icodex

Last updated: May 15, 2026

Privacy Policy

Language Traveler — Language Learning App

Last Updated: May 15, 2026

1. Introduction

Language Traveler ("we," "us," or "our") is a mobile language-learning application developed by Anil Burcu, an independent developer. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Language Traveler application (the "App").

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), the Turkish Personal Data Protection Law (KVKK, Law No. 6698), and other applicable data protection laws.

Data Controller: Anil Burcu

Email: language-traveler@icodex.dev

2. Age Requirement

Language Traveler is intended for users aged 13 and older. We do not knowingly collect personal data from children under the age of 13. If we discover that a child under 13 has provided us with personal data, we will promptly delete that information. If you believe a child under 13 has shared data with us, please contact us at the email address above.

3. Data We Collect

3.1 Account Information (Provided by You)

When you create an account, we collect your email address for authentication purposes. If you sign in with Apple or Google, we may also receive your name and profile photo URL from your OAuth provider. Email sign-in uses a one-time password (OTP) delivered to your email inbox; we do not store passwords. All account data is stored in the European Union (Ireland).

3.2 Learning Activity and Progress

To provide a continuous learning experience across your devices, we store the following information on our server:

  • Articles you have opened, read, and your quiz scores
  • Vocabulary you have studied, marked as learned, or saved for review
  • Spaced-repetition state for each word (review intervals, mastery level, remaining "hearts"/attempts)
  • Daily study time, current and longest streaks, total experience points (XP), level
  • Achievements (badges) you have earned
  • Your chosen learning language and translation language

This data is stored in the European Union (Ireland).

3.3 Preferences

We store your in-app preferences on our server so they sync across devices: daily study goal, timezone, study-reminder schedule, notification preferences, display name, and avatar. Display-only settings such as theme, font size, and interface language are stored only on your device.

3.4 Subscription and Payment Data

If you subscribe to Language Traveler Premium, we store your subscription status, product identifier, start and expiry dates, and the store type (App Store or Google Play) on our server. Payment processing is handled entirely by Apple or Google — we never receive or store your credit card number, billing address, or other financial details. RevenueCat, our subscription management provider based in the United States, processes transaction data and store receipts on our behalf.

3.5 Push Notifications

If you enable push notifications, we store your push token, device name, a device identifier, the platform (iOS or Android), and the installed app version on our server in order to deliver notifications. Your notification preferences (study reminders, streak reminders, word-review reminders, product updates) are stored on our server and your device. You can disable notifications at any time through the App's settings or your device settings.

3.6 Analytics Data (Consent-Based)

We use PostHog (EU-hosted) for product analytics. Analytics data is collected only if you give explicit consent, which is requested on first launch and which you can change at any time in the App's settings (Settings → Share anonymous data).

When you consent, we collect app usage events (such as articles read, quizzes completed, features used) along with an anonymized user identifier (first 8 characters of your account ID). The PostHog SDK also automatically collects basic device information: an installation identifier, operating system, OS version, app version, and screen dimensions.

We do not collect your name, email, location, or browsing history through analytics. A full list of events we may track is provided in Section 13.

3.7 Error and Crash Reporting

We use Sentry (EU-hosted, Germany) to detect and fix app errors. Error reporting is gated on the same analytics consent described in 3.6; if you opt out, no crash reports are sent. Data collected includes error messages, stack traces, device model, OS version, app version, navigation breadcrumbs (screen names only, no personal content), and an anonymized user identifier (first 8 characters of your account ID).

We do not send your email, name, or authentication tokens to Sentry. Our error reporting system actively filters out authorization headers, API keys, tokens, and passwords before any data leaves your device.

3.8 Data Stored Only on Your Device

Certain data is stored only on your device and is never transmitted to our servers: app preferences (theme, font size, interface language), analytics consent status and timestamp, authentication session tokens (stored in encrypted local storage), and a local cache of articles, vocabulary, and your progress used to keep the App responsive offline.

4. How We Use Your Data

We use your data for the following purposes:

  • Providing the App's core features — account management, content delivery, learning progress, vocabulary review, and subscriptions. Legal basis: performance of contract (GDPR Art. 6(1)(b)).
  • Delivering push notifications — study reminders, streak reminders, word-review reminders, and product updates based on your preferences. Legal basis: consent (Art. 6(1)(a)).
  • Product analytics — understanding how the App is used to improve it. Legal basis: consent (Art. 6(1)(a)).
  • Error tracking and stability — identifying and fixing bugs. Legal basis: consent (Art. 6(1)(a)).
  • Fraud and abuse prevention — protection of in-app purchases against claim-jumping by other accounts. Legal basis: legitimate interest (Art. 6(1)(f)).

5. Data Sharing and Third-Party Services

We do not sell your personal data. We share data only with the following service providers, each acting as a data processor on our behalf:

  • Supabase (EU, Ireland) — database, authentication, and server functions. Receives account data, learning progress, preferences, and subscription data. Privacy Policy
  • PostHog (EU) — product analytics, consent-based only. Receives anonymized usage events and device information. Privacy Policy
  • Sentry (EU, Germany) — error and crash tracking, consent-based only. Receives crash reports and anonymized device information. Privacy Policy
  • RevenueCat (US) — subscription management. Receives user ID, transaction data, and store receipts. Privacy Policy
  • Expo (US) — push notification delivery and over-the-air app updates. Receives push tokens and notification content. Privacy Policy
  • Apple / Google (global) — authentication and payment processing. Receive OAuth tokens (transient) and handle all payment transactions. Apple Privacy · Google Privacy

Some of the learning material in the App was prepared with the editorial assistance of AI tools during authoring; this is described in our Terms of Service and does not involve the processing of your personal data.

