Data Controller: Prinix Labs / Spikato App (20135 26 AVE NW, Edmonton, Alberta, Canada
T6M1K5)
Welcome to Spikato ("we", "our", or "us"). This Privacy Policy explains how we collect, use,
disclose, and safeguard your personal data when you use our mobile application, website, and related
services (collectively, the "Service"). We are committed to protecting your privacy and processing your data
in accordance with the General Data Protection Regulation (GDPR), the UK GDPR, Canadian privacy laws
(PIPEDA), and other applicable regulations.
By using Spikato, you acknowledge that you have read this Privacy Policy. If you do not agree with
the practices described in this Privacy Policy, please do not access, sign up for, or use the
Service.
1. Information We Collect
1.1 Information You Provide Directly
- Account Information: Email address and password when you register, or your account
information if you sign in via a third-party provider (like Google).
- Onboarding & Profile Data: Your native language, English learning goals, current CEFR
level (A1–C2), interests, and selected AI companion avatars.
- Support Tickets: Messages and metadata you provide when contacting customer support.
1.2 Usage and Learning Data
- Lesson Progress & Statistics: Completed missions, quiz scores, total minutes learned,
words studied, streak count, and unlocked achievements.
- Conversation Transcripts: Text from AI chat sessions and live AI voice calls, used
strictly to generate feedback reports and adapt your learning path.
- Audio Recordings (Zero Retention): Microphone input during pronunciation practice and
live agent calls. We do not permanently store your voice data. Audio is processed
ephemerally in real-time by our voice processing partners for speech-to-text conversion and is
immediately discarded. It is never used to identify you biometrically or train base AI models.
1.3 Automatically Collected Information
- Device & Analytics Information: Device type, operating system, app version, and usage
patterns (such as screen views and crash logs) to help us identify bugs and improve app performance.
- Push Notification Tokens: Device tokens used to send daily reminders (only if you grant
explicit permission).
1.4 Payment Information
All payment transactions are securely processed through the Apple App Store or Google Play Store. We do not
collect or store your credit card details. We only record your subscription status, transaction IDs, and
purchased minute balances.
2. How We Use Your Information & Lawful Basis
Under the GDPR, we process your personal data based on the following legal justifications:
- Performance of a Contract: To create your account, deliver personalized English
lessons, facilitate real-time AI voice/text processing, provide grammar corrections, and manage your
minute balance.
- Legitimate Interest: To provide customer support, track anonymized app analytics (to
fix
crashes and improve user experience), and maintain app security.
- Consent: To send you push notifications for daily learning reminders (which you can
withdraw at any time).
3. How We Share Your Data (Categories of Recipients)
We do not sell your personal data. To provide our Service, we share limited data with carefully selected
third-party service providers ("processors"). Each provider is bound by strict Data Processing Agreements
(DPAs) that restrict their use of your data. To protect our proprietary technology stack, we utilize the
following categories of service providers:
- Cloud Infrastructure & Database Providers: To securely host your account data, lesson
progress, and app configurations in encrypted databases.
- AI Language & Voice Processing Partners: To generate dynamic educational responses,
provide real-time conversational voice agents, and perform speech-to-text processing. These partners
process data ephemerally and are contractually prohibited from using your data to train their
foundational AI models.
- Real-Time Communication Infrastructure: To establish low-latency, secure WebSocket and
WebRTC connections for live voice sessions.
- App Analytics & Notification Providers: To track crash reports, monitor app performance
funnels, and securely deliver push notifications.
4. Data Retention & Account Deletion
- Account & Learning Data: Retained for the lifetime of your account to support your
educational journey.
- Conversation Audio: Processed in memory and deleted instantly; never written to
persistent storage.
- Account Deletion: You may permanently delete your account at any time via the app
settings. This action initiates a cascade deletion of your profile, lesson progress, and chat
transcripts. Note: Encrypted data contained in automated server backups may persist for up to 30
days before being overwritten in the normal course of our backup rotation.
- Anonymized Churn Data: Upon account deletion, we may retain a fully anonymized, severed
record (e.g., subscription type and total minutes used) for statistical business analysis. This data
cannot be linked back to you.
5. International Data Transfers
Because we are based in Canada and utilize global cloud infrastructure, your personal data is transferred to
and processed on servers located in the United States and other regions. We safeguard these cross-border
transfers using Standard Contractual Clauses (SCCs) approved by the European Commission,
ensuring your data receives EU-equivalent protection.
6. Your Privacy Rights
Depending on your location (such as the EEA, UK, Switzerland, Canada, or California), you may have the right
to:
- Access & Portability: Request a machine-readable export of your personal data.
- Correction: Update inaccurate account information.
- Erasure (Right to be Forgotten): Hard-delete your account and personal data.
- Object / Opt-Out: Disable push notifications or analytics tracking via your device
settings.
- Non-Discrimination: We will not discriminate against you for exercising your privacy
rights (e.g., California CCPA).
How to Exercise Your Rights:
Most rights can be exercised directly in the app.
- Delete Account: Use Profile → Help & Support → Request Account Deletion to
trigger permanent deletion of
your data. Deleting your account serves as a complete withdrawal of your agreement to this
Privacy Policy and immediately stops all future data processing.
- For other requests, email us at [email protected]. We will respond within 30
days.
7. Children's Privacy
Spikato is intended for users aged 13 and older (or the applicable age of digital consent in your country).
We do not knowingly collect personal data from children under 13. If you believe a child has provided us
with personal information, please contact us so we can delete it.
8. Security
We implement industry-standard security measures, including TLS encryption in transit, AES-256 encryption at
rest, and strict database Row Level Security (RLS). While no internet transmission is 100% secure, we take
robust precautions to protect your data.
9. Changes to This Policy
We may update this Privacy Policy as our app evolves. We will notify you of significant changes by updating
the "Last Updated" date at the top of this page or via an in-app notice. Continued use of the Service after
changes constitutes acceptance of the revised policy.
10. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact the Data
Controller:
Prinix Labs (Spikato)
Email: [email protected]
Address: 20135 26 AVE NW, Edmonton, Alberta, Canada T6M1K5