Privacy Policy (Brazil – LGPD)

PATRYK MATEUSZ GRABOWSKI LTDA (CNPJ 61.434.746/0001-06), Rua Joaquina de Jesus 127 Lote 16, Vila Isolina Mazzei, São Paulo SP, 02079-070. For any data-protection request write to contact@falando.app.

We process the following categories of personal data:

• Account data - e-mail address, display name, avatar (optional), and authentication tokens.
• Study data - vocabulary progress, grammar scores, review schedules, daily-quest streaks, belt ranks, badges, and content-generation logs.
• Payment data - web purchases are processed entirely by Paddle (merchant of record); in-app Android purchases are processed by Google Play Billing. We never see or store full card numbers; we keep only a subscription identifier and current status.
• Google Analytics data (if you accept) - pages visited, approximate session duration, referrer and campaign tags processed by Google Analytics with first-party _ga / _gid / _gat cookies.
• Optional usage and crash telemetry (if you opt in) - device class, operating system, browser, screen size, preferred language, timezone, manual add-to-reviews actions, mark-as-mastered actions, grammar point page opens, verb conjugation table searches, search terms and scopes, and client crash/error reports.
• User-generated content - text you paste or type in exercises, voice recordings submitted in the oral-exam and bate-papo modes, and imported BYOC articles/video URLs.
• Cookies & local storage - authentication tokens, UI-preference flags (theme, TTS voice, language), and the cookie-consent record itself.

Each processing activity relies on a specific LGPD legal basis:

• Contract performance (Art. 7 I) - providing the learning platform and paid-plan features.
• Legitimate interest (Art. 7 IX) - improving content, preventing fraud, and generating anonymised analytics from non-optional operational data.
• Consent (Art. 7 I) - promotional e-mails, optional notifications, Google Analytics, and optional usage/crash telemetry (each may be withdrawn at any time from Settings > Privacy or the cookie banner).
• Legal obligation (Art. 7 II) - keeping tax and billing records as required by Brazilian law.
• Exercise of rights (Art. 7 VI) - defending claims in administrative or judicial proceedings.
• Protection of credit (Art. 7 X) - processing payment data through Paddle (web) and Google Play Billing (Android) to prevent chargebacks.

We share data only with processors that need it to run the service:

• Supabase (database hosting, US) - account, study, and optional telemetry data.
• OpenAI / Anthropic (AI providers, US) - exercise text sent for evaluation; no personal identifiers are included.
• Paddle (merchant of record, web payments, US/EU) - billing details and subscription data for web purchases.
• Google Play Billing (in-app payments, Android) - billing and subscription data for Android purchases. Google's own terms apply.
• Google Analytics (usage analytics, US/EU) - page-view and session events, only after you accept the analytics cookie.
• Vercel (hosting & CDN, US/EU) - serves the application; standard HTTP access logs only.

International transfers rely on Standard Contractual Clauses or equivalent safeguards (LGPD Art. 33). We do not sell or rent personal data to third parties.

We use essential cookies (authentication session) and UI-preference flags stored in localStorage. We also set first-party Google Analytics cookies (_ga, _gid, _gat) — but only after you accept the analytics category in the cookie banner. We do not use advertising cookies or share data with ad networks. You can change your choice anytime from "Cookie settings" in the footer or from Settings → Privacy.

Under the LGPD you may, at any time:

• Confirm whether we process your data.
• Access a copy of your data.
• Correct inaccurate data.
• Anonymise, block, or delete unnecessary data.
• Request data portability.
• Delete your data (request via Settings → Delete Account or e-mail us at contact@falando.app).
• Know which entities we share data with.
• Be informed about denying consent and its consequences.
• Withdraw consent for optional processing.

We keep personal data only while your account is active or as legally required (e.g., tax records for five years). After account deletion we erase or anonymise all personal data within 30 days. Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access is restricted to authorised personnel on a need-to-know basis.

Falando is available to users aged 13 and over. Users between 13 and 18 must have parental or guardian consent. We do not knowingly collect data from children under 13; if we discover such data we will delete it promptly.

If you opt in, Falando collects lightweight product-usage and crash analytics so we can fix bugs and understand which features are working:

• Device class - Web (desktop, mobile, tablet) or the Android app.
• Operating system and browser, with version.
• Screen resolution and viewport size.
• Preferred language and timezone from your browser.
• Manual add-to-reviews actions and mark-as-mastered actions for vocabulary, listening, and grammar exercises.
• Grammar point page opens.
• Verb conjugation table searches.
• Search terms and search scopes.
• Client crash/error reports, including screen path and technical error details.

Why we collect this: to fix platform-specific bugs, measure whether learning features are useful, prioritise engineering work, and detect abusive automation. We do not sell this data or use it for advertising.

How to opt out: leave the signup checkbox unchecked, use the cookie banner, go to Settings > Privacy and turn off "Help improve Falando", or write to contact@falando.app. Opting out deletes telemetry stored for you and stops new collection immediately.

Where it is stored: Supabase (US region). Retention: telemetry is kept while your account is active and is erased on opt-out or account deletion.

We may update this policy to reflect legal or product changes. Material updates will be announced via in-app notification at least 15 days before they take effect. For questions or data-subject requests, contact contact@falando.app.