Privacy Policy

Introduction

ShakeBlock, LLC ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our ChitrChat language learning service, which includes our website, mobile application, and related services (collectively, the "Service").

By accessing or using the Service, you consent to the collection, use, disclosure, and protection of your information as described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

Information We Collect

We collect several types of information from and about users of our Service, including:

Account Information

• Email address and username (required for account creation)
• Profile information if using Google Sign-In (name, profile picture)
• Password (encrypted - we cannot see your actual password)
• Account preferences and settings
• Subscription status and billing information

Learning Progress Data

• Progress through lessons and topics
• Quiz results and performance metrics
• Time spent on different learning activities
• Language preferences and difficulty settings
• Learning achievements and milestones
• Topic history and review frequency

Usage and Technical Information

• IP address and general location information
• Device information (type, operating system, browser)
• App usage patterns and feature interactions
• Session timestamps and duration
• Error logs and performance data

Payment Information

• Subscription and billing status
• Payment history (amounts and dates)
• Billing country information

Note: Full payment card details are processed and stored by Stripe, not by us

AI Interaction Data

• Learning context shared with AI services (current topic, difficulty level)
• Real-time practice conversations (not stored or saved)
• Topic and difficulty level metadata saved to improve your learning experience

Note: Personal identifiers (name, email) and conversation content are never shared with or stored by AI services

Data Storage and Processing Locations

Database Storage

All your core information is stored in secure database tables through our cloud database provider in the United States, featuring:

• Enterprise-grade encryption at rest and in transit
• SOC 2 Type II compliance and regular security audits
• Row-level security ensuring you only access your own data
• Automated encrypted backups and disaster recovery

Application Processing

Our application servers in India handle:

• Real-time learning session coordination
• Chat management and user interaction processing
• Secure API connections to database and AI services
• No permanent storage of personal data (everything flows to our primary database)

AI Processing

Third-party AI language processing services in the United States generate:

• Personalized learning content based on your progress
• Practice conversations and language exercises
• Pronunciation feedback and recommendations
• Only learning context is shared, never personal identifiers

Legal Basis for Processing

We process personal data based on:

• Contract: To provide the language learning service you've subscribed to
• Legitimate Interest: Service improvement, security monitoring, analytics, and personalized learning experiences
• Consent: Marketing communications, optional features, and Google Sign-In integration
• Legal Obligation: Payment record retention, tax compliance, and regulatory requirements

EU citizens have the right to object to legitimate interest processing and withdraw consent at any time.

How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery

• Provide, maintain, and improve the ChitrChat language learning platform
• Authenticate your account and manage your subscription
• Track your learning progress and provide appropriate content difficulty
• Generate personalized AI-powered language practice sessions

Communication

• Send service updates, security alerts, and important account notifications
• Respond to your inquiries and provide customer support
• Send marketing communications (only with your consent)

Service Improvement

• Analyze usage patterns to enhance user experience
• Monitor system performance and resolve technical issues
• Develop new features based on user learning patterns
• Conduct research to improve language learning methodologies

Security and Compliance

• Protect against fraudulent activity and security threats
• Maintain audit logs for security monitoring
• Comply with legal obligations and regulatory requirements
• Enforce our Terms of Service

Information Sharing and Disclosure

We share your information only in the following circumstances:

Service Providers

We work with trusted third-party service providers who assist in delivering our platform:

Cloud Infrastructure:

• Database hosting services (United States) with enterprise security certifications
• Our application servers (India) for real-time processing

Artificial Intelligence:

• AI language processing services (United States) for content generation
• Only learning context shared (topic, difficulty level), never personal identifiers
• Industry-leading security and data protection standards

Payments:

• Stripe payment processing (Global) for subscription billing
• PCI DSS Level 1 certification and secure payment handling
• We don't store your full payment card details

Authentication:

• Google Sign-In (optional) for account authentication
• OAuth 2.0 standard security protocols
• Only basic profile information shared with your consent

Legal Requirements

We may disclose your information when required by law, including:

• Valid court orders, subpoenas, or government requests
• Protecting our legal rights and preventing fraud
• Ensuring user safety and service security
• Complying with regulatory investigations

Business Transfers

If we're involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We'll notify you of any such change in ownership or control.

With Your Consent

We may share your information for any other purpose with your explicit consent.

International Data Transfers

Your data may be processed in multiple locations:

Data Flow:

• Primary storage: United States (cloud database)
• Processing: India (our application servers)
• AI generation: United States (language processing services)
• Payments: Global infrastructure with US processing

Protection Measures for International Transfers:

• Standard Contractual Clauses approved by the European Commission
• Encryption in transit between all systems (TLS 1.3)
• Contractual data protection obligations with all service providers
• Regular compliance monitoring and audits

For EU users, we ensure adequate protection through approved transfer mechanisms and service provider agreements that meet GDPR requirements.

