1.1 Lingora cares about your personal data, and we are committed to safeguarding your privacy. This Privacy Policy details:
a) the personal data we collect and receive about you;
b) how we collect, use, store and share (collectively described as "process") your personal data; and
c) your rights and obligations in relation to your personal data.
1.2 Lingora is operated by Alexander Stebner as a Kleinunternehmen (sole proprietorship under German law), based at Alstertwiete 15, 20099 Hamburg, Germany. Alexander Stebner is the data controller for the purposes of the EU General Data Protection Regulation ("GDPR") and any applicable local legislation ("Data Protection Laws").
1.3 Lingora provides our language learning services (the "Services") to you subject to the terms of this Privacy Policy, which forms part of our Terms of Service ("Terms", accessible at https://lingora.org/tos). By accessing or using any part of the Services, you represent that you have read, understand and agree to the terms of this Privacy Policy. Our Privacy Policy will also apply to any communications between you and Lingora.
1.4 We may update this Privacy Policy from time to time to reflect changes in our data processing practices, or to comply with applicable law. All changes will be posted on our website, and we will indicate the date these terms were last revised at the bottom of the Privacy Policy. You can review the most current version of the Privacy Policy at any time at https://lingora.org/privacy. Your continued use of the Services after any such changes have been made constitutes your acceptance of the new Privacy Policy.
Lingora collects and receives the types of information and personal data listed in this clause 2. We do not collect special categories of personal data about you.
("Special categories of personal data" is defined as: i) data revealing your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions and/or trade union membership; ii) information about your health; and ii) genetic and biometric data processed for the purpose of uniquely identifying a natural person)
2.1 Automatically collected activity data
When you use the Services we collect data about how you interact with them, including:
a) Technical information — device model, operating system, app version, and language/locale settings;
b) Network information — your IP address, automatically logged by our hosting provider (Firebase) for security and operational purposes;
c) Learning and interaction activity — which screens you open, time of access, session duration, study progress, the answers you submit, purchase events, whether you were shown the app-review prompt, and your interactions with other users (such as friend requests);
d) Approximate geographic location — derived at country or region level only, from your IP address by Firebase Analytics and from your store account by RevenueCat. We do not collect your precise location;
e) Data stored on your device, as explained in more detail in clause 2.2 below.
2.2 Data stored on your device
The website at lingora.org itself sets no cookies and uses no local storage.
The Lingora mobile app stores the following data locally on your device so the app works offline and preserves your session and preferences:
a) An authentication token, managed by Firebase Authentication, so you stay signed in between sessions;
b) Your user preferences — locale, display settings, audio playback speed, study focus, notification preferences, and any quiz configurations you have created;
c) Downloaded course content — lesson data, audio files, and images — cached so you can use the app offline;
d) Your study progress, which is synced to our backend (Firestore) as soon as a connection is available;
e) Subscription information received from RevenueCat so your Paid Services access works while offline.
On the free tier, ads served through Google AdMob may use your device's advertising identifier (IDFA on iOS, AAID on Android) for purposes such as frequency capping and fraud detection. All ads in Lingora are non-personalized — they are not chosen based on your behavior or any profile built from your data. You can reset or limit the use of your advertising identifier through your device's privacy settings.
2.3 Data received from third parties
a) You can create an account using your email address and a password, or by signing in through Apple or Google. Authentication is handled by Firebase Authentication (a Google service); Lingora never sees or stores your password directly. If you sign in through Apple or Google, the provider may return your verified email and, depending on your consent, your name.
b) On account creation we retain your email address, your chosen display name, and your locale. Your password is held by Firebase Authentication on our behalf.
c) If you choose to purchase a subscription (such as a Pro membership), we receive your payment transaction information — whether the transaction was successful and the product you purchased. Payments are processed by Apple In-App Purchase or Google Play Billing; Lingora does not collect or store your credit card, bank account, or other financial details.
d) We will process all personal data received from third parties in accordance with our Privacy Policy. However, please remember that the manner in which third-party providers process your information is governed solely by their policies.
2.4 AI tutor and study-context data
a) When you use the in-app AI tutor, the relevant portion of your current chat history together with your most recently studied sentences and words are sent to Anthropic's API to generate a response. Anthropic is our AI service provider.
b) We do not include directly-identifying information in these requests (no email, display name, or account ID). Under Anthropic's standard API terms, data submitted to their API is not used to train their models.
2.5 Speech data
The Speech Trainer requires microphone access, which the app requests only the first time you activate the feature. While you use it, your voice recording is transmitted to Microsoft Azure for speech recognition and returned as text. Neither Lingora nor Azure retain the audio after the recognition step. You can revoke microphone access at any time through your device's settings; the rest of the app will continue to work without it.