6. International Data Transfers

Your core data (account information, learning progress, preferences, subscriptions) is stored within the European Union (Ireland). Some data is transferred outside the EU to the following services:

  • RevenueCat (United States) — user ID and transaction data, protected by Standard Contractual Clauses (SCCs).
  • Expo Push (United States) — push tokens and notification content, protected by SCCs.

OAuth tokens exchanged with Apple and Google during sign-in are transient and not stored by us.

7. Data Retention

  • Account data, learning progress, vocabulary state, quiz scores, achievements, preferences, subscriptions — retained until you delete your account.
  • Push notification tokens — deactivated on logout; permanently deleted when you delete your account.
  • Analytics events (PostHog) — subject to PostHog's retention settings; linked only to an anonymized 8-character identifier.
  • Crash reports (Sentry) — automatically deleted after 90 days.
  • Authentication session tokens on your device — stored until you log out or uninstall the App.
  • Consent records on your device — stored for the lifetime of the App installation.
  • Fraud-prevention records (retained after account deletion) — to prevent one user from claiming another user's in-app purchases, we retain a minimal subscription-ownership log after account deletion: the original transaction ID linked to the first-purchasing email address, plus a seen-transactions log. These records are processed under legitimate interest (GDPR Art. 6(1)(f)) and are used solely for fraud prevention.

8. Your Rights

Under GDPR and KVKK, you have the right to:

  • Access your personal data and receive a copy of it.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten") — you can delete your account directly in the App under Settings → Personal Info → Delete Account.
  • Restrict processing of your data.
  • Port your data in a structured, machine-readable format.
  • Object to processing based on legitimate interest.
  • Withdraw consent for analytics and crash reporting (Settings → Share anonymous data) or push notifications (Settings → Notifications) at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, you may use the in-app features or contact us at language-traveler@icodex.dev. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. In Turkey: the Personal Data Protection Authority (KVKK, kvkk.gov.tr). In the EU: the Data Protection Commission of Ireland or your local supervisory authority.

9. Data Security

We implement the following measures to protect your data:

  • All network communication is encrypted using HTTPS/TLS.
  • Authentication session tokens are stored in encrypted local storage on your device.
  • Server-side Row Level Security (RLS) ensures every database query is restricted so users can only access their own data.
  • Sensitive data (API keys, tokens, passwords) is filtered from error reports before transmission.
  • The account deletion process uses server-side verification and cascading deletion across all data tables.
  • Android release builds are obfuscated with R8/ProGuard.

10. Cookies and Tracking Technologies

Language Traveler is a mobile application and does not use cookies. We do not use advertising identifiers (IDFA or GAID), fingerprinting, or cross-app tracking of any kind. The App does not present an App Tracking Transparency prompt on iOS because it does not track users across apps or websites owned by other companies. Our analytics solution (PostHog) is consent-based and uses a randomly generated installation identifier, not an advertising identifier.

11. Device Permissions

Language Traveler requests only the device capabilities strictly required to deliver the App's features:

  • Notifications (iOS / Android) — to deliver study reminders, streak reminders, word-review reminders, and product updates that you opted into.
  • Vibration / Haptics (Android: VIBRATE) — to provide brief tactile feedback during quizzes and word study.
  • Background remote notifications (iOS) — to allow incoming push notifications to be processed while the App is not in the foreground.

The App does not request access to your camera, photo library, microphone, location, contacts, calendar, health data, Bluetooth, or any tracking identifiers, and it contains no AI photo, voice, or text analysis features.

12. Account Deletion

You can permanently delete your account at any time: Settings → Personal Info → Delete Account.

When you delete your account, all personal data on our servers is permanently removed, including your profile, learning progress, vocabulary state, quiz results, achievements, subscription records, push notification tokens, and notification preferences. Local data on your device is also cleared.

For fraud prevention, we retain a minimal set of records after account deletion: a subscription-ownership log (linking the original purchase transaction to the first-owning email so that another account cannot claim the same in-app purchase) and a seen-transactions log. These records are processed under legitimate interest (GDPR Art. 6(1)(f)) and are used solely to prevent a new account from re-claiming transactions.

Data held by third-party services is subject to their retention policies: Sentry data is automatically deleted after 90 days; PostHog and RevenueCat data is linked only to an anonymized identifier (not your email or name).

If you have an active subscription, you must cancel it through the App Store or Google Play before deleting your account.

13. Analytics Event Reference

For transparency, below is the complete list of analytics events we may collect with your consent: app opened, signup started, signup completed (with sign-in method), onboarding started, onboarding completed (with chosen learning language), article opened (with language), pre-reading vocabulary completed, article completed (with reading time), quiz started, quiz completed (with score), word studied, word marked as learned, streak continued, daily goal completed, level up, badge earned, paywall viewed, purchase started, purchase completed, purchase failed, purchase restored, notification tapped, consent changed, and terms accepted.

No event contains your name, email, the text of articles you read, your written answers, or any other personally identifying content.

14. Changes to This Policy

We reserve the right to update, modify, or replace this Privacy Policy at any time, at our sole discretion. Changes may include adding, removing, or revising any section of this policy. We will notify you of changes by updating the "Last Updated" date at the top of this page. It is your responsibility to review this page periodically for any changes. Your continued use of the App after any changes constitutes your acceptance of the updated policy. If you do not agree with the changes, you should stop using the App and delete your account.

15. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights:

Email: language-traveler@icodex.dev

Developer: Anil Burcu