Privacy Policy

1. Scope

This Privacy Policy applies to the VocaPass website, account system, vocabulary learning surfaces, progress synchronization, support communications, and payment entitlement workflows.

2. Information we collect

We may collect account identifiers, email address, password authentication data, display-language preference, selected vocabulary set, learning period, pressure style, plan terms, daily learning progress, review answers, scores, timestamps, support messages, device/browser metadata, IP-derived coarse region signals, and operational logs.

3. Learning and generated-content records

VocaPass stores learning-plan membership, word and sentence progress, review attempts, final-exam records, and content-access events so the service can synchronize learning across devices and enforce server-authoritative plan terms.

4. Payment information

Web/direct payments are processed by Stripe through tokenized checkout. VocaPass stores payment status and entitlement identifiers such as checkout session ID, customer ID, payment intent ID, charge ID when available, amount, currency, plan ID, and entitlement dates. VocaPass does not store raw card number, expiry date, CVC, PAN, or sensitive authentication data.

5. How we use information

We use information to authenticate accounts, provide vocabulary plans, synchronize progress, display learning content, process paid access, prevent fraud or abuse, troubleshoot errors, satisfy payment audit requirements, respond to support requests, and improve reliability and content quality.

6. Sharing and processors

We may share necessary data with payment processors, hosting providers, analytics or logging infrastructure, support tools, security providers, and professional advisers. Stripe processes payment data under its own terms and privacy documentation. We do not sell personal information as a standalone business activity.

7. Cookies and local storage

VocaPass may use cookies, session identifiers, and browser local storage for authentication, API-base configuration, display-language caching, signed-in hints, and service-worker caching. These technologies support core account and learning functionality.

8. Retention

We retain account, learning, entitlement, and payment audit records for as long as needed to provide the service, enforce access terms, handle disputes and refunds, comply with legal obligations, and maintain security. Some technical logs may be retained for shorter operational periods.

9. Security

We use technical and organizational safeguards appropriate for a digital learning service, including tokenized payment collection through Stripe, server-side entitlement checks, and restricted handling of payment identifiers. No online service can guarantee absolute security.

10. International access

VocaPass may be accessed from multiple countries. Data may be processed in locations where service providers operate. Production launch in specific regions may require additional legal review and localized disclosures.

11. Children and students

VocaPass supports school-exam vocabulary and may be used by younger learners where permitted. Any child-directed launch, school deployment, or jurisdiction-specific minor-user workflow requires the child-privacy approvals recorded in the product specification before production release.

12. Your choices and requests

You may contact support to request account assistance, access correction, deletion, export, privacy review, or billing-data questions. Some records may need to be retained for payment, security, legal, or dispute-resolution purposes.

13. Policy changes

We may update this Privacy Policy to reflect product, legal, operational, or payment-processing changes. Material updates will be posted on this page with a new last-updated date.

14. Contact

For privacy requests or questions, contact support@vocapass.app.