2.6 Push notifications
We use Firebase Cloud Messaging (a Google service) to deliver notifications such as study reminders. The app asks your permission before sending notifications; if you decline, the rest of the app still works, you just won't receive reminders. You can change this choice at any time through the app's notification settings or your device's settings.
2.7 Analytics and crash reporting
We use Firebase Analytics to understand how features are used — which screens are opened, session length, purchase events (started or completed subscription flows), and whether a user was shown the app-review prompt — and Firebase Crashlytics to capture and diagnose crashes. Both are Google services. The data collected is pseudonymized and is not combined with directly-identifying information about you. Firebase Analytics may derive approximate geographic location at the country or region level from your IP address.
2.8 Email delivery
Transactional and periodic emails (such as study reminders and product announcements) are delivered through Resend (resend.com). Individual customer support replies are sent from a private email account.
Lingora uses your personal data for the following general purposes, and for the purposes of complying with applicable law and legal processes.
3.1 Use as part of providing the Services
It is important to us to be able to offer you the best service possible. We may therefore use the information we collect about you to provide, maintain, update and protect the Services, including:
a) to investigate and help prevent security issues and abuse; and
b) to administer and improve the Services, and for our internal operations generally, including processing subscriptions, troubleshooting, data analysis, testing, research, product development, and enforcement of our Terms.
3.2 Service communications
a) We use your email address to send service communications — study reminders, notifications about changes to the Services, and occasional announcements about new features or courses. These are not personalized marketing; they are limited to information about the Services.
b) We may track whether these emails are opened and whether links in them are clicked. This information is aggregated and not used to build individual profiles.
c) You can opt out of these emails at any time by turning off email notifications in the app's settings, by clicking the "unsubscribe" link in any email, or by contacting us at privacy@stebtech.com.
3.3 Aggregate and anonymous data
a) We may derive aggregate data and/or anonymized data such as geographical and other demographic and/or statistical information from your personal data. For example, we may aggregate your activity data to calculate the percentage of users accessing a specific feature from a particular country. This data is not considered personal data in law as it does not directly or indirectly reveal your identity.
b) Lingora may process aggregate or anonymous data collected through the Services for research, product development, marketing and any other purpose.
c) If we combine or connect aggregated data with your personal data so that it becomes possible to identify you (directly or indirectly) from that data, we will treat the combined data as personal data, which will only be processed in accordance with this Privacy Policy.
3.4 Lawful basis for processing (GDPR)
For users in the European Economic Area or the United Kingdom, we process personal data on the following legal bases:
a) Performance of a contract — account creation, subscription management, and delivery of the core Services;
b) Legitimate interest — analytics and crash reporting to keep the Services working, fraud prevention, and limited in-app advertising on the free tier;
c) Consent — sending marketing emails, which you can withdraw at any time; and
d) Legal obligation — responding to lawful requests from regulators or courts.
4.1 We do not sell your personal data. We share it only as necessary to operate the Services, including with the third-party providers named in clauses 2.3 through 2.8 (Firebase Authentication, Anthropic, Microsoft Azure, Firebase Cloud Messaging, Firebase Analytics, Firebase Crashlytics, and Resend). Each provider processes your data solely to deliver the service described.
4.2 Advertising. If you use the free tier of the app, non-personalized advertisements may be served through Google AdMob and, occasionally, internal house ads for other Lingora offerings. "Non-personalized" means ads are not chosen based on your behavior or any profile built from your data; AdMob may still use your device's advertising identifier for operational purposes such as frequency capping and fraud detection. Paid subscribers do not see ads. You can reset or limit the use of your advertising identifier through your device's privacy settings.
4.3 Where we share your personal data with third parties, we ensure that there are contractual provisions in place that provide you with at least the same protection as this Privacy Policy.
4.4 In the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets or operations, your personal data will be disclosed and transferred to Lingora's successor or buyer.
5.1 Retention of your personal data
Lingora will retain your personal data for such time as required to fulfil our contractual and legal obligations, and any other permissible purpose for which we have collected it. Anonymized or aggregated data that does not identify you personally may be retained indefinitely.
You can end your use of the Services in one of two ways, both available from within the mobile app:
a) Deactivate your account — you are logged out, and the account is removed from our backend after 30 days if you have not logged in again in the meantime; or
b) Delete your account immediately — after a confirmation dialog, you are logged out and the account is removed from our backend right away.
You can also request deletion by emailing us at privacy@stebtech.com.
