Privacy Policy

Introduction

ShakeBlock, LLC ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our ChitrChat language learning service, which includes our website and related services (collectively, the "Service").

By accessing or using the Service, you consent to the collection, use, disclosure, and protection of your information as described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

Information We Collect

We practice data minimization — we collect only what is necessary to operate the Service. The categories below describe everything we collect:

Account Information

• Email address (required for account creation, login, and transactional communications)
• Preferred name (optional — provided by you, used only to personalize how the Service addresses you)
• Password (stored only as a salted hash — we cannot see or recover your actual password)
• If you sign in with Google: your email address, and your name if you choose to provide it as your preferred name. We do not store your Google profile picture or other Google profile data.
• Account preferences and settings (e.g., interface language, selected target language)
• Subscription status and billing metadata

Learning Progress Data

• Progress through lessons and topics
• Time spent on different learning activities
• Language preferences and difficulty settings
• Topic history and review frequency
• Flashcard review state (spaced repetition scheduling data)

Session Information

• Session timestamps and duration (for trial-tracking and subscription enforcement)
• Browser language preference (used to set the default interface language)

We do not store IP addresses, device fingerprints, browser/OS details, or behavioral analytics tied to your account. Standard transient web server logs may temporarily record connection information for security and abuse prevention; these are not linked to user accounts and roll over on a short cycle.

Payment Information

• Subscription and billing status
• Payment history (amounts and dates)
• Billing country information

Note: Full payment card details are processed and stored by our PCI-compliant payment processor, not by us. We never see or store your card number, CVV, or expiry date.

AI Interaction Data

• Sent in real-time to our AI provider: Your messages to the AI tutor, along with the current topic and difficulty level, are transmitted to our AI language processing provider for response generation. These transmissions occur under a Zero Data Retention agreement — the AI provider does not retain your messages after generating a response.
• Saved on our servers: Topic and difficulty metadata, and a summary of which topics you have practiced. This summary may be referenced in future sessions to provide continuity (for example, to acknowledge topics you have already covered).
• Not saved: The full text of your conversations with the AI tutor is not persistently stored against your account.
• AI-generated audio: The AI tutor's spoken responses are synthesized by a text-to-speech provider and cached on our storage to reduce cost and latency. This cache contains AI-generated audio only — it does not contain your voice, your text, or any personal identifiers.

Note: Personal identifiers such as your email and preferred name are never transmitted to AI or text-to-speech providers.

Data Storage and Processing Locations

Database Storage

Your account information and learning progress are stored in secure database tables through our cloud database provider in the United States, featuring:

• Enterprise-grade encryption at rest and in transit
• SOC 2 Type II compliance and regular security audits
• Row-level security ensuring you only access your own data
• Automated encrypted backups and disaster recovery

Application Processing

Our application servers in Singapore handle:

• Real-time learning session coordination
• Chat routing between you and AI/TTS providers
• Secure API connections to database and AI services
• No permanent storage of personal data on application servers

AI Processing

Third-party AI language processing services in the United States generate:

• Practice conversations and language exercises
• Pronunciation guidance
• Only learning context (topic, difficulty level, current message) is shared, never personal identifiers
• Operates under a Zero Data Retention agreement

Legal Basis for Processing

We process personal data based on:

• Contract: To provide the language learning service you've subscribed to
• Legitimate Interest: Service improvement, security monitoring, and abuse prevention
• Consent: Marketing communications (if any) and Google Sign-In integration
• Legal Obligation: Payment record retention, tax compliance, and regulatory requirements

You have the right to object to legitimate interest processing and to withdraw consent at any time.

How We Use Your Information

Service Delivery

• Provide, maintain, and improve the ChitrChat language learning platform
• Authenticate your account and manage your subscription
• Track your learning progress and provide appropriate content difficulty
• Provide topic continuity across sessions (e.g., the system can reference topics you have previously covered)

Communication

• Send service updates, security alerts, and important account notifications
• Respond to your inquiries and provide customer support
• Send marketing communications (only with your consent)

Service Improvement

• Analyze aggregate, non-identifiable usage patterns to enhance the user experience
• Monitor system performance and resolve technical issues

Security and Compliance

• Protect against fraudulent activity and security threats
• Comply with legal obligations and regulatory requirements
• Enforce our Terms of Service

Information Sharing and Disclosure

We share your information only in the following circumstances:

Service Providers

We work with a small number of trusted third-party service providers who assist in delivering our platform. We describe the categories below. You may contact us for further information about the providers we use.

Cloud Infrastructure:

• Database hosting (United States) with enterprise security certifications
• Application servers (Singapore) for real-time processing
• Object storage for cached AI-generated audio (United States)

Artificial Intelligence and Speech:

• AI language processing provider (United States) — for generating tutor responses, under a Zero Data Retention agreement
• Text-to-speech provider — for synthesizing the AI tutor's spoken voice
• Only learning context (topic, difficulty level, current message) is shared, never personal identifiers

Payments:

• PCI DSS Level 1 certified payment processor (Global) for subscription billing
• We do not store your full payment card details

Email Delivery:

• SMTP provider for transactional emails (account verification, password reset, billing notifications)

Authentication:

• Google Sign-In (optional) for account authentication
• OAuth 2.0 standard security protocols
• Only basic profile information is shared with your consent

Legal Requirements

We may disclose your information when required by law, including:

• Valid court orders, subpoenas, or government requests
• Protecting our legal rights and preventing fraud
• Ensuring user safety and service security
• Complying with regulatory investigations

Business Transfers

If we're involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We'll notify you of any such change in ownership or control.

