Privacy Policy — Levantine Lens

1. Information We Collect

When you use Levantine Lens, we may collect:

Account information: Your name and email address — from Google OAuth or Sign in with Apple, or from the email and password you choose if you create an account directly. If you set a password, we store only a salted hash of it, never the password itself. A profile picture is included when you sign in with Google or Apple.
Usage data: Pages visited, tools used, game scores, conversations opened, vocabulary saved, and activity history
Content you create: Saved vocabulary words, reflections, practice conversation text, converted articles, Image Lens uploads, feedback messages, and Talk to Me recordings sent for transcription
Purchase state: Subscription status and transaction identifiers needed to unlock Pro access; Stripe and Apple handle payment details directly
Technical data: Browser type, device information, app version, crash diagnostics, and IP address for security and rate limiting

2. How We Use Your Information

To provide and personalize the Service (activity tracking, vocabulary review, level recommendations)
To process your subscription and payments
To authenticate you and keep your account secure, including verifying your email address and processing password resets
To enforce rate limits and prevent abuse
To improve the Service based on aggregate usage patterns
To respond to your feedback and support requests

3. Why We Process Your Data (Legal Bases)

For users in the European Economic Area and the United Kingdom, the GDPR requires us to tell you the legal basis on which we process your personal data. We rely on the following:

To perform our contract with you: Creating and securing your account, providing the tools, processing your subscription, and saving the vocabulary, activity, and content you choose to create — we cannot deliver the Service without processing this data.
Our legitimate interests: Keeping the Service secure, enforcing rate limits, preventing fraud and abuse, and improving the Service through aggregate usage patterns — balanced so as not to override your rights and freedoms.
Your consent: Where we ask for it, such as optional product analytics. You can withdraw consent at any time.
Legal obligations: Where we are required to retain or disclose information to comply with applicable law.

4. Third-Party Services

We use the following third-party services:

Google OAuth: For authentication. We receive your name, email, and profile picture. We do not access your Google contacts, files, or other data.
Stripe: For payment processing on web subscriptions and tutoring purchases. Stripe handles all credit card data directly — we never see or store your card number.
Apple: For Sign in with Apple, iOS in-app purchases, App Store diagnostics, and crash reporting. Pro purchases made inside the iOS app are billed by Apple.
Anthropic (Claude): Powers Image Lens, Layla, Talk to Me, and the converter. Text or images you submit are sent to Anthropic's API for processing. Under Anthropic's API terms, content submitted through the API is not used to train their models.
OpenAI (Whisper): For speech-to-text transcription in Talk to Me and Layla voice messages. Audio you record is sent to OpenAI's API for transcription. Under OpenAI's API data-usage policy, content submitted through the API is not used to train their models.
ElevenLabs: For text-to-speech audio on words, phrases, and dialogues. Short Arabic text strings are sent to ElevenLabs' API to generate audio. We do not send your personal data.
YouTube Data API: For YouTube Finder. Your search query is sent to Google to fetch matching Levantine Arabic video results. No personal data is sent.
Zoho ZeptoMail: For sending account emails such as email verification and password resets. Only your email address and the message content are sent.
PostHog: For product analytics, such as tool usage, navigation events, and aggregate behavior patterns.
Neon: Hosts the database that stores your account, vocabulary, activity, and saved artifacts. Data is encrypted at rest and accessed only by our application.
Vercel: Hosts the application itself and serves all pages. Vercel logs include standard request metadata (IP, user agent, timestamps) used for security and performance.
Expo / EAS: For iOS builds, updates, and crash reports from the native app.

5. How We Protect Your Data

We protect your information using industry-standard security measures. Traffic between your device and the Service is encrypted in transit using HTTPS/TLS, and account data — including your vocabulary, activity, and saved artifacts — is stored in a database that is encrypted at rest. Passwords, when you set one, are kept only as a salted hash and never in plaintext. Access to production systems is limited to our application and authenticated administrators, and payment details are handled directly by Stripe and Apple, so we never store your card number. No method of transmission or storage is completely secure, but we work to safeguard your information and review our practices as the Service evolves.

6. Data Retention

Account, subscription, vocabulary, and activity data: Kept while your account is active so your saved words, progress, and Pro access work across devices.
Tool content: Saved reflections, practice conversations, converted articles, Image Lens runs, and feedback are kept until you delete your account or ask us to remove them.
Voice recordings: Sent for transcription when you use Talk to Me or voice features in Layla; we do not intentionally keep the raw recording after the request finishes, though transcripts or reflections may be saved to your account when the feature needs them.
Security and server logs: Usually kept for up to 90 days, unless we need them longer to investigate abuse, fraud, or reliability issues.
Analytics: Product analytics may be kept for up to 24 months. Aggregated or de-identified usage data may be kept longer.
Deleted accounts: Personal data is removed from active systems within 30 days. Backups expire on their normal cycle, usually within 90 days.

7. Your Rights

You have the right to:

Access: Request a copy of the data we hold about you
Deletion: Delete your account and associated data from the iOS app by opening Profile → Delete Account, or on the web at /dashboard/delete-account
Export: Download your vocabulary lists and activity data
Correction: Update inaccurate information in your profile

To exercise these rights, email us at admin@levantinelens.com or reach out through our contact page.

