Privacy Policy

This Privacy Policy explains how Fluenly Inc. (“Fluenly”, “we”, “our”, “us”) collects, uses, discloses and protects your personal information when you access or use the Fluenly web & mobile application, website and related content (the “Service”).

1. Who We Are

Fluenly Inc. is registered in Ireland with its principal office at Rose Hill, Wicklow Town, Co Wicklow, Ireland. Although parts of our infrastructure may be hosted in the United States or other countries, our data-handling practices are intended to comply with the EU General Data Protection Regulation (“GDPR”) and other applicable laws.

2. Information We Collect

We collect the following categories of data:

  • Account Information – name, email address and authentication-related identifiers or tokens provided through Firebase Authentication and Kinde.
  • Learning Preferences & Progress – chosen voice speed, voice gender, language level, completed scenario steps and related product settings.
  • Voice & Transcript Data
    • Raw microphone recordings (captured only while you press the push-to-talk button, auto-deleted within 48 hours).
    • Transcripts generated by Deepgram.
    • AI replies and temporary TTS audio (stored for a limited period, typically until the signed URL expires, up to 2 hours).
  • Payment Data – limited billing and subscription information from Stripe (for example, subscription status and partial payment method details such as the last 4 digits of a card). We do not store full card numbers or CVC codes.
  • Usage, Device & Log Data – IP address, browser type, device information, operating system, referring pages, page views, timestamps, approximate location derived from IP, crash data, error logs, request metadata and security events. This data may be collected directly by us or through providers such as Google Cloud, Cloudflare and Google Analytics.
  • Support Communications – messages, chat transcripts, attachments and related metadata you submit when contacting us by email or through support tools such as tawk.to.
  • Advertising & Measurement Data – ad impressions, ad interactions, cookie identifiers, device identifiers, consent signals and related diagnostic or measurement data collected in connection with Google AdSense and similar technologies.
  • Cookies & Local Storage – session tokens, language preference, first-name greeting, consent choices and other browser-based storage used to operate, secure, analyse and monetise the Service.

3. How We Use Your Data

  • Provide, operate and maintain the Service, including authentication, hosting, speech recognition, TTS playback, AI chat generation and account management.
  • Personalise learning content and remember your preferences and progress.
  • Process payments, manage subscriptions and detect fraudulent or abusive transactions.
  • Monitor performance, diagnose issues, maintain uptime, secure infrastructure and prevent spam, fraud or misuse.
  • Respond to support requests and communicate with you through email or support chat tools such as tawk.to.
  • Measure traffic and product usage, understand engagement and improve features through analytics tools such as Google Analytics.
  • Display, limit, measure and, where permitted, personalise advertisements through services such as Google AdSense.
  • Send transactional emails such as password resets, login notices and subscription confirmations and, where you have consented, product updates or marketing messages.
  • Comply with legal obligations and enforce our Terms & Conditions and other policies.

4. Legal Bases for Processing (EEA / UK)

Where required by applicable law, we process personal data under one or more of the following legal bases:

  • Contract – where processing is necessary to provide the Service you request.
  • Legitimate Interests – where necessary to secure our systems, prevent abuse, provide support, improve the Service and maintain business operations, provided those interests are not overridden by your rights.
  • Consent – for optional activities such as marketing emails, microphone access in your browser and, where required, non-essential cookies or personalised advertising.
  • Legal Obligation – where processing is necessary to comply with tax, accounting, regulatory or law-enforcement obligations.

