This Privacy Policy describes how Writik ("Writik," "we," "us," or "our") collects, uses, discloses, and protects information that applies to our language learning service accessible at writik.com (the "Service"). By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

Writik is operated from Ontario, Canada.

1. Information We Collect

1.1 Information You Provide to Us

When you create an account and use our Service, we collect the following information:

• Account Information: When you sign in using Google OAuth, we collect your email address, name, and profile picture as provided by Google.
• User-Generated Content: We collect the translations, answers, and responses you submit while using the Service.

1.2 Automatically Collected Information

We automatically collect certain information when you use the Service:

• Learning Progress Data: We collect and store information about your language proficiency levels, question history, evaluation scores, and learning statistics.
• Technical and Diagnostic Data: We may collect system prompts, API requests and responses, model identifiers, timestamps, and other technical information generated during your use of the Service for debugging, quality assurance, and service improvement purposes.
• Cookies and Session Data: We use essential cookies to maintain your session, prevent abuse, and enable core functionality. For guest users, we set a session cookie to track your anonymous session and enforce rate limits. These cookies are strictly necessary for the Service to function and do not require consent under GDPR and similar privacy laws.
• IP Address: We collect and store your IP address for security purposes, rate limiting, and abuse prevention.

1.3 Guest User Data

If you use the Service without creating an account ("Guest Mode"), we collect and store the following information:

• Session Cookie: A unique session identifier stored in your browser to track your anonymous session across visits. This cookie expires after 30 days of inactivity.
• Learning Data: Your questions, answers, evaluation scores, and progress are stored in our database anonymously, linked only to your session ID.
• IP Address: Your IP address is stored to enforce rate limits and prevent abuse.
• No Personal Identifiers: We do not collect your name, email, or any other personally identifiable information when using Guest Mode.

Guest user data is anonymized and retained for debugging, service improvement, and statistical analysis purposes. You may lose access to your Guest Mode progress if you clear your browser cookies or use a different browser/device, but the anonymized data remains in our database.

1.4 Payment Information (Premium Subscriptions)

If you subscribe to our Premium plan, we collect the following payment-related information:

• Stripe Customer ID: A unique identifier assigned by Stripe to manage your subscription.
• Subscription Status: Information about your current subscription state (active, canceled, past due, etc.).
• Billing Period End Date: When your current subscription period ends.

Payment card information (credit/debit card numbers, CVV, expiration dates) is collected and processed directly by Stripe. We never see or store your complete payment card details on our servers. Stripe is PCI-DSS compliant and handles all sensitive payment data securely.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Provision: To provide, maintain, and improve the Service, including generating personalized language learning questions, evaluating your answers, and tracking your progress across languages.
• Personalization: To adapt the difficulty level and content of questions based on your proficiency level and learning history.
• Security and Abuse Prevention: To enforce rate limits, prevent automated abuse, detect fraudulent activity, and ensure fair usage of the Service. This includes using session cookies and IP addresses to track usage patterns and prevent spam.
• Service Improvement: To analyze usage patterns, identify areas for improvement, and enhance our question generation and evaluation algorithms.
• Technical Support: To respond to your inquiries, troubleshoot technical issues, and provide customer support.
• Subscription and Payment Management: To process payments, manage Premium subscriptions, send billing-related communications, and provide access to Premium features.
• Communications: To send you service-related notices, updates, and administrative messages.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

3. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We share your information with the following third-party service providers necessary to operate the Service:

• Google LLC: For user authentication via Google OAuth. Your use of Google OAuth is subject to Google's Privacy Policy. We receive your email address, name, and profile picture from Google when you sign in.
• Stripe, Inc.: For payment processing and subscription management. When you subscribe to Premium, we share your email address with Stripe, and Stripe collects your payment information (credit card details, billing address). Stripe's processing of your payment data is subject to Stripe's Privacy Policy. We store your Stripe customer ID and subscription status in our database to manage your subscription. We do not store your credit card information on our servers.
• OpenRouter and AI Model Providers: We transmit your submitted answers and questions to OpenRouter's API, which routes requests to underlying AI model providers (such as OpenAI, Anthropic, Google, or Meta) for question generation and answer evaluation. OpenRouter and its AI providers may process your content according to their respective privacy policies.
• Neon Database (Neon, Inc.): We use Neon's serverless PostgreSQL database to store your account information, learning data, and question history. Data is stored on Neon's cloud infrastructure, which may be located in various regions.

