Penglo — Privacy Policy

Who we are & scope

This policy covers penglo.app (and subdomains) and our mobile apps. For privacy matters: [email protected]. The data controller is Penglo.

What we collect

• Account & authentication. Email and sign-in identifiers; profile details you choose to share.
• Learning data. Progress (levels, reviews), content you interact with, answers/feedback, and your user-generated items (e.g., notes, custom cards).
• Device & usage. Device type, OS, language, app version, general location (from IP), timestamps, pages/screens, diagnostics (crash/performance).
• Payments. When you buy through an app store, that store processes your payment; we receive limited purchase metadata to grant entitlements and prevent fraud. For web purchases, a payment processor handles your card; we don’t store full card numbers.
• Support & communications. Messages you send us and related contact info.

How we use information

Operate the Service (auth, sync, progress), personalize learning (scheduling, difficulty), improve reliability/content (analytics/diagnostics), communicate about account/changes/security, prevent fraud/abuse, comply with law, and enforce our terms.

When we share information

We don’t sell your personal data. We share it only with:

• Service providers (processors). Payments, authentication, analytics, hosting/CDN, notifications—under contracts that restrict use to providing services and require protection of your data.
• Legal/safety. To comply with law or protect rights, security, and safety.
• Business transfers. If we undergo a merger/financing/acquisition, with appropriate safeguards.

International transfers

Your data may be processed outside your country. Where required, we use appropriate safeguards (e.g., standard contractual clauses or equivalent).

Retention

• Account/learning data: kept while your account is active; deleted or anonymized within a reasonable period after deletion, subject to legal obligations.
• Analytics/telemetry: generally retained in aggregate up to 24 months.
• Logs/security: typically 30–180 days unless needed for investigations.
• Payment/receipts: kept as required by tax/accounting laws.

Your rights & choices

Depending on your location, you may have rights to access, correct, delete, restrict/object, portability, and withdraw consent (where applicable).

• In-app deletion/export: use the app settings; if you can’t access the app, email [email protected].
• We may need to verify your identity. You can complain to your local data protection authority.

Cookies & tracking

We use cookies and similar tech for sign-in, preferences, and analytics. You can control cookies in your browser. Where required, non-essential analytics cookies run only with your consent.

Notifications (iOS)

If you opt in to push notifications, the platform provides a device token so we can deliver them. You can turn notifications off at any time in OS settings. We don’t send promotional pushes unless you opt in.

Security

We use technical and organizational measures designed to protect personal data (e.g., encryption in transit, access controls, least-privilege). If a breach affects your data, we’ll notify you as required by law.

Children

Not directed to children under 13 (or the age of digital consent in your country). If you believe a child provided personal data, contact us to request deletion.

Changes

We may update this policy; we’ll post the new version with the date above and, if changes are material, provide additional notice (e.g., in-app/email).

Contact

Contact: [email protected]
Website: https://penglo.app