5.2 Storage and security of your personal data
Lingora stores your personal data with Google Firebase (Firestore, Authentication, Cloud Functions, Hosting), which provides the underlying infrastructure, encryption in transit and at rest, and perimeter security. On top of that we implement commercially reasonable administrative and technical safeguards — access controls, logged administrative actions, and least-privilege roles — to protect your data from unauthorized access. However, no internet transmission or server storage is 100% secure, and given sufficient resources a determined attacker could defeat these safeguards. If you have reason to believe your interaction with us is no longer secure, please notify us immediately at privacy@stebtech.com.
5.3 International transfers of personal data
We may at times need to transfer your personal data to countries in which the applicable laws may not offer the same level of data protection as the laws of your home country. In such cases, we ensure that contractual provisions with third party data processors and any other third party agents we use provide you with at least the same protection as this Privacy Policy.
6.1 Access, amendment and deletion rights
a) You have the following rights in relation to the personal data we hold about you, unless provided otherwise by local law:
i) to update, amend, and/or correct your information — your display name, notification preferences, and password can be changed directly through the app's settings; other changes (including your email address) can be requested from us;
ii) to request access to, or erasure of, the personal data we hold about you;
iii) to object to us processing personal data relating to you, or to request that we restrict such processing;
iv) to withdraw your consent to some or all of Lingora's processing of your personal data, for example, you may request that we not use your personal data to send you marketing or promotional material (however, this will not affect the lawfulness of any processing carried out before you withdraw your consent);
v) to export, or request a copy of, the personal data you have provided to us in a format that can be transferred electronically to a third party; and
b) Please note that some of these rights may not be absolute. For example, we may refuse a request if it meant that we would no longer be able to meet our contractual obligations to you, or if it would prevent us from meeting our legal obligations. We will keep you informed of the actions we are able to take when you make your request.
c) Requests should be sent to privacy@stebtech.com. As a security measure, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).
d) You do not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in those circumstances.
6.2 Individuals in the United Kingdom and European Economic Area
If you are a resident of the United Kingdom (UK) or the European Economic Area (EEA) and you believe that we have processed your personal data in a manner inconsistent with your privacy rights, you have the right to lodge a GDPR complaint with the relevant supervisory authority:
a) UK residents can find contact details for the Information Commissioner's Office at https://ico.org.uk/global/contact-us/; and
b) a list of supervisory authorities in the EEA and their contact details can be accessed at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
However, we would appreciate the chance to address your concerns, and ask that you kindly contact Lingora at privacy@stebtech.com prior to lodging a complaint.
6.3 California Residents
a) In addition to the rights listed in clause 6.1 above, California residents also have the following rights under the California Consumer Privacy Act 2018 ("CCPA"):
i) To know, in respect of the preceding 12 months
A. what personal data we have collected about you;
B. where we collected the personal data from;
C. what (if any) personal data we disclose or share with third parties;
D. the categories of third parties with whom we shared your personal data (if any); and
E. whether, and what categories of, personal data (if any) was shared for business or commercial purposes, and what those business purposes were.
This information is contained in clauses 2 to 5 of this Privacy Policy, and may also be requested from Lingora.
ii) To update, amend, correct and/or delete your information (which you can do through your account settings) or request us to do so;
iii) To opt-out of having your personal information shared with certain third parties; and
iv) To not be discriminated against for exercising your CCPA privacy rights.
b) California residents can submit a request by emailing us at privacy@stebtech.com. Requestors will need to provide us with certain personal data for us to match with our records in order to verify your identity and residency. The personal information that we use to verify your identity and residency will not be used for any other purpose.
c) We do not discriminate against California residents who exercise their CCPA privacy rights. However, please note that some of these rights may not be absolute. For example, we may refuse a request if it meant that we would no longer be able to meet our contractual obligations to you, or if it would prevent us from meeting our legal obligations. We will keep you informed of the actions we are able to take when you make your request.
The Services may occasionally link out to other platforms, websites, or applications operated by third parties — for example, app store listings or help-article links. Lingora does not control these destinations, does not endorse their content, and is not responsible for their privacy policies.
We encourage you to review the privacy policy of any third-party website or platform before providing information to it.
8.1 The Services are not directed at children under 13, and we do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us and we will delete it.
8.2 Users who record an age below 18 have social features (public profile, friends, activity sharing) disabled automatically. If you use the Services as a user aged 13–17, your parent or legal guardian should review this Privacy Policy and the Terms of Service with you.
8.3 If a user is reported to be below 13 and we are able to verify this, we will remove their account and associated personal data.
If you have any questions or concerns about this Privacy Policy, our privacy practices, or if you wish to exercise your individual rights, please contact us by emailing privacy@stebtech.com.
Last updated: 19 April 2026