Privacy Policy

Last updated: May 2026

This Privacy Policy explains how Bytebloom Studios GmbH (“Bytebloom”, “we”, “us”) collects, uses and protects personal data when you use the Lingorino language-learning service, including the Lingorino mobile applications for iOS and Android, the Lingorino web application and the lingorino.com website (collectively, the “Service”). It is provided in accordance with Articles 13 and 14 of the EU General Data Protection Regulation (Regulation (EU) 2016/679, the “GDPR”) and the Austrian Data Protection Act (DSG).

1. Controller

The controller responsible for the processing of your personal data within the meaning of the GDPR is:

Bytebloom Studios GmbH
Bundesstraße 35
6111 Volders
Austria
Commercial Register: FN 673706 w, Regional Court of Innsbruck
VAT ID: ATU83104114
Managing Director: Stefan Steinlechner
Email: support@lingorino.com

We have not appointed an external Data Protection Officer because we are not required to do so under Article 37 GDPR. For any data-protection matter, please contact us at the email address above.

2. Categories of Personal Data We Process

2.1 Account data

When you create an account we collect your email address, the username you choose, a securely hashed copy of your password (we never store passwords in clear text , passwords are processed using the bcrypt algorithm) and an internal user identifier (UUID).

2.2 Profile and learning data

We process the language settings you select (native language, target language, learning level), your learning progress (completed lessons, XP, streaks, accuracy, time spent), interactions with course content (selected categories, lesson and task results) and, if you upload one, your profile picture.

2.3 Speech-recognition data

In conversation and pronunciation tasks we use the speech-recognition functionality provided by your device's operating system (Apple Speech / Android SpeechRecognizer). Audio is processed locally on your device or transmitted to the operating-system provider in accordance with the provider's own privacy terms. We do not record, store or transmit voice audio to our own servers.

2.4 Purchase data

If you subscribe to Lingorino Pro through one of the mobile applications, we receive subscription metadata (subscription status, product identifier, purchase date, renewal date, country) from RevenueCat and the respective app store. We do not process your full payment instrument in that case (credit-card number, bank details); payment is handled exclusively by Apple Inc. and Google LLC under their own terms.

For purchases made through the Lingorino web application, payment is processed by Stripe, Inc. Stripe may collect and process your payment-instrument data (such as credit-card number or bank-account details) directly. We receive only a token reference, the transaction status and basic metadata (amount, currency, date). We do not store your full credit-card or bank-account number on our servers.

2.5 Communication and support data

If you send us feedback or contact our support, we process the content of your message, your email address (where provided) and any technical context you attach (such as the Service version) to answer your request.

2.6 Technical and log data

When you use the Service, our servers automatically receive technical information such as your IP address, device type and operating-system version, the date and time of access, the requested endpoint and the response status. This data is processed to operate, secure and troubleshoot the Service.

3. Purposes and Legal Bases of Processing

We process the categories listed in section 2 for the following purposes and on the following legal bases under Article 6(1) GDPR:

  • Performance of the user contract (Art. 6(1)(b) GDPR): creating and operating your account, providing the learning features, syncing progress across devices, processing subscriptions and renewals.
  • Legitimate interests (Art. 6(1)(f) GDPR): ensuring the security and integrity of the Service, preventing fraud and abuse, diagnosing and fixing technical errors, improving the Service on the basis of aggregated usage patterns. Our legitimate interest is the secure and reliable operation of the Service; this interest is balanced against your right to data protection.
  • Consent (Art. 6(1)(a) GDPR): profile-picture upload, submission of voluntary feedback, processing of additional optional data you may provide. You may withdraw your consent at any time with effect for the future (Art. 7(3) GDPR).
  • Compliance with legal obligations (Art. 6(1)(c) GDPR): retention obligations under Austrian commercial and tax law (e.g. seven-year retention of accounting records under § 132 BAO).

4. Processors and Recipients

We use a small number of carefully selected service providers to operate the Service. They process data strictly on our instructions in their role as processors within the meaning of Article 28 GDPR. The relevant recipients are:

  • Amazon Web Services EMEA SARL / Amazon Web Services, Inc. , hosting of our application servers, database (MySQL), object storage and content-delivery infrastructure (Frankfurt region, eu-central-1, preferred). Country: United States parent company; processing primarily takes place in the European Union. Transfer mechanism: EU-US Data Privacy Framework and standard contractual clauses pursuant to Art. 46(2)(c) GDPR.
  • RevenueCat, Inc.: subscription management, purchase validation and webhook delivery for in-app purchases. Country: United States. Transfer mechanism: EU-US Data Privacy Framework and standard contractual clauses.
  • Stripe, Inc.: payment processing for purchases made through the Lingorino web application (credit-card processing, bank transfers, payment-fraud prevention). Country: United States. Transfer mechanism: EU-US Data Privacy Framework and standard contractual clauses pursuant to Art. 46(2)(c) GDPR.
  • Apple Inc. / Apple Distribution International Limited , distribution of the iOS app, in-app purchases, push notifications. Country: United States / Ireland. Transfer mechanism: EU-US Data Privacy Framework and standard contractual clauses.
  • Google LLC / Google Ireland Limited: distribution of the Android app and in-app purchases. Country: United States / Ireland. Transfer mechanism: EU-US Data Privacy Framework and standard contractual clauses.
  • Expo, Inc. (Expo Application Services / EAS): build service for the mobile applications and delivery of over-the-air updates. Country: United States. Transfer mechanism: EU-US Data Privacy Framework and standard contractual clauses.

We do not currently use third-party advertising networks, analytics SDKs or tracking technologies inside the Lingorino mobile and web applications. If we introduce such tools in the future, we will update this Privacy Policy and, where required, obtain your consent in advance.

5. International Data Transfers

Where personal data is transferred to a country outside the European Economic Area, we ensure an adequate level of protection in accordance with Chapter V GDPR. Transfers to the United States are made on the basis of the EU-US Data Privacy Framework (Commission Decision (EU) 2023/1795) for certified recipients and, in addition, on the basis of the European Commission's standard contractual clauses (Decision (EU) 2021/914) together with supplementary technical and contractual measures.

6. Storage Period

  • Account data and learning progress: for as long as your account exists. If you delete your account, this data is erased without undue delay, subject to statutory retention obligations.
  • Subscription data: for the duration of the subscription and afterwards for the statutory retention periods under tax and commercial law (currently seven years under § 132 BAO). This includes subscription and payment metadata received from RevenueCat and Stripe.
  • Speech-recognition audio: not stored by us at all; processed transiently on the device or by the operating system in the moment of use.
  • Server log data: retained for up to 90 days for security, abuse prevention and troubleshooting, then deleted.
  • Support correspondence: retained as long as necessary to handle your request and, where relevant for evidence purposes, for up to three years under the Austrian Civil Code limitation period.

7. Your Rights as a Data Subject

Subject to the conditions in the GDPR, you have the following rights with respect to your personal data:

  • Right of access (Art. 15 GDPR): to confirm whether we process personal data about you and obtain a copy.
  • Right to rectification (Art. 16 GDPR): to have inaccurate data corrected and incomplete data completed.
  • Right to erasure (Art. 17 GDPR): to have your data deleted when one of the grounds in Art. 17 applies.
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to data portability (Art. 20 GDPR): to receive the personal data you provided in a structured, commonly used and machine-readable format and to have it transmitted to another controller.
  • Right to object (Art. 21 GDPR): to object, on grounds relating to your particular situation, to processing based on Art. 6(1)(f) GDPR.
  • Right to withdraw consent (Art. 7(3) GDPR) at any time, with effect for the future, where processing is based on consent.

You can exercise any of these rights by contacting us at support@lingorino.com. We will respond within one month of receipt of your request (Art. 12(3) GDPR); we may extend this period by a further two months where necessary and will inform you of any such extension.

You also have the right to lodge a complaint with a supervisory authority. The competent authority for our establishment is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde):

Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Wien
Austria
Web: www.dsb.gv.at

8. Account Deletion

You can delete your account at any time from the in-app settings or by sending a request to support@lingorino.com. Upon deletion, your personal data is erased without undue delay, except where we are legally obliged or entitled to retain it (e.g. for tax and accounting records). Pending subscriptions remain subject to the terms of the respective app store.

9. Children

The Service is not directed at children. We do not knowingly collect personal data from children under the age of 13. If you believe that a child under that age has provided personal data to us, please contact us so we can take appropriate action and delete the data.

10. Automated Decision-Making

We do not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you within the meaning of Article 22 GDPR.

11. Cookies and Similar Technologies

The Lingorino mobile applications do not use cookies. The Lingorino web application uses only strictly necessary technologies (e.g. local storage and secure token storage) to keep you signed in and to remember your settings; no consent is required for these under § 165 (3) TKG 2021 / Art. 5(3) ePrivacy Directive. If our website (lingorino.com) sets additional cookies (e.g. for analytics in the future), we will inform you via a separate cookie banner and, where required, obtain your consent in advance.

12. Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data. These include encrypted transmission (TLS), hashing of passwords with bcrypt, access controls, encrypted storage of authentication tokens on your device (Apple Keychain / Android Keystore) and regular review of our security practices.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to the Service, our processing activities or applicable law. The current version is always available at lingorino.com/privacy-policy. The date of the most recent update is indicated at the top of this page. Where a change materially affects your rights, we will inform you in advance through the Service or by email.

14. Contact

For any questions about this Privacy Policy or the processing of your personal data, please contact us at support@lingorino.com.

See also our Terms & Conditions.