page.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Password encryption using industry-standard hashing algorithms
  • JWT token-based authentication
  • HTTPS encryption for data in transit
  • Regular security assessments

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.

8. Beta Version Disclaimer

ℹ️ Beta Notice: Talk with Ren is currently in beta testing. During this phase, we may make changes to our data collection and processing practices. We will notify users of any material changes to this Privacy Policy.

9. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

11. Contact & Data Protection Inquiries

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please visit our Contact page.

You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data appropriately.