Privacy Policy

Mynawoo is an AI-powered language-learning service. This Policy explains how we collect, use, and share personal data for the website (mynawoo.com) and future mobile apps.

During beta, access is invite-only. We do not offer the Service to residents of Türkiye and may apply geolocation/IP restrictions. If we learn a user is a resident of Türkiye, we may restrict or disable access and delete personal data as required.

• Account Data: email; hashed password; Google OAuth identifiers if used; optional display name.
• Technical Data: IP address, device/OS/browser (User-Agent), and logs.
• Usage & Content: actions in the app; messages/uploads/assignments you submit.
• Payment Metadata: via Gumroad (web) and Google Play Store (mobile) — we receive non-card identifiers such as purchase tokens, order/transaction IDs, subscription status, and limited billing metadata. We do not collect/store full card numbers.
• Approximate Location: inferred from IP (if available).
• AI Interaction Data: prompts/inputs and outputs. During beta, we may store pseudonymized samples for product/model improvement.

• Provide & secure the Service (Contract / Legitimate Interests).
• Analytics & improvement (Consent where required; otherwise Legitimate Interests).
• Payments & fraud prevention via Gumroad and Google Play Store (Contract / Legitimate Interests).
• Compliance & enforcement (Legal obligations / Legitimate Interests).

We use essential cookies. Non-essential analytics (e.g., Google Analytics) only run after consent in regions that require it (e.g., EEA/UK). You can withdraw consent via the banner/settings or by emailing us.

• We share data with vendors who process it for us under contract and only for our instructions:
• Hosting/Infrastructure: Hetzner and/or AWS (primarily EU/Germany).
• AI Providers: OpenAI; Google (content you submit may be processed to generate outputs).
• Storage/CDN: Cloudflare R2 (profile images/learning files).
• Payments: Gumroad (web payments - limited billing metadata) and Google Play Store (mobile app payments - subscription status and transaction IDs).
• Analytics/Tags: Google Analytics & Google Tag Manager.

Primary storage is in the EU (Germany). Where data is transferred outside your region, we use appropriate safeguards (e.g., EU Standard Contractual Clauses) as applicable.

Encryption in transit (TLS/HTTPS) and at rest (database level), access controls, logging, and daily backups. No system is 100% secure; if a data incident occurs, we will investigate and notify users/authorities as required.

• Account & content: retained for the life of the account; delete within ~30 days after confirmed deletion request; backups purge within ~90 days.
• Logs: ~90 days.
• Analytics: up to 13 months (or shorter per configuration).
• AI improvement samples: retained until opt-out or no longer needed.

• Depending on your location (e.g., GDPR/KVKK/CPRA), you may have rights to access, correct, delete, restrict, object, and data portability, and to withdraw consent where we rely on it.
• How to exercise: email [email protected] from your registered email. We aim to delete accounts within 3 business days and respond to other requests within 30 days, subject to legal/technical limits.
• Opt-out of model improvement: email subject "OPT-OUT AI TRAINING."

• Account Deletion: You can delete your account in-app via Profile → Settings → Delete Account.
• Deletion Timeline: Personal data is removed from active systems within ~30 days after confirmed deletion; backups purge within ~90 days, subject to legal obligations.
• Residual Data: Pseudonymized learning artifacts may remain for statistical/model quality purposes and will not contain direct identifiers.

• Your use of third-party services is governed by their own terms and policies. Key vendors we rely on:
• • Google Play Store / Play Billing: purchase tokens, order/transaction IDs, subscription status — payments & fraud prevention.
• • Gumroad (Web): limited billing metadata — payments & receipts.
• • Google Analytics & Google Tag Manager: device/usage data — analytics (runs after consent where required).
• • OpenAI & Google (AI): content you submit — to generate AI outputs.
• • Cloudflare R2: media storage/CDN — delivery of profile/learning files.

We send transactional messages (verification, receipts) and, where permitted, promotional emails. You can unsubscribe from marketing via email footer or by contacting us. Critical service messages may still be sent.

We may update this Policy. The "Last updated" date shows the effective version. Material changes may be highlighted in-app or by email where appropriate.