Privacy Policy

Introduction

This Privacy Policy describes how 5Learn ("we", "our", or "the app") handles information when you use our language learning application. We are committed to protecting your privacy and being transparent about our practices.

5Learn has two optional features that affect what data is involved when you use it, and this policy covers both. They are independent — you can use either, both, or neither:

• An account. You can create an account to buy token packs through in-app purchases and spend them on AI requests routed through our backend.
• Your own OpenAI API key. You can enter your own OpenAI API key in Settings, which lets the app call OpenAI directly from your device without involving our backend for the AI request.

A setting called Use own API key in the app determines, for each AI request, which route is used. Having an account and having an API key are not mutually exclusive — a signed-in user can still keep the switch on and route AI requests through their own key instead of spending tokens.

Accounts and Authentication

Signing in is optional. You only need an account if you want to buy and spend tokens through our backend.

Authentication for 5Learn is handled by Clerk, a third-party identity provider that acts as a data processor for us. Clerk supports three sign-in methods, and we offer all three:

• Sign in with Apple
• Sign in with Google
• Email and password

What Clerk receives and stores:

• For Sign in with Apple and Sign in with Google: the provider's subject identifier, your email address (for Apple, this may be a private relay address that forwards to your real inbox), and your display name if the provider returns one.
• For the email and password method: your email address and a one-way hash of your password. We never see or store your password in plaintext.
• Verification and password-reset emails are sent by Clerk directly. No separate email service provider is involved.

What 5Learn's own backend receives: a reference to your Clerk user ID. 5Learn never sees your password and does not receive the raw OAuth tokens issued by Apple or Google.

Purpose: to identify you across devices, attach your purchases to the right account, and track your token balance. Lawful basis for users in the EU/UK: performance of a contract.

Clerk is based in the United States, so for EU/UK users signing in involves an international transfer of personal data. Clerk provides Standard Contractual Clauses as the legal mechanism for this transfer. For full details, see Clerk's Privacy Policy.

Purchases and Tokens

If you choose to buy token packs, payments are processed entirely by Apple (on iOS) or Google (on Android) through their in-app purchase systems. 5Learn never sees your card number, billing address, or any other payment-method details.

To validate purchases and manage your entitlements, we use RevenueCat. RevenueCat receives an app user ID tied to your signed-in account, the transaction receipt issued by Apple or Google, and standard device and app metadata (operating system version, app version, country). See RevenueCat's Privacy Policy for full details.

On our own backend we store which product you purchased, the transaction ID, the date, and the resulting token balance. We do not store payment-method details of any kind.

Refunds are handled by Apple or Google — please use their standard refund flows. We cannot issue refunds directly because we never receive the payment.

Purchase records may be retained for tax and bookkeeping purposes even after you delete your account, for as long as applicable law requires.

Lawful basis for users in the EU/UK: performance of a contract. International transfers: RevenueCat is based in the United States. For EU/UK users, data is transferred to RevenueCat under Standard Contractual Clauses. Apple and Google process payment data under their own policies and legal frameworks.

AI Processing

5Learn uses the OpenAI API to generate translations, explanations, and learning cards. Each AI request is routed in one of two ways, decided per request by the Use own API key switch in Settings.

Direct route (“Use own API key” is ON)

Requires you to have entered your own OpenAI API key in Settings. Available whether or not you are signed in.

• What data is transmitted: when you submit a word or phrase to create a card, the app sends directly to OpenAI (a) the exact text you entered, and (b) the prompt templates from app settings (instructions you can view and edit in Settings).
• Who receives it: OpenAI, Inc., using your own API key.
• 5Learn's role in the AI request: none — our backend is not involved in the call to OpenAI and we never see the content of your prompts or OpenAI's responses.
• Storage: your API key is stored locally on your device. We do not receive or store it.

Backend route (“Use own API key” is OFF)

Requires you to be signed in and to have a positive token balance.

• What data is transmitted: the text you enter and the prompt templates from settings are sent to 5Learn's backend, which forwards them to OpenAI on your behalf and debits your token balance.
• What our backend stores: nothing about the content of your prompts or OpenAI's responses. We only record token accounting metadata — the number of tokens debited, a timestamp, and a reference to the purchase that covered them.
• Who receives it: 5Learn's backend, then OpenAI, Inc.

In both cases, OpenAI is the ultimate processor of the text you submit and processes data under its own privacy policy. For full details: OpenAI Privacy Policy.

Lawful basis for users in the EU/UK: performance of a contract — you requested the AI generation. International transfers: OpenAI is based in the United States; data is transferred under Standard Contractual Clauses as described in OpenAI's Data Processing Addendum. In the backend route, 5Learn's own servers are also located in the United States, and for EU/UK users the transfer is covered by Standard Contractual Clauses with our hosting provider.

By using card generation features, you consent to the data processing described above.

Data We Collect and Use

Stored on your device (all users)

Your word cards, lists, learning history, settings, model and prompt preferences — and, if you have entered one, your OpenAI API key — are stored locally on your device. We do not upload, sync, or store any of this on our servers.

Stored by Clerk (signed-in users only)

Your email address, display name, and either the Apple/Google subject identifier or a hashed password, depending on the sign-in method you chose.

Stored on 5Learn's backend (signed-in users only)

A reference to your Clerk user ID, your current token balance, and your in-app purchase history.

Server logs

Our backend records standard HTTP request logs — your IP address, timestamp, request path, HTTP method, response status, and user-agent string — for security, abuse prevention, and debugging. These logs do not contain the content of your AI prompts or OpenAI's responses. Request logs are retained for 30 days and then automatically deleted.

What We Do Not Do

• We do not sync your cards, lists, or learning history to our servers.
• We do not see or store your payment card details.
• We do not store the content of your AI prompts or OpenAI's responses on our servers — only token accounting metadata when a request is routed through our backend, plus the standard request logs described above.
• We do not collect or use general analytics (Firebase, Amplitude, etc.), beyond the purchase data RevenueCat needs to validate transactions.
• We do not sell, share, or rent your data to third parties.
• We do not use advertising, the IDFA, or any cross-app tracking, and the app does not prompt for App Tracking Transparency.

Your Rights

Local data. Because your learning data is stored on your device, you have full control over it. Deleting the app removes it all.

Account and purchase data. If you signed in, you can delete your account from inside the app at Settings → Delete account. This removes your Clerk identity record and the account profile and token balance held on 5Learn's backend. Purchase records may be kept afterwards for the period required by tax and bookkeeping law.

GDPR rights (EU/UK users). You have the right to access, rectify, delete, port, restrict, or object to the processing of your personal data, and to withdraw any consent you have given. To exercise any of these rights, email us at [email protected]. You also have the right to lodge a complaint with your local data protection supervisory authority (for example, the ICO in the United Kingdom, the CNIL in France, or the data protection authority in your EU member state).

Data Retention

• Local data: until you delete it from within the app or uninstall.
• Account data (in Clerk and on our backend): until you delete your account via Settings → Delete account.
• Server request logs: 30 days, then automatically deleted.
• Purchase records: retained for as long as required by applicable tax and bookkeeping law after account deletion, then removed.

Children's Privacy

5Learn is not directed to children under 13 (or under 16 in the European Union). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

Changes

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent changes. Continued use of the app after changes constitutes acceptance of the updated policy.

Contact

For privacy-related questions: [email protected]