With Your Consent

We may share your information for any other purpose with your explicit consent.

International Data Transfers

Your data may be processed in multiple locations:

Data Flow:

• Primary storage: United States (cloud database)
• Processing: Singapore (our application servers)
• AI generation: United States (language processing services)
• Payments: Global infrastructure with US processing

Protection Measures for International Transfers:

• Encryption in transit between all systems (TLS 1.3)
• Service providers that offer compliant data transfer mechanisms in their data processing terms
• Contractual data protection obligations with our service providers

Data Retention

We retain your personal information for the following periods:

• Account Information: Until you delete your account
• Learning Progress Data: Until account deletion
• Cached AI-Generated Audio: Retained on our object storage to serve future requests; not tied to individual users
• Payment Records: 7 years for tax and regulatory compliance (even after account deletion)
• Support Communications: 3 years after resolution
• Marketing Consent Records: Until consent is withdrawn

Account Deletion

When you use the "Delete Account" feature in your settings:

• All personal data is removed from our active database
• Deletion is permanent and cannot be undone
• Some data may remain in encrypted backups for up to 7 days before being overwritten
• Payment records are retained separately as required by law
• You'll receive email confirmation of successful deletion

Data Security

Technical Safeguards

• AES-256 encryption for data at rest
• TLS 1.3 encryption for all data transmission
• Row-level security on all user-facing database tables
• Automated security updates and patches

Organizational Safeguards

• Strict access controls
• Incident response procedures and breach notification protocols
• Data minimization and privacy-by-design principles

Third-Party Security

Our service providers maintain industry-standard security certifications including SOC 2 Type II, PCI DSS Level 1, and/or ISO 27001 compliance, as appropriate to their role.

Your Privacy Rights

Regardless of where you are located, you have the following rights regarding your personal information:

• Access: View the personal information we hold about you
• Correction: Correct any inaccurate or incomplete information
• Deletion: Request deletion of your personal data, or delete your account directly in your settings
• Portability: Receive your data in a structured, machine-readable format
• Objection / Restriction: Object to or restrict certain processing
• Withdraw Consent: Withdraw consent for optional processing (e.g., marketing) at any time
• Communication Preferences: Opt out of marketing communications
• Non-Discrimination: Receive equal service regardless of the privacy choices you make
• Complaints: Lodge a complaint with your local data protection authority

We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

To exercise any of these rights, contact us at support@chitrchat.com or use the data management features in your account settings.

Artificial Intelligence and Automated Decision-Making

How AI Is Used

• Content generation: AI generates practice conversations and exercises based on the topic and difficulty level you select.
• Topic continuity: When you start a new session, our server may include a brief summary of topics you have previously covered, so the AI can acknowledge prior progress. The AI itself has no memory across sessions — context is supplied per-session by our server.
• Feedback: AI provides language and pronunciation guidance during practice.

Data Used for AI

• Current lesson topic and difficulty level
• Summary of topics previously covered
• Your messages within the current session
• Not used: Email, preferred name, payment details, or any other personal identifier

No Significant Automated Decisions

We do not use automated decision-making to produce legal or similarly significant effects on you. AI is used for educational content only.

Important Notes

• AI-generated content may contain errors or inaccuracies
• AI responses should not be relied upon for critical language needs (medical, legal, emergency situations)
• AI may reflect biases present in training data
• We recommend verifying important information from additional sources

Children's Privacy

Age Requirements

The Service is intended for users 18 years of age and older. We do not knowingly collect personal information from anyone under 18.

If You're Under 18

If you're under 18, please do not use our Service or provide any personal information. If we discover we've collected information from someone under 18, we'll delete it immediately.

Parents and Guardians

If you believe your child under 18 has provided us with personal information, please contact us at support@chitrchat.com so we can delete the information.

Cookies and Tracking Technologies

Essential Cookies and Local Storage

• Maintain your login session
• Remember your language preferences
• Ensure service functionality and security

Cookie Management

• You can control cookie preferences in your browser settings
• Disabling essential cookies will prevent the Service from functioning
• We do not use cookies for advertising or for tracking you across other websites

Third-Party Links and Services

Our Service may contain links to third-party websites and services. We're not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

Google Sign-In

If you choose to sign in with Google:

• You'll be redirected to Google's authentication system
• We receive only your email address (and optionally your name, if you choose to use it as your preferred name)
• Your use of Google Sign-In is also governed by Google's Privacy Policy
• You can revoke access anytime in your Google Account settings

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. When we make material changes:

• We'll notify you by email at least 30 days before changes take effect
• We'll post a prominent notice on our website
• We'll update the "Last Updated" date at the bottom of this policy
• Your continued use of the Service after changes become effective constitutes acceptance

We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information.

Contact Information

Last Updated: June 9, 2026

This Privacy Policy is effective as of the date listed above and applies to all information collected by ChitrChat.