Skip to main content

Privacy Policy

Last updated: July 2026

1. Information We Collect

We collect the following types of information:

  • Account information: Email address, display name, and optional profile image when you create an account.
  • Sign-in methods: Sign-in methods include email and password, magic links, passkeys, and sign-in with Apple, Google, Kakao, or Discord. When you choose a third-party account, we receive its account identifier and available profile details, such as name, email, verification status, and profile image. Apple may provide a private relay email. If you link Discord, we may use your authorization to join the Chamelingo community and manage membership roles.
  • Learning data: Lesson progress, quiz answers, vocabulary statistics, and streak information.
  • Content you submit: Custom lessons, decks, presentations, tutor messages, prompts, transcripts, uploaded images or audio, feedback, support requests, and other content you choose to create or submit.
  • Social and community data: Friend connections, multiplayer activity, public display information, linked community account identifiers, membership and role status, engagement counters, community messages handled by our bot, and moderation records when you use social or community features.
  • Usage analytics: With your consent, we collect page or screen views, feature interactions, app or device identifiers, install and campaign attribution, and purchase or conversion events. Signed-in analytics may be associated with your account identifier. On the web, we may also record a limited visual session replay only for an anonymous visit to the clean home page; typed field text is masked and account, payment, lesson, and other app screens are excluded. Replay recordings are deleted after 14 days.
  • Device information: IP address, device type, operating system, browser, app version, language, request and network information, and approximate region derived from IP, collected for compatibility, security, fraud prevention, and diagnostics.
  • Voice data: Microphone audio during AI voice tutoring is streamed in real time for speech recognition, pronunciation feedback, and lesson responses. We do not intentionally retain the raw microphone stream as a permanent user recording. Session transcripts and generated audio clips may be retained with your conversation history until they are deleted under our retention practices.
  • Push notification tokens: Device tokens for delivering push notifications about streaks, challenges, and learning reminders. You can disable notifications at any time.
  • Payment information: On the web, card details are collected directly by our payment processor; mobile purchases are processed by the applicable app store. We receive customer and transaction identifiers, product, amount and currency, purchase, refund, subscription and entitlement status, and limited payment-method metadata. We do not receive or store full card numbers.
  • Referral and creator payouts: If you request a payout, we collect your selected payout method, payout destination details, account-holder and bank details where needed, country and currency, and transfer identifiers and status.

2. How We Use Your Information

  • To provide and improve the Service
  • To personalize your learning experience
  • To process payments for subscriptions
  • To send transactional emails (password resets, verification)
  • To secure the Service, prevent abuse and fraud, and diagnose and fix errors
  • To analyze usage patterns and improve features
  • To provide friends, multiplayer, community, role, moderation, and other social features
  • To calculate and deliver referral or creator payouts
  • To comply with law, enforce our terms, and establish or defend legal claims

3. Data Sharing

We do not sell your personal data. We disclose data to the following categories of recipients only as needed to operate, secure, measure, and improve the Service:

  • Payments and subscriptions: Payment processors, subscription-management services, app stores, and payout providers receive billing and subscription information, transaction, refund, and entitlement status, plus payout destination or bank details when needed to complete purchases, verify access, or deliver a requested payout.
  • Analytics and attribution: Audience-analytics and attribution providers may receive your consent state, app or device identifiers, IP and technical information, page or screen activity, install and campaign data, conversion events, and a linked account identifier where permitted. Optional processing occurs only with consent where required.
  • Diagnostics: Error-monitoring, fraud-prevention, and security providers may receive error reports, URLs, device, browser, app, request, account or session identifiers, and authentication, security, or fraud signals, with privacy filtering where supported.
  • Email and notifications: Email, push-notification, and customer-support providers receive contact details, push tokens, communication preferences, support or message content, and delivery metadata needed to send or handle communications.
  • AI, speech, and voice: AI, speech, and real-time voice providers receive the lesson content, prompts, transcripts, or audio needed to fulfill a tutoring or voice request.
  • Media, hosting, and real-time infrastructure: Hosting, managed-database, storage, backup, media-delivery, and real-time infrastructure providers process account and profile data, database records, user content, audio, and service logs needed to run and deliver the Service.
  • Authentication: Apple, Google, Kakao, or Discord process authentication tokens, account identifiers, and available profile fields only when you choose or link that sign-in method.
  • Community, social, and multiplayer features: Community features use community and social-platform providers, real-time messaging services, and other participants. Depending on the feature, they may receive your display name, profile image, presence, social or multiplayer activity, community messages, membership or role status, subscription eligibility, and moderation data.
  • Marketing measurement: Marketing-measurement providers may receive consent state, website or app events, campaign parameters, device or browser identifiers, and conversion information only after explicit marketing consent where required.
  • Legal and business disclosures: Professional advisers, auditors, insurers, prospective buyers or successors, and legal authorities may receive data when reasonably necessary to comply with law, protect rights and safety, complete a corporate transaction, or establish or defend legal claims.

4. Data Storage and Security

We use technical and organizational safeguards designed to protect your data, including access controls, password hashing, encrypted HTTPS/TLS connections, monitoring, and retention controls. No storage or transmission method is completely secure.

5. Data Retention

We retain your account data for as long as your account is active. Guest profiles are automatically deleted after 30 days of inactivity. If you create an account, your guest progress can be migrated. After account deletion, we remove your personal data within 30 days, except where retention is required by law. De-identified or aggregate analytics may be retained indefinitely; visual session replay recordings are automatically deleted after 14 days.

6. Cookies

We use cookies and similar local storage for authentication, security, preferences, and essential functions. With your consent, optional storage may support audience analytics, attribution, marketing measurement, and the limited visual session replay described above. You can change these choices in the cookie preferences controls.

7. Your Rights

You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Export your learning progress data
  • Request portability of your data in a machine-readable format
  • Lodge a complaint with a data protection authority

Your Privacy Choices

You can manage email, notifications, cookies, export, and account deletion in the app and on the web. See our dedicated User Privacy Choices page for step-by-step controls.

8. Account Deletion

You can delete your account and all associated data at any time. To delete your account: (1) Open the Chamelingo app or web app, (2) Go to Settings, (3) Tap "Delete Account" at the bottom of the page, (4) Confirm the deletion via the verification email sent to your registered email address. Upon deletion, the following data is permanently removed within 30 days: your profile information, learning progress, vocabulary statistics, streak history, custom decks, friend connections, and arena match history. Anonymized analytics data that cannot be linked back to you may be retained. You can also request account deletion by emailing privacy@chamelingo.com.

9. European Users (GDPR)

If you are located in the European Economic Area, we process your data under the following legal bases: (a) your consent, (b) performance of a contract (providing the Service), and (c) our legitimate interests (improving the Service, preventing fraud). You may withdraw consent at any time by contacting us. We do not transfer data outside the EEA without appropriate safeguards.

10. California Users (CCPA)

We do not sell your personal information. California residents have the right to know what personal information we collect, request its deletion, and opt out of any future sale. To exercise these rights, contact us at privacy@chamelingo.com.

11. Children's Privacy

Chamelingo is not directed at children under 13. We do not knowingly collect personal information from children under 13.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes via email or in-app notification.

13. Contact

For privacy-related questions, contact us at privacy@chamelingo.com.