Privacy Policy

Last updated: 24 February 2026

Vocab Magnet is committed to protecting your privacy. This policy explains how we collect, use, and protect your data.

Table of Contents

1. What Information Do We Collect?

Account Information

  • Email address — Retrieved from your Facebook or Google OAuth login. This is your primary identifier and communication method.

Learning Data

  • Words and phrases — Which vocabulary items you're learning, their review history
  • Learning progress — Timestamps of reviews, difficulty ratings, spaced repetition intervals
  • Custom content — Any custom words or phrases you create
  • Timezone information — To display your learning data in your local time
  • Study statistics — Daily streaks, total words learned, review counts

Payment Information

  • Payment method (via Paddle) — We never access or store any credit card information, invoice addresses, or payment details. Paddle handles all sensitive payment data securely.
  • Subscription status — Whether you have an active Premium subscription
  • Subscription billing interval — How often billing occurs for your subscription

Contact Form Data

  • Email — When you submit a contact form to reach our support team
  • Message content — Your inquiry or feedback

Analytics Data

  • Usage analytics — Pages visited, features used, settings changed (via Umami Analytics)
  • Browser/device info — Browser type, operating system (anonymized, no IP tracking)

2. How Do We Use Your Data?

✓ To provide and improve the service

Your learning data powers Vocab Magnet's core functionality — spaced repetition, streak tracking, and personalized recommendations.

✓ To process payments

Paddle handles subscription billing, and we only see your subscription status (not payment details).

✓ To respond to your inquiries

When you use our contact form, we use your email and message to help resolve your issue.

✓ To improve the app

Anonymized analytics (via Umami) help us understand which features are valuable and where to focus development.

✗ We do NOT:

  • Sell your data to third parties
  • Share your learning data with advertisers
  • Use your data for targeted ads or marketing
  • Store credit card information

3. Who Has Access to Your Data?

✓ We do NOT sell your data to anyone.

We work with trusted third-party service providers to operate Vocab Magnet. Here's exactly who has access to what:

Supabase (Database Provider)

Your account data, learning progress, and custom words are stored in Supabase's secure PostgreSQL database.

  • Data stored: All your personal and learning data
  • Location: Frankfurt, Germany 🇩🇪 (EU)
  • Security: Enterprise-grade encryption, Row-Level Security (RLS) policies ensure you only see your own data
  • Privacy: Supabase Privacy Policy

Paddle (Payment Processor)

Handles all payment processing for Premium subscriptions securely. We never access or store your credit card details.

  • Data accessed: Email, billing address, encrypted payment information
  • Your card details: Never stored on Vocab Magnet servers
  • Security: PCI-DSS compliant, industry-standard encryption
  • Privacy: Paddle Privacy Policy

Facebook (OAuth Authentication)

Provides secure login using your Facebook account. Facebook does not share your account password with Vocab Magnet.

  • Data accessed: Email only
  • NOT accessed: Your friends list, messages, photos, or passwords
  • Privacy: Facebook Privacy Policy

Google (OAuth Authentication)

Provides secure login using your Google account. Google does not share your account password with Vocab Magnet.

  • Data accessed: Email, Google ID, optionally your display name
  • NOT accessed: Your contacts, calendar, emails, Google Drive, or passwords
  • Privacy: Google Privacy Policy

hCaptcha (Security)

Protects our contact form from spam and abuse. GDPR-compliant and privacy-friendly.

  • Data used: Only to verify you're human (not stored permanently)
  • GDPR compliant: No personal data retention, EU-hosted
  • Privacy: hCaptcha Privacy Policy

Formcarry (Contact Form Submission)

Transmits your contact form messages securely to our support team.

  • Data transmitted: Email and your message only
  • Encryption: All data encrypted in transit
  • Privacy: Formcarry Privacy Policy

Umami (Analytics)

Tracks how you use Vocab Magnet to help us improve the app. Completely cookieless and GDPR-compliant.

  • Data tracked: Pages visited, features used, study time, browser type
  • NOT tracked: Your identity is never recorded
  • Data retention: Automatically deleted after 90 days
  • Privacy: Umami Privacy Policy

When Required by Law

If police, government agencies, or courts legally require your data (e.g., via court order or subpoena), we may disclose it. We will notify you of such requests unless legally prohibited from doing so.

4. Data Retention

While Your Account Is Active

We retain all your learning data, custom words, and account information as long as your account exists. This data is essential for Vocab Magnet's functionality.

After Account Deletion

Once you delete your account, we immediately:

  • Delete all your learning data from Supabase
  • Remove your profile and custom words
  • Cancel any active subscriptions

Analytics & Logs

Umami analytics data is automatically deleted after 180 days. Server logs are retained for up to 30 days for security purposes.

Backups

Deleted data may persist in backups for up to 30 days, after which it's permanently removed.

5. Your Rights (GDPR & CCPA)

As a user, you have the following rights:

🔍 Right to Access

You can request a copy of all data we hold about you.

✏️ Right to Rectify

You can correct or update your personal information at any time.

🗑️ Right to Deletion

You can request deletion of your account and all associated data ("Right to be Forgotten").

📤 Right to Data Portability

You can request your data in a machine-readable format to transfer to another service.

🚫 Right to Object

You can object to processing of your data (we use minimal processing, so this mostly applies to analytics opt-out).

🔐 Right to Withdraw Consent

You can withdraw consent for data processing at any time by deleting your account.

To exercise any of these rights, contact us below. We'll respond within 30 days (as required by GDPR).

6. Security

🔐 Data Encryption

All data in transit uses HTTPS encryption. Data at rest in Supabase is encrypted with AES-256.

🔒 Row-Level Security

Supabase's Row-Level Security (RLS) policies ensure that you can only access your own data. Even if someone breaches the database, they see nothing without RLS policies.

🛡️ Authentication

We use industry-standard OAuth 2.0 with trusted providers (Google, Facebook). Your passwords are never stored on our servers.

🚨 What We're Not Responsible For

While we do our best, we cannot guarantee 100% security. Risks include:

  • Breaches at OAuth providers (Google, Facebook) — use strong passwords on those accounts
  • Your device being compromised — use a secure device
  • Phishing attacks — we'll never ask for your password

7. Children's Privacy

Vocab Magnet is not intended for children under 13. We do not knowingly collect data from children under 13.

If we learn that we've accidentally collected data from someone under 13, we will delete it immediately. Parents or guardians who believe their child has provided data to us should contact us right away.

8. Contact Us

Questions about this Privacy Policy or how we handle your data? We're here to help.

Company Location

Germany 🇩🇪

Response Time

We typically respond to privacy inquiries within 5-7 business days.

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email or by updating the "Last Updated" date.

Your continued use of Vocab Magnet after changes become effective means you accept the updated Privacy Policy.