5. Sharing & Disclosure

We do not sell your personal data for money. We may disclose personal data only as described below:

  • Service Providers acting on our behalf or as independent providers of integrated tools, including:
    • Firebase & Google Cloud, including Google Cloud Run, Google Cloud Storage and Firestore (hosting, infrastructure, database, storage)
    • Cloudflare (DNS, performance, caching, traffic filtering and security)
    • Deepgram (speech-to-text and optional TTS)
    • OpenAI & Cartesia AI (language and speech generation)
    • Stripe (payments and subscription billing)
    • Kinde (OAuth identity and authentication services)
    • Google Analytics (analytics and measurement)
    • Google AdSense (advertising and ad measurement)
    • tawk.to (customer-support chat)
  • Professional Advisors – lawyers, auditors, accountants and insurers bound by confidentiality obligations.
  • Legal Authorities – when required to comply with applicable law, regulation, subpoena, court order or lawful request, or when necessary to protect rights, property or safety.
  • Business Transfers – in connection with a merger, acquisition, financing, reorganisation or sale of all or part of our business, subject to appropriate confidentiality and legal safeguards.

Depending on your location and consent choices, some advertising or analytics partners may receive cookie or device data to help measure traffic or deliver ads. Where required by law, we rely on your consent before enabling such non-essential technologies.

6. International Transfers

Your data may be transferred to and stored on servers located in the United States or other countries outside the European Economic Area or the UK. Where required, we rely on Standard Contractual Clauses, adequacy decisions or comparable legal safeguards to help protect transferred personal data.

7. Data Retention

  • Account data – retained until you delete your account or request erasure, unless we must retain certain information for legal, security or fraud-prevention reasons.
  • Learning preferences & progress – retained while your account is active and for a reasonable period afterward unless deleted sooner upon request or account deletion.
  • Raw voice recordings – deleted automatically within 48 hours.
  • Temporary TTS audio – automatically removed when the signed URL expires, typically within 2 hours.
  • Support communications – retained for as long as reasonably necessary to handle your request, maintain support history and protect against misuse.
  • Analytics, ad and security logs – retained for as long as reasonably necessary for measurement, troubleshooting, abuse prevention and legal compliance, subject to provider settings and applicable law.
  • Payment and billing records – retained for up to 7 years, or longer if required by tax, accounting or legal obligations.
  • Cookies and local-storage items – retained until they expire, are cleared by you or are no longer needed for the purpose for which they were set.

8. Security

We use reasonable technical and organisational safeguards designed to protect personal data, including encryption in transit (TLS), access controls, least-privilege permissions, infrastructure monitoring, logging and security measures provided through services such as Cloudflare and Google Cloud. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Your Privacy Rights

Subject to applicable law, you may have the right to:

  • Access the personal data we hold about you;
  • Correct inaccurate or incomplete data;
  • Request deletion of your data;
  • Request restriction of processing;
  • Object to processing based on legitimate interests;
  • Receive a copy of certain personal data in a portable format;
  • Withdraw consent at any time for consent-based processing;
  • Opt out of certain analytics, advertising cookies or, where applicable, the sharing/use of data for targeted advertising;
  • Lodge a complaint with your local supervisory authority. In Ireland, this is the Data Protection Commission.

To exercise any of these rights, email us at [email protected]. We may verify your identity before processing your request.

10. Cookies & Similar Technologies

We use cookies, SDKs, pixels, local storage and similar technologies for the following purposes:

  • Essential – to keep you logged in, secure sessions, route traffic and protect the Service.
  • Preferences – to remember settings such as language, greeting or other product choices.
  • Analytics – to understand how visitors use our website and app, including through Google Analytics.
  • Support – to enable and maintain support chat functionality such as tawk.to.
  • Advertising – to display, frequency-cap, measure and, where permitted, personalise ads, including through Google AdSense.
  • Security & Performance – to filter malicious traffic, cache content, improve delivery and detect abuse, including through Cloudflare.

Where required by law, we ask for consent before using non-essential cookies or advertising technologies. You can manage cookies through our consent banner, your browser settings or relevant third-party controls. Blocking or deleting certain cookies may affect site functionality.

11. Children’s Privacy

The Service is not directed to children under 13. If you believe that a child has provided us with personal data without required parental consent, please contact us and we will investigate and delete such information where appropriate.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we may provide notice by email, website banner or in-app notice before the updated Policy takes effect. Your continued use of the Service after the effective date means the updated Policy will apply.

13. Contact Us

Email: [email protected]