Privacy Policy — Lexicafe
Last updated: 14 June 2026
This Privacy Policy explains how Yevheniia Beltser ("Lexicafe", "we", "us") collects, uses, and protects your personal data when you use the Lexicafe application and website at https://lexicafe.app (the "Service"). We are the data controller for the purposes of the EU/UK General Data Protection Regulation (GDPR).
Contact: hello@lexicafe.app · Poland (full postal address available on request)
1. Summary (the short version)
- We use your Google account only to sign you in and show your name/avatar.
- We store the words, translations, notes, lists, and lesson transcripts you create.
- To generate translations, examples, and answers, we send your input text to third-party AI providers (OpenAI and/or Google).
- We do not sell your data or use it for advertising.
- You can export or permanently delete all of your data at any time from Settings.
2. Data we collect
a) Account data (via Google Sign-In). Your name, email address, and profile picture, plus a Google account identifier. We do not receive your Google password.
b) Content you create. Words and phrases you look up or save, translations, your own notes/comments, examples, synonyms, custom lists, spaced-repetition review history and progress, and AI chat messages you send within a card.
c) Lesson / "Listen" data. If you use the Listen feature, audio is captured on your device and converted to text; we store the resulting transcripts, extracted words, and analysis. See Section 6 for important responsibilities about recording other people.
d) Your own AI API keys (optional). If you add your own OpenAI/Gemini key, we store it encrypted and use it only to make AI requests on your behalf.
e) Technical & usage data. IP address, device/browser type, timestamps, and basic logs needed to operate and secure the Service, plus counters of your AI usage (for quota).
f) Payment data (if/when paid plans launch). Handled by our payment processor; we do not store full card numbers.
3. How we use your data and our legal bases (GDPR Art. 6)
| Purpose | Legal basis |
|---|---|
| Provide the core Service (save words, generate cards, run reviews) | Performance of a contract (Art. 6(1)(b)) |
| Send your input to AI providers to produce translations/answers | Performance of a contract |
| Authenticate you and keep the Service secure; prevent abuse | Legitimate interests (Art. 6(1)(f)) |
| Enforce usage quotas / operate paid plans | Contract / legitimate interests |
| Send push notifications (study reminders) — only if you opt in | Consent (Art. 6(1)(a)) |
| Comply with legal obligations | Legal obligation (Art. 6(1)(c)) |
We do not use your content to train our own models, and we do not sell personal data.
4. AI providers and other sub-processors
To deliver the Service we share data with the processors below. We only share what is necessary for each function.
| Sub-processor | Purpose | Data shared |
|---|---|---|
| OpenAI (default AI provider) | Generate translations, examples, descriptions, chat answers, text-to-speech, transcription | The text you submit (words, sentences, questions, lesson transcripts) |
| Google (Gemini) | Alternative AI provider | Same as above, when selected |
| Google (Sign-In) | Authentication | Account identifiers |
| Vercel | Application hosting | Technical/usage data, requests |
| Turso (libSQL) | Data storage | All stored content above |
| Web Push (VAPID) | Push notifications | Subscription token (if opted in) |
We ask AI providers, where their settings allow, to not retain or train on API inputs/outputs; however, providers may temporarily process and retain data per their own policies (e.g., short-term abuse monitoring). Review: https://openai.com/policies/privacy-policy · https://policies.google.com/privacy. Do not paste passwords, payment details, or others' sensitive personal data into AI inputs.
5. International transfers
Some processors are located outside your country (e.g., the United States). Where personal data is transferred outside the EEA/UK, we rely on appropriate safeguards such as the EU Standard Contractual Clauses and/or adequacy decisions.
6. The Listen / recording feature — your responsibilities
The Listen feature can capture and transcribe spoken audio (e.g., a lesson or meeting). You are solely responsible for obtaining any consent required to record other people under the laws of your jurisdiction. Only record conversations you are legally permitted to record. We process the resulting transcript solely to provide the feature to you.
7. Cookies and local storage
We use strictly necessary cookies/local storage to keep you signed in and remember preferences (such as interface language). We do not use advertising or third-party tracking cookies. Because we use only essential storage, a consent banner is generally not required, but you can clear this data via your browser at any time.
8. Data retention
We keep your account and content for as long as your account is active. If you delete specific items or your whole account, we delete the associated personal data from our live systems without undue delay (and from backups within 30 days). Some minimal logs may be retained where required for security or legal reasons.
9. Your rights
Subject to applicable law (GDPR and others), you have the right to access, rectify, erase, restrict, object to processing, and port your data, and to withdraw consent at any time. To exercise these:
- Export and Delete account are available directly in Settings.
- Or contact us at hello@lexicafe.app. We respond within one month.
- You may also lodge a complaint with your local data protection authority.
10. Security
We protect data with encryption in transit (HTTPS), encryption of stored API keys, access controls scoped per user, and restricted access to production systems. No method is 100% secure; we cannot guarantee absolute security.
11. Children
The Service is not directed to children under 16. We do not knowingly collect data from children under this age. If you believe a child has provided us data, contact us and we will delete it.
12. Changes to this policy
We may update this policy. We will post the new version here and update the "Last updated" date; material changes will be communicated in-app or by email where appropriate.
13. Contact
Questions or requests: hello@lexicafe.app · Yevheniia Beltser · Poland.
This policy is available in English and Ukrainian (switch the interface language). In case of conflict, the English version prevails.