Privacy Policy
Polski — developed by Seven Sides Technology
Effective date: July 3, 2026
1. Overview
Polski is a Polish-learning app for Spanish speakers (levels A1–C2): vocabulary spaced repetition, a tap-to-translate reader, AI-generated exercises, an AI tutor, speaking and writing practice, and an openly-licensed library. The data controller is Seven Sides Technology (the “App”, “we”, “us”). We are committed to protecting your privacy. This policy explains what data we access, why, the legal basis, and your rights under the EU General Data Protection Regulation (GDPR).
2. What we collect
| Category | Data | Purpose | Legal basis (GDPR art. 6) |
|---|---|---|---|
| Account | Email, first name (optional), preferred language (ES/EN), self-declared CEFR level | Create and maintain your account | a) Contract performance |
| Learning progress | Vocabulary learned, exercises completed, speaking/writing sessions, uploaded audio, imported books | Personalise learning and show progress | a) Contract performance |
| User content | Books (EPUB/PDF/TXT) you upload, audio you record, writing you submit | Let you study with your own material | a) Contract performance |
| Push notifications | Expo/FCM/APNS token, delivery preferences | Send review reminders and streak nudges | a) Contract + f) Legitimate interest |
| Technical data | Truncated IP address, client version, OS, error correlation id | Error diagnosis and security | f) Legitimate interest |
| Error telemetry | Stack trace, error message, hashed user id (when signed in) | Detect and fix errors | f) Legitimate interest |
We do NOT collect biometrics, health data, data from children under 13 without verifiable parental consent (the App is intended for users aged 13+), or payment data.
3. Sub-processors
| Provider | Service | Data shared | Location |
|---|---|---|---|
| Supabase Inc. | Authentication, PostgreSQL database, file storage | Account + progress + content | EU (eu-central-1, Frankfurt) |
| Render Inc. | Backend hosting (API) | Encrypted HTTP traffic | EU (Frankfurt) |
| Sentry.io (when configured) | Error telemetry | Stack traces + hashed user id | EU |
| Expo + Apple APNs + Google FCM | Push delivery | Device token + message title | US (Standard Contractual Clauses) |
We do not use any paid generative AI to process personal data. The models that generate exercises and translations run locally (Ollama) or through the free tiers of Gemini/Groq, configured not to use your prompts for training.
4. Your rights (GDPR arts. 15–22)
- Access (art. 15): export everything we hold about you via the in-app data export — you receive a JSON file with every record linked to your account.
- Rectification (art. 16): edit your profile in Settings.
- Erasure (art. 17, “right to be forgotten”): delete your account from inside the App (see §5).
- Restriction (art. 18) and objection (art. 21): email us.
- Portability (art. 20): the export above is in standard JSON.
- Complaint: to the Spanish Data Protection Agency (AEPD) or the supervisory authority where you habitually reside in the EU.
5. How to delete your account and data
You can delete your account and all associated data at any time, free of charge, directly in the App: open Profile → Settings → Delete account. Deletion cascades across your account, learning progress, uploaded content, recorded audio, and push tokens, and is completed within 30 days at most. You can also request deletion by emailing hello@sevensides.technology from your registered address.
6. Data retention
- Active account and progress: while the account exists.
- After an erasure request: deleted within 30 days at most.
- Voluntary closure after 24 months of inactivity: we email you 30 days in advance; with no reply, we delete the account.
- Error telemetry: 90 days.
- Encrypted backups: up to 60 days after deletion (normal backup rotation).
7. Security
- TLS 1.2+ on all client–server traffic.
- Auth tokens signed (HS256 + ES256) and verified on every request.
- Row-Level Security in the database: each user can read only their own rows.
- Your private uploads (books, audio) live in access-controlled storage, reachable only with your session.
- Automated weekly dependency audits.
- We never store passwords — authentication is handled by Supabase Auth.
8. Cookies
- The mobile app uses no cookies.
- This website uses only strictly-necessary cookies for session continuity (exempt from consent under ePrivacy).
- No marketing, profiling, or advertising cookies. No Google Analytics or equivalents.
9. Minors
The App targets users aged 13 and older. If we learn that an account was created by a child under 13 without verifiable parental consent, we delete it.
10. Changes to this policy
Material changes are announced inside the App and, where relevant, by email 30 days in advance. The date above marks the version in force.
11. Contact
© 2026 Seven Sides Technology. All rights reserved.