These service providers have access to your information only to perform specific tasks on our behalf and are contractually obligated to maintain the confidentiality and security of your information in accordance with their respective privacy policies and terms of service.

Legal Requirements

We may disclose your information if required to do so by law or in good faith belief that such disclosure is necessary to: (a) comply with legal obligations, court orders, or governmental requests; (b) enforce or apply our Terms of Service; (c) protect the rights, property, or safety of Writik, our users, or others; or (d) prevent or investigate possible wrongdoing in connection with the Service.

Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4. Data Storage and Security

4.1 Where Your Data is Stored

• All Users (Guest and Authenticated): Your learning data, questions, answers, and progress are stored in Neon's serverless PostgreSQL database. The physical location of data storage is determined by Neon's infrastructure and may be located in various geographic regions.
• Guest Users: Your session is tracked via a cookie stored in your browser. The session identifier and associated learning data are stored in our database, but without any personally identifiable information (no email, name, or account credentials).
• Authenticated Users: In addition to learning data, we store your email address, name, and profile picture (from Google OAuth) in our database.

4.2 Security Measures

We implement commercially reasonable technical and administrative security measures designed to protect your information from unauthorized access, disclosure, alteration, and destruction. These measures include:

• Secure authentication protocols via Google OAuth 2.0
• HttpOnly, Secure, and SameSite cookies to prevent unauthorized access and CSRF attacks
• Encryption of data in transit using HTTPS and industry-standard TLS protocols
• Database access controls provided by Neon's infrastructure
• Rate limiting and IP-based abuse prevention mechanisms
• Regular security updates and monitoring

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee the absolute security of your information.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• Active Accounts: We retain your account information and learning data for the duration of your account's active status.
• Account Deletion: Upon account deletion, we will delete your personal information from our active databases. Certain information may be retained in backup systems for a limited period as necessary for legal or operational purposes, or as required by our service providers' data retention policies.
• Guest User Data: Guest session data (including session IDs, learning progress, IP addresses, and question history) is retained indefinitely for debugging, service improvement, and statistical analysis purposes. This data is anonymized and not linked to any personally identifiable information. Session cookies expire after 30 days of inactivity, after which you will lose access to your guest progress, but the anonymized data remains in our database.

6. Your Rights and Choices

Depending on your location and applicable laws, you may have certain rights regarding your personal information, including:

• Right to Access: You may request access to the personal information we hold about you.
• Right to Correction: You may request that we correct inaccurate or incomplete personal information.
• Right to Deletion: You may request deletion of your personal information, subject to certain exceptions under applicable law.
• Right to Data Portability: You may request a copy of your personal information in a structured, commonly used, and machine-readable format.
• Right to Object: You may object to our processing of your personal information under certain circumstances.
• Right to Withdraw Consent: Where we rely on your consent to process personal information, you may withdraw that consent at any time.

To exercise any of these rights, please contact us at writik.official@gmail.com. We will respond to your request in accordance with applicable data protection laws.

7. Children's Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to delete that information. If you believe that we might have collected information from a child under 13, please contact us at writik.official@gmail.com.

8. Third-Party Links and Services

The Service may contain links to third-party websites or services that are not owned or controlled by Writik. This Privacy Policy applies only to information collected by our Service. We are not responsible for the privacy practices of third-party websites or services. We encourage you to review the privacy policies of any third-party websites or services before providing any personal information.

9. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the "Last Updated" date at the top of this Privacy Policy and, where appropriate, provide additional notice such as on our Service homepage or via email. Your continued use of the Service after any modifications to this Privacy Policy will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

10. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at: