Privacy Policy

1. Scope

Last updated: June 19, 2026. This policy applies to the VocaPass website, account system, login and registration flow, vocabulary learning surfaces, profile and plan setup, support form, progress synchronization, payment-entitlement workflow, and related operational systems.

2. Account information you provide

We collect account information such as email address, password authentication data, optional name if supported, selected display language, support form submissions, refund requests, correction requests, and other information you choose to provide.

3. Learning and progress records

We store selected vocabulary set, learning period, learning rate, immutable plan terms, daily word assignments, word and sentence progress, review answers, memory scores, final-exam records, timestamps, entitlement state, and synchronization metadata to provide learning continuity across sessions and devices.

4. Registration country and pricing data

For paid-access pricing, VocaPass stores a server-derived registration country ID, using an ISO country code or ZZ when unavailable. The pricing country is derived from server-observed coarse IP geolocation at registration or before checkout for legacy accounts. We do not store the raw IP address for pricing, and browser locale, display language, query parameters, and client-provided country claims are not trusted for pricing.

5. Technical, device, and security data

We may process browser type, device type, operating system, request metadata, coarse country or region signals, referrer, page paths, user-agent strings, error logs, performance logs, cookie identifiers, local-storage keys, service-worker cache metadata, and security events needed to operate, secure, troubleshoot, and improve VocaPass.

6. Abuse prevention

Login and registration use lightweight credential validation, secure sessions, server-side rate limits, request metadata, platform security controls, and monitoring to distinguish normal users from abusive automation. Normal login and registration do not require a visible external security widget before credentials are submitted.

7. Payment information

Web purchases are processed through Stripe or another approved tokenized provider. VocaPass stores payment and entitlement identifiers such as checkout session ID, customer ID, payment intent ID, charge ID when available, amount, currency, paid-access timestamps, refund status, provider event IDs, and entitlement dates. We do not store raw card numbers, expiry dates, CVC codes, PANs, or sensitive authentication data.

8. Support and communications records

Support submissions may include an optional reply email, account identity when signed in, message body, display language, approximate request country or region when available, timestamps, page context, and non-sensitive request metadata needed to investigate and respond. Do not submit passwords, full card details, or confidential third-party information.

9. How we use information

We use information to authenticate users, prevent abuse, provide vocabulary plans, render selected display-language content, synchronize progress, process paid access, enforce trial and entitlement rules, determine refund eligibility, answer support requests, investigate errors, maintain audit records, improve reliability, and satisfy legal or processor requirements.

10. Legal and business bases

Depending on your location, processing may be based on contract performance, steps requested before purchase, legitimate interests in security and service operation, fraud prevention, legal obligations, payment and tax compliance, dispute handling, or consent where required for optional features.

11. Sharing and processors

We may share necessary information with hosting providers, Cloudflare, Stripe, logging and analytics providers, security vendors, support tooling, professional advisers, and authorities when legally required. We do not sell personal information as a standalone business activity.

12. Cookies, local storage, and sessions

VocaPass uses cookies, session identifiers, local storage, and service-worker cache storage for authentication, signed-in hints, API-base configuration, display-language persistence, learning continuity, and static asset performance. Disabling these technologies may prevent login or learning synchronization.

13. Retention

We retain account, learning, entitlement, payment audit, refund, security, and support records for as long as needed to provide the Service, enforce access terms, resolve disputes, comply with tax/accounting/legal obligations, and maintain security. Technical logs may be retained for shorter operational periods unless needed for investigation.

14. Security safeguards

VocaPass uses safeguards appropriate for a digital learning service, including tokenized payment collection, server-side entitlement checks, session controls, Cloudflare security tools, access-controlled operational records, and separation of raw payment data from VocaPass systems. No online service can guarantee absolute security.

15. International access and transfers

VocaPass can be accessed from multiple countries, and service providers may process information in countries where they operate. Launch in a specific region may require additional localized notices, transfer mechanisms, or consumer disclosures before targeted marketing there.

16. Children and students

VocaPass is an educational vocabulary product and may be used by younger learners where permitted by law and account setup. School deployment, child-directed launch, parental consent, or jurisdiction-specific minor-user workflows require the child-privacy approvals recorded in the product specification before production release.

17. Your privacy choices

You may use the Support to request access, correction, export, deletion, restriction, objection, or review of account and learning records. Some records may need to be retained for payment, fraud prevention, tax, security, legal, or dispute-resolution reasons.

18. Communications

We may send transactional messages about account access, payment status, refunds, security, service changes, or support requests. Marketing communications, if introduced, must provide legally required opt-out mechanisms.

19. Policy changes

We may update this Privacy Policy for product, legal, operational, payment-processing, or security changes. Material updates will be posted on this page with a new last-updated date.

20. Contact

For privacy requests, account questions, or data-protection concerns, use Support.