Privacy Policy
May 13, 2025 2026-04-25 22:38Privacy Policy
Privacy Policy
How we collect, use, and protect your personal information when you use FarsiLingo.
Effective date: May 1, 2025 · Last updated: April 25, 2026
Contents
Who We Are
FarsiLingo ("we", "us", or "our") is an online language learning platform available at farsilingo.com, dedicated to helping learners study the Persian (Farsi) language through interactive lessons, vocabulary tools, and practice exercises.
For the purposes of the EU General Data Protection Regulation (GDPR), FarsiLingo acts as the data controller of your personal information.
Data We Collect
We collect the following categories of personal data:
| Category | Examples | When collected |
|---|---|---|
| Account information | Name, email address, password (hashed), account preferences | When you register or update your profile |
| Usage data | Lessons completed, quiz results, learning streaks, feature interactions | Automatically as you use the platform |
| Technical data | IP address, browser type, operating system, session timestamps | Automatically via server logs and analytics |
| Communications | Emails you send us (e.g. support requests) | When you contact us directly |
We do not collect payment card details (handled by third-party processors) or sensitive categories of personal data such as health information or biometric data.
How We Use Your Data
We use the personal data we collect to:
- Create and maintain your account and authenticate your identity
- Deliver, personalize, and improve FarsiLingo's learning experience
- Track your learning progress and provide feedback and recommendations
- Send transactional emails (e.g. email verification, password resets)
- Send service and product updates where you have opted in
- Analyze usage patterns in aggregate to improve the platform
- Detect, prevent, and address technical issues or security incidents
- Comply with legal obligations
Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:
| Processing activity | Legal basis |
|---|---|
| Account creation and management | Performance of a contract (Art. 6(1)(b)) |
| Learning progress tracking | Performance of a contract (Art. 6(1)(b)) |
| Analytics and platform improvements | Legitimate interests (Art. 6(1)(f)) |
| Marketing emails | Consent (Art. 6(1)(a)) — can be withdrawn anytime |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
Data Sharing & Third Parties
We do not sell, rent, or trade your personal data. We may share data with trusted third-party service providers that help us operate the platform, strictly on a need-to-know basis and bound by data processing agreements:
- Hosting & infrastructure — Our servers are hosted by Hetzner Online GmbH, Germany. All data is stored within the European Economic Area (EEA)
- Analytics — privacy-friendly analytics tools (e.g. Plausible, self-hosted) for aggregated usage insights
- Payment processors — if you subscribe to a paid plan, payment is handled by a PCI-DSS-compliant third party (e.g. Stripe); we do not store card data
We may also disclose data when required by law, court order, or to protect the safety and security of our users or the public.
Where third-party providers are located outside the EEA, we ensure adequate safeguards are in place — such as Standard Contractual Clauses (SCCs) — in accordance with Chapter V of the GDPR.
Cookies & Analytics
FarsiLingo uses the following types of cookies and similar technologies:
| Type | Purpose | Consent required? |
|---|---|---|
| Essential | Session management, authentication, security | No — strictly necessary |
| Functional | Remembering your language, theme, and preferences | No — strictly necessary |
| Analytics | Understanding how users navigate the platform (aggregated, anonymised) | Yes — opt-in via cookie banner |
You can manage or withdraw cookie consent at any time via your browser settings or our cookie preference centre. Withdrawing analytics cookies will not affect the functionality of the platform.
Data Retention
We retain your personal data only for as long as necessary for the purposes described in this policy:
- Account data — retained for the duration of your account. Upon deletion, data is removed within 30 days from active systems and within 90 days from backups.
- Usage and analytics data — aggregated or anonymised data may be retained indefinitely; identifiable usage logs are deleted within 12 months.
- Support communications — retained for up to 2 years for quality and legal purposes.
- Legal obligations — certain data may be retained longer where required by applicable law.
Your Rights Under GDPR
If you are in the EEA, you have the following rights regarding your personal data. You can exercise any of them by contacting us at the address below.
Request a copy of the personal data we hold about you.
Ask us to correct inaccurate or incomplete data.
Request deletion of your data ("right to be forgotten").
Ask us to limit how we process your data in certain circumstances.
Receive your data in a structured, machine-readable format.
Object to processing based on legitimate interests or for direct marketing.
Withdraw any consent you have previously given, at any time.
Complain to your local supervisory authority (e.g. BfDI in Germany).
We will respond to all valid requests within 30 days in accordance with Art. 12 GDPR. Complex or multiple requests may take up to 3 months, in which case we will notify you of the extension within the initial 30-day period.
Children's Privacy
FarsiLingo is intended for users who are at least 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately and we will delete such data promptly.
For users between 16 and 18, we encourage parental oversight of account activity.
Security
We implement appropriate technical and organisational security measures to protect your personal data against accidental loss, unauthorised access, disclosure, or alteration. These measures include:
- Encrypted data transmission over HTTPS (TLS)
- Bcrypt hashing of passwords — we never store passwords in plain text
- Role-based access controls limiting internal access to personal data
- Regular security reviews and dependency updates
Despite our best efforts, no method of transmission over the internet is 100% secure. If you suspect a security breach involving your account, please contact us immediately at info@farsilingo.com.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Notify registered users by email at least 14 days before the changes take effect
- In some cases, ask for your renewed consent if required by law
We encourage you to review this page periodically. Your continued use of FarsiLingo after the effective date constitutes acceptance of the updated policy.
Contact Us
If you have any questions, requests, or concerns about this Privacy Policy or our data practices, please reach out to us:
Data Controller — FarsiLingo
Website: farsilingo.com
Privacy enquiries: info@farsilingo.com
General support: info@farsilingo.com
If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority. In Germany, this is the Federal Commissioner for Data Protection and Freedom of Information (BfDI) at bfdi.bund.de.
