Privacy Policy

1. Introduction

This Privacy Policy describes how Chinese XP ("we," "us," or "our") collects, uses, and protects your personal information when you use our Chinese language learning platform. We are committed to protecting your privacy and handling your data responsibly.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

• Email address: Required for account creation and communication
• Password: If you choose email/password authentication (encrypted and secure)
• Name: May be collected for account personalization
• Google Account Information: If you sign in with Google, we receive your name, email, and profile image

2.2 Usage and Analytics Data

We use PostHog for analytics, which may collect:

• Pages visited and features used
• Time spent on the platform
• Click patterns and user interactions
• Technical information such as browser type, device information, and IP address

2.3 Learning Content

We collect and store:

• Chinese texts and materials you create or upload
• Vocabulary words you add to flashcards and wordlists
• Your learning progress and word status (learning/learned)

3. How We Use Your Information

We use your information for the following purposes:

• Service Provision: To provide and maintain the Chinese XP platform
• Authentication: To verify your identity and secure your account
• Feature Enhancement: To generate example sentences using AI when you add words to flashcards or wordlists
• Analytics: To understand how users interact with our platform and improve our services
• Communication: To send transactional emails and system notifications
• Legal Compliance: To comply with applicable laws and regulations

4. AI-Powered Features

When you add a word to your flashcards or wordlists, we send only that specific word to DeepSeek (our AI service provider) to generate example sentences. We do not share your full texts, personal information, or other learning data with AI services.

5. Data Sharing and Third-Party Services

We work with the following third-party services:

• Stripe: For secure payment processing
• PostHog: For analytics and user behavior tracking
• DeepSeek: For AI-powered example sentence generation
• Resend: For transactional email delivery
• Vercel: For hosting our frontend application
• Google: For Google Sign-In authentication

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

We may disclose your information when required by law, such as in response to valid legal requests from authorities or to protect our rights and safety.

6. Data Storage and Security

Data Location: Your data is stored on servers located primarily in North America, with potential expansion to Europe in the future.

Security Measures: We implement industry-standard security measures including:

• Encryption of sensitive data, including passwords
• Secure authentication systems
• Content Security Policy (CSP) headers
• Regular security updates and monitoring

Data Retention: We retain your data only as long as necessary to provide our services. When you delete your account, we permanently delete all associated data.

7. Cookies and Local Storage

Cookies: We use essential cookies for:

• Authentication and session management
• Basic website functionality

Third-party services (PostHog, Stripe) may also set their own cookies for analytics and payment processing.

Local Storage: We store a Chinese-English dictionary in your browser's IndexedDB for offline functionality and improved performance.

8. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: You can view most of your data through your account dashboard
• Deletion: You can request complete deletion of your account and data
• Correction: You can update your personal information through your account settings

Currently, we do not provide automated data export functionality, as the data we collect is essential for the platform's operation and is mostly accessible through your account interface.

9. International Data Transfers

Chinese XP is accessible worldwide, and we may transfer your data to countries different from where you are located. We ensure appropriate safeguards are in place to protect your data in accordance with applicable privacy laws, including Brazil's LGPD (Lei Geral de Proteção de Dados) and EU GDPR when applicable.

10. Children's Privacy

Our service is available to users aged 12 and above. We do not knowingly collect personal information from children under 12. If we become aware that we have collected personal information from a child under 12, we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. We encourage you to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: support@chinesexp.com

13. Legal Basis for Processing (GDPR/LGPD)

For users subject to GDPR or LGPD, our legal basis for processing your personal data includes:

• Contract Performance: Processing necessary to provide our services
• Legitimate Interests: Analytics and service improvement
• Legal Obligation: Compliance with applicable laws
• Consent: Where explicitly provided for specific processing activities