← Eloqaa

Not legal advice. These pages are product templates for launch preparation. Have a qualified lawyer review and adapt them for your entity, jurisdiction, and data flows before going live.

Privacy Policy

Last updated: May 2026

Who we are

Eloqaa (“we”, “us”) operates the Eloqaa language-learning web application. For privacy requests contact privacy@eloqaa.com (replace with your legal entity email before launch).

What data we collect

  • Account data: email address and authentication identifiers via Firebase Authentication.
  • Learning data: lesson progress, streaks, XP, study language, onboarding choices, daily plan usage, and settings stored in Firebase Firestore.
  • Payment data: subscription status and Stripe customer identifiers (we do not store full card numbers; Stripe processes payments).
  • AI interactions: text you send in AI tutor, translation, and speaking features may be sent to Google Gemini and Google Cloud Text-to-Speech to generate responses.
  • Technical data: session cookies, study-language preference cookies, and server logs (IP, user agent, timestamps) for security and abuse prevention.

Why we process data (legal bases — GDPR)

  • Contract: to provide the service you signed up for (accounts, progress sync, paid features).
  • Legitimate interests: security, fraud prevention, rate limiting, and product improvement.
  • Consent: where required for non-essential cookies or marketing (see Cookie Policy).
  • Legal obligation: tax/accounting records for paid subscriptions where applicable.

How long we keep data

Account and progress data are kept while your account is active. After deletion we remove or anonymise personal data within 30 days except where law requires longer retention (e.g. billing records).

Who we share data with

  • Google Firebase (hosting, auth, database)
  • Stripe (payments)
  • Google Cloud / Gemini (AI and text-to-speech)

Processors act on our instructions. Some may process data in the United States or other countries outside the EEA. We rely on appropriate safeguards (e.g. Standard Contractual Clauses) where required.

Security

We use HTTPS, httpOnly session cookies, server-side authorization for paid features and billing fields, webhook signature verification for Stripe, and rate limits on AI endpoints. No method is 100% secure.

Your rights (GDPR / UK GDPR)

You may request access, correction, deletion, restriction, portability, or objection where applicable.

Email privacy@eloqaa.com or use Settings → delete account when available. You may complain to your local supervisory authority.

Account deletion

To delete your account and associated progress, email privacy@eloqaa.com from your registered address with subject “Delete my account”. We will confirm within 30 days.

Children

The service is not directed at children under 16. We do not knowingly collect their data.