8. Cookies & Local Storage

We use browser localStorage (not cookies) to store your preferences, onboarding status, Find Your Level results, and game state locally on your device. This data never leaves your browser. Authentication sessions use secure HTTP-only cookies managed by NextAuth.

9. Children's Privacy

Levantine Lens is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service. The “Last updated” date at the top reflects the most recent revision.

11. Contact

Questions about this Privacy Policy? Email us at admin@levantinelens.com or reach out through our contact page.

1. Information We Collect

When you use Levantine Lens, we may collect:

Account information: Your name and email address — from Google OAuth or Sign in with Apple, or from the email and password you choose if you create an account directly. If you set a password, we store only a salted hash of it, never the password itself. A profile picture is included when you sign in with Google or Apple.

Usage data: Pages visited, tools used, game scores, conversations opened, vocabulary saved, and activity history

Content you create: Saved vocabulary words, reflections, practice conversation text, converted articles, Image Lens uploads, feedback messages, and Talk to Me recordings sent for transcription

Purchase state: Subscription status and transaction identifiers needed to unlock Pro access; Stripe and Apple handle payment details directly

Technical data: Browser type, device information, app version, crash diagnostics, and IP address for security and rate limiting

2. How We Use Your Information

To provide and personalize the Service (activity tracking, vocabulary review, level recommendations)

To process your subscription and payments

To authenticate you and keep your account secure, including verifying your email address and processing password resets

To enforce rate limits and prevent abuse

To improve the Service based on aggregate usage patterns

To respond to your feedback and support requests

3. Why We Process Your Data (Legal Bases)

For users in the European Economic Area and the United Kingdom, the GDPR requires us to tell you the legal basis on which we process your personal data. We rely on the following:

To perform our contract with you: Creating and securing your account, providing the tools, processing your subscription, and saving the vocabulary, activity, and content you choose to create — we cannot deliver the Service without processing this data.

Our legitimate interests: Keeping the Service secure, enforcing rate limits, preventing fraud and abuse, and improving the Service through aggregate usage patterns — balanced so as not to override your rights and freedoms.

Your consent: Where we ask for it, such as optional product analytics. You can withdraw consent at any time.

Legal obligations: Where we are required to retain or disclose information to comply with applicable law.

4. Third-Party Services

We use the following third-party services:

Google OAuth: For authentication. We receive your name, email, and profile picture. We do not access your Google contacts, files, or other data.

Stripe: For payment processing on web subscriptions and tutoring purchases. Stripe handles all credit card data directly — we never see or store your card number.

Apple: For Sign in with Apple, iOS in-app purchases, App Store diagnostics, and crash reporting. Pro purchases made inside the iOS app are billed by Apple.

Anthropic (Claude): Powers Image Lens, Layla, Talk to Me, and the converter. Text or images you submit are sent to Anthropic's API for processing. Under Anthropic's API terms, content submitted through the API is not used to train their models.

OpenAI (Whisper): For speech-to-text transcription in Talk to Me and Layla voice messages. Audio you record is sent to OpenAI's API for transcription. Under OpenAI's API data-usage policy, content submitted through the API is not used to train their models.

ElevenLabs: For text-to-speech audio on words, phrases, and dialogues. Short Arabic text strings are sent to ElevenLabs' API to generate audio. We do not send your personal data.

YouTube Data API: For YouTube Finder. Your search query is sent to Google to fetch matching Levantine Arabic video results. No personal data is sent.

Zoho ZeptoMail: For sending account emails such as email verification and password resets. Only your email address and the message content are sent.

PostHog: For product analytics, such as tool usage, navigation events, and aggregate behavior patterns.

Neon: Hosts the database that stores your account, vocabulary, activity, and saved artifacts. Data is encrypted at rest and accessed only by our application.

Vercel: Hosts the application itself and serves all pages. Vercel logs include standard request metadata (IP, user agent, timestamps) used for security and performance.

Expo / EAS: For iOS builds, updates, and crash reports from the native app.

5. How We Protect Your Data

6. Data Retention

Account, subscription, vocabulary, and activity data: Kept while your account is active so your saved words, progress, and Pro access work across devices.

Tool content: Saved reflections, practice conversations, converted articles, Image Lens runs, and feedback are kept until you delete your account or ask us to remove them.

Voice recordings: Sent for transcription when you use Talk to Me or voice features in Layla; we do not intentionally keep the raw recording after the request finishes, though transcripts or reflections may be saved to your account when the feature needs them.

Security and server logs: Usually kept for up to 90 days, unless we need them longer to investigate abuse, fraud, or reliability issues.

Analytics: Product analytics may be kept for up to 24 months. Aggregated or de-identified usage data may be kept longer.

Deleted accounts: Personal data is removed from active systems within 30 days. Backups expire on their normal cycle, usually within 90 days.

7. Your Rights

You have the right to:

Access: Request a copy of the data we hold about you

Deletion: Delete your account and associated data from the iOS app by opening Profile → Delete Account, or on the web at /dashboard/delete-account

Export: Download your vocabulary lists and activity data

Correction: Update inaccurate information in your profile

To exercise these rights, email us at admin@levantinelens.com or reach out through our contact page.