Data Retention

We retain your personal information for the following periods:

• Account Information: Until you delete your account using our account deletion feature
• Learning Progress Data: Until account deletion + 1 year for service improvement
• Session and Usage Logs: 90 days for security monitoring
• Payment Records: 7 years for tax and regulatory compliance (even after account deletion)
• Support Communications: 3 years after resolution
• Marketing Consent Records: Until consent is withdrawn

Account Deletion

When you use the "Delete Account" feature in your settings:

• All personal data is immediately removed from our active database
• Deletion is permanent and cannot be undone
• Some data may remain in encrypted backups for up to 30 days
• Payment records are retained separately as required by law
• You'll receive email confirmation of successful deletion

Data Security

We implement comprehensive security measures to protect your information:

Technical Safeguards

• AES-256 encryption for data at rest
• TLS 1.3 encryption for all data transmission
• Multi-factor authentication for administrative access
• Regular security monitoring and threat detection
• Automated security updates and patches

Organizational Safeguards

• Strict employee access controls and training
• Regular security audits and compliance reviews
• Incident response procedures and breach notification protocols
• Data minimization and privacy-by-design principles

Third-Party Security

All our service providers maintain industry-standard security certifications including SOC 2 Type II, PCI DSS Level 1, and ISO 27001 compliance.

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

EU Users (GDPR Rights)

• Access: View all personal information we store about you
• Rectification: Correct any inaccurate or incomplete information
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Restriction: Limit how we process your information
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdrawal: Withdraw consent for processing at any time
• Complaints: Lodge complaints with your local data protection authority

California Users (CCPA/CPRA Rights)

• Know: What personal information we collect and how it's used
• Delete: Request deletion of your personal information
• Opt-Out: We don't sell personal information, but you can opt-out if this changes
• Non-Discrimination: Equal service regardless of privacy choices
• Correct: Request correction of inaccurate personal information

All Users

• Account Management: Update your profile and preferences
• Data Export: Download your learning progress and account information
• Communication Preferences: Opt-out of marketing communications
• Account Deletion: Delete your entire account and associated data

To exercise any of these rights, contact us at privacy@chitrchat.com or use the data management features in your account settings.

Artificial Intelligence and Automated Decision-Making

We use artificial intelligence to enhance your learning experience:

AI Processing

• Personalization: AI analyzes your learning patterns to suggest appropriate content and difficulty levels
• Content Generation: AI creates practice conversations and exercises tailored to your progress
• Feedback: AI provides pronunciation guidance and language corrections

Data Used for AI

• Learning progress and performance metrics
• Current lesson topics and difficulty preferences
• Language learning goals and focus areas
• Not used: Personal identifiers, contact information, or payment details

Important Notes

• AI-generated content may contain errors or inaccuracies
• AI responses should not be relied upon for critical language needs (medical, legal, emergency situations)
• AI may reflect biases present in training data
• We recommend verifying important information from additional sources

Children's Privacy

Age Requirements

The Service is intended for users 18 years of age and older. We do not knowingly collect personal information from anyone under 18.

If You're Under 18

If you're under 18, please do not use our Service or provide any personal information. If we discover we've collected information from someone under 18, we'll delete it immediately.

Parents and Guardians

If you believe your child under 18 has provided us with personal information, please contact us at privacy@chitrchat.com so we can delete the information.

Cookies and Tracking Technologies

We use cookies and similar technologies to:

Essential Cookies

• Maintain your login session
• Remember your language preferences
• Ensure service functionality and security

Analytics Cookies

• Understand how you use our Service
• Identify areas for improvement
• Monitor service performance

Cookie Management

• You can control cookie preferences in your browser settings
• Disabling essential cookies may affect service functionality
• We don't use cookies for advertising or tracking across other websites

Third-Party Links and Services

Our Service may contain links to third-party websites and services. We're not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

Google Sign-In

If you choose to sign in with Google:

• You'll be redirected to Google's authentication system
• We receive only basic profile information with your consent
• Your use of Google Sign-In is also governed by Google's Privacy Policy
• You can revoke access anytime in your Google Account settings

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. When we make material changes:

• We'll notify you by email at least 30 days before changes take effect
• We'll post a prominent notice on our website
• We'll update the "Last Updated" date at the bottom of this policy
• Your continued use of the Service after changes become effective constitutes acceptance

We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information.

Contact Information

Last Updated: [Current Date]

This Privacy Policy is effective as of the date listed above and applies to all information collected by ChitrChat.