Privacy Policy

1. Who We Are (Data Controller)

WeSpeak.now (“WeSpeak”, “we”, “our”, or “us”) is the data controller responsible for your personal information. We operate the AI-powered language learning platform available at wespeak.now (the “Service”).

Contact: contact@wespeak.now — or via our Contact Page.

2. Information We Collect

2.1 Information You Provide Directly

• Account registration: name, email address, and password
• Subscription and payments: billing name and payment method details (processed securely by our payment provider; we do not store full card numbers)
• Support communications: information you send when contacting us
• AI tutor conversations: messages, text inputs, and responses you exchange with our AI language tutor

2.2 Information Collected Automatically

When you use the Service, we automatically collect:

• Usage data: conversation history, practice session records, learning progress, and statistics
• Device and technical data: IP address, browser type and version, operating system, device identifiers, and general location (country or region level)
• Log data: pages visited, time and date of visits, time spent on pages, and other diagnostic data
• Cookies and similar technologies: see Section 7 below

2.3 Information from Third Parties

If you choose to sign in using a third-party account (such as Google), we receive basic profile information (name and email address) from that provider, subject to their privacy settings.

3. How We Use Your Information and Our Legal Bases

We process your personal information only where we have a valid legal basis to do so. For users in the European Union and European Economic Area, the applicable legal bases under GDPR Article 6 are noted below.

AI conversation data: We process your conversations with our AI tutor to deliver the core Service (legal basis: contract performance). We may also use aggregated and anonymized conversation data to improve our AI models. We will never use your identifiable conversation data to train external AI or machine learning models without your explicit, separate consent. We will never use data from users under 13 for any AI training purpose.

4. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:

• Service providers (processors): We engage trusted third-party companies to support operations — including payment processing, cloud hosting, email delivery, and analytics. These providers access your data only as necessary to perform services on our behalf and are contractually bound to protect it. Categories of providers include: payment processors, cloud infrastructure providers, customer support tools, and email service providers.
• Legal obligations: We may disclose your information if required by applicable law, court order, or in response to valid requests from public authorities (e.g., law enforcement).
• Business transfers: If WeSpeak is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service before your data is transferred and becomes subject to a different privacy policy.
• With your consent: We may share your information for any other purpose with your explicit consent.
• Protection of rights: We may share information where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, fraud, or threats to safety.

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, or as required by applicable law. Our general retention guidelines are:

• Account data: For the duration of your account, plus up to 3 years after deletion to handle disputes or legal claims
• Conversation and learning data: For the duration of your account, deleted within 90 days of account closure
• Payment records: Up to 7 years, as required for tax and accounting purposes
• Log and technical data: Up to 12 months
• Support communications: Up to 3 years from last contact

When retention periods expire, we securely delete or anonymize your data. You may request earlier deletion — see Section 8 for your rights.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption of data in transit (TLS) and at rest
• Access controls and role-based permissions limiting who can access personal data
• Regular security assessments and monitoring
• Secure authentication mechanisms
• Vendor security reviews for all third-party processors

However, no method of transmission over the internet or electronic storage is 100% secure. In the event of a personal data breach that is likely to result in a risk to your rights, we will notify you and, where required, the relevant supervisory authority, within the timeframes required by applicable law (72 hours under GDPR).

7. Cookies and Tracking Technologies

We use cookies and similar technologies on our Service. Cookies are small text files stored on your device that help us provide and improve the Service.

Types of cookies we use:

• Strictly necessary cookies: Essential for the Service to function (e.g., keeping you logged in, security). These do not require your consent and cannot be disabled.
• Analytics cookies: Help us understand how users interact with the Service (e.g., pages visited, session duration). These require your consent and are only set after you accept them.
• Preference cookies: Remember your settings and choices to improve your experience. These require your consent.

Your choices: When you first visit the Service, you will be presented with a cookie consent banner allowing you to accept or decline non-essential cookies. You can change your preferences at any time via the cookie settings link in our footer. You may also instruct your browser to block or delete cookies; however, disabling strictly necessary cookies will affect the functionality of the Service.

We also honor the Global Privacy Control (GPC) signal. If your browser sends a GPC signal, we treat it as a request to opt out of any data sale or sharing.

8. Your Rights and Choices

Depending on your location, you have the following rights regarding your personal information. We will respond to verified requests within 30 days (extendable by a further 30 days where necessary, with notice).

Rights available to all users:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to certain legal exceptions
• Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing

Additional rights for EU/EEA users (GDPR):

• Portability: Receive your data in a structured, machine-readable format and have it transferred to another controller where technically feasible
• Restriction: Request that we restrict processing of your data in certain circumstances
• Objection: Object to processing based on legitimate interests or for direct marketing at any time
• Automated decision-making: Not be subject to decisions based solely on automated processing that significantly affect you, without human review
• Lodge a complaint: File a complaint with your local supervisory authority (e.g., your national Data Protection Authority)

Additional rights for California users (CCPA/CPRA):

• Know: Request disclosure of the categories and specific pieces of personal information collected, the sources, and the purposes
• Opt out of sale or sharing: We do not sell your personal information. However, you may direct us not to share your data for cross-context behavioral advertising by contacting us or using the GPC signal
• Limit use of sensitive personal information: Request that we limit our use of sensitive personal information to purposes necessary to provide the Service
• Non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights

To exercise any of these rights, please contact us at contact@wespeak.now. We may need to verify your identity before processing your request. You may also designate an authorized agent to submit requests on your behalf.

9. Children’s Privacy

Our Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. In accordance with the Children’s Online Privacy Protection Act (COPPA) and its 2025 amendments (compliance effective April 22, 2026), we:

• Do not use any data from users under 13 to train AI models
• Do not share data from users under 13 with third parties for advertising
• Do not retain data from users under 13 beyond the period necessary to provide the Service

If we become aware that we have inadvertently collected personal information from a child under 13, we will delete it promptly. If you believe we have received information from a child under 13, please contact us at contact@wespeak.now.

Users aged 13–18 may use the Service only with parental or guardian consent, as described in our Terms of Service. In the EU, the age of digital consent may vary by member state (typically 13–16); we apply the relevant threshold based on user location where ascertainable.

10. International Data Transfers

Your personal information may be transferred to and processed in countries other than your own, including countries where data protection laws may differ from those in your jurisdiction.

When we transfer personal information from the European Economic Area (EEA), the United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of protection, we rely on appropriate safeguards such as the Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms. You may request a copy of the safeguards we use by contacting us at contact@wespeak.now.

11. AI and Automated Processing

Our Service uses artificial intelligence to power the language tutor, generate feedback, and personalize your learning plan. In line with applicable laws (including the EU AI Act and GDPR Article 22):

• AI interaction disclosure: You are always informed when you are interacting with our AI system. Our AI tutor is not a human.
• No solely automated decisions with significant effects: We do not make decisions about you that produce significant legal or similarly significant effects through fully automated means without human oversight.
• AI training: We will not use your identifiable personal data to train or fine-tune AI models without your explicit opt-in consent. We may use aggregated, anonymized data for this purpose.
• Training data transparency: Where required by law (including California AB 2013 and Connecticut Public Act 25-113), we maintain disclosures about the data used to develop our AI systems. Contact us to request further information.

12. Third-Party Links and Services

Our Service may contain links to third-party websites or integrate with third-party services (such as payment processors). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through our Service. We are not responsible for the privacy practices of those services.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you at least 30 days in advance by:

• Sending an email to the address associated with your account
• Posting a prominent notice on the Service

The updated “Last updated” date at the top of this page will reflect when the policy was last revised. We encourage you to review this policy periodically. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.