Privacy Policy

NOVALYA is committed to protecting your privacy and personal data. This privacy policy explains how we collect, use, and protect your information when you use the Ellinglish mobile application.

Last updated: January 2025

1. Data Controller

NOVALYA

Simplified Joint Stock Company (SAS)

SIRET: 945 399 269 00012

Registered office: [Address to be completed]

Contact: [email protected]

2. Personal Data We Collect

2.1 Data collected directly

๐ŸŽฎ Account and profile data:

  • User identifier (automatically generated)
  • Username (chosen pseudonym)
  • Game progress data
  • Learning statistics
  • Application preferences

2.2 Data collected via contact form

๐Ÿ“ง Only if you contact us:

  • Email address
  • Message subject
  • Message content

2.3 Automatic technical data

โš™๏ธ For proper application functioning:

  • Application version
  • Operating system version
  • Device model (anonymized)
  • Error diagnostic data (via Sentry)
  • Device language

โœ… What we DO NOT collect:

  • Real names
  • Postal addresses
  • Phone numbers
  • GPS location data
  • Photos or contacts
  • Banking data (the app is free)
  • Web browsing data

3. Processing Purposes and Legal Bases

๐ŸŽฏ Application functionality

Legal basis: Contract performance (free service use)

  • Provide learning functionalities
  • Save your progress
  • Manage your user profile
  • Ensure application security

๐Ÿ”ง Technical improvement

Legal basis: Legitimate interest

  • Detect and fix bugs
  • Improve performance
  • Optimize user experience

๐Ÿ“ž Customer support

Legal basis: Consent (contact form)

  • Answer your questions
  • Provide technical assistance
  • Process your requests

4. Cookies and Trackers

๐Ÿšซ No advertising cookies

Ellinglish does not use any advertising cookies, marketing trackers, or advertising identifiers. We do not sell your data and do not engage in advertising profiling.

Strictly necessary technical cookies:

  • Progress saving (local storage)
  • Application preferences
  • Session security

These cookies do not require your consent as they are essential for the application to function.

5. Data Retention

๐Ÿ“Š Progress data

Retained as long as you actively use the application, then deleted after 2 years of inactivity.

๐Ÿ“ง Contact data

Retained for 3 years after our last exchange, then automatically deleted.

๐Ÿ”ง Technical data

Error logs retained for 1 year maximum to improve application stability.

6. Data Recipients

๐Ÿ”’ Basic principle

Your personal data is never sold, rented, or shared for commercial or advertising purposes.

6.1 Technical processors

Sentry (Error monitoring)

  • Purpose: Detect bugs and improve stability
  • Data: Anonymized error logs
  • Location: United States (with standard contractual clauses)
  • Duration: 1 year maximum

Cloudflare (Hosting and security)

  • Purpose: Secure hosting and DDoS protection
  • Data: IP addresses (temporary)
  • Location: European Union primarily
  • Duration: 24 hours maximum for logs

6.2 Legal obligations

We may be required to communicate your data to competent authorities only in case of legal or judicial obligation.

7. International Transfers

Some of our processors may be located outside the European Union:

๐Ÿ‡บ๐Ÿ‡ธ Sentry (United States)

Protected by:

  • European Commission standard contractual clauses
  • Privacy Shield certification (successor framework)
  • Enhanced security measures

All transfers are made in compliance with GDPR and recommendations from the European Data Protection Board.

8. Data Security

๐Ÿ” Technical measures

  • Data encryption in transit (HTTPS/TLS)
  • Data encryption at rest
  • Secure authentication
  • 24/7 security monitoring
  • Regular encrypted backups

๐Ÿ‘ฅ Organizational measures

  • Data access limited to strict necessity
  • Staff training on data protection
  • Incident management procedures
  • Regular security audits

9. Your Rights (GDPR)

๐Ÿ“ž How to exercise your rights?

Contact us at [email protected] with the subject "GDPR Rights" specifying your request.

We will respond within a maximum of 1 month.

๐Ÿ‘๏ธ Right of access

Obtain a copy of all your personal data we hold.

โœ๏ธ Right of rectification

Correct or update your inaccurate personal data.

๐Ÿ—‘๏ธ Right of erasure

Request deletion of your personal data ("right to be forgotten").

โธ๏ธ Right of restriction

Limit the processing of your data in certain cases.

๐Ÿ“ฆ Right to data portability

Retrieve your data in a structured and readable format.

๐Ÿšซ Right of objection

Object to certain processing based on legitimate interest.

10. Protection of Minors

๐Ÿ‘ถ Application suitable for minors

Ellinglish is designed to be used by learners of all ages, including minors.

Specific protections:

  • No collection of sensitive data
  • No targeted advertising
  • Secure interface without inappropriate content
  • Possibility for parents to contact us

11. Complaints

If you believe that the processing of your personal data does not comply with regulations, you can:

1. Contact us directly

Email: [email protected]

We strive to resolve any issues quickly.

2. Contact the CNIL (French DPA)

Commission Nationale de l'Informatique et des Libertรฉs

3 Place de Fontenoy - TSA 80715

75334 PARIS CEDEX 07, France

Website: www.cnil.fr

12. Modifications to this Policy

We may modify this privacy policy to reflect:

  • Application developments
  • Regulatory changes
  • Improvement of our practices

In case of significant modification:

  • Notification in the application
  • Email to users who provided their address
  • 30-day period before taking effect

13. Contact Us

For any questions regarding this privacy policy:

๐Ÿ“ง Email: [email protected]

๐ŸŒ Form: Contact page

๐Ÿ“ Address: NOVALYA - [Complete address]

We are committed to responding as quickly as possible and respecting your rights regarding personal data protection.

Version: 1.0 - January 2025
This policy is written in compliance with the General Data Protection Regulation (GDPR) and French Data Protection Law.