โ Select language ๐ฐ๐ท KO ๐ป๐ณ VI ๐ฏ๐ต JA
LingoLink Privacy Policy
Last updated: May 24, 2026 ยท Effective: May 24, 2026
LingoLink ("the App") respects your privacy. This policy transparently explains what information the App collects, uses, stores, transmits, and deletes.
1. Information We Collect
| Item | When | Required |
|---|
| Display name (nickname) | At sign-up | Required |
| Password (one-way PBKDF2 hash) | At sign-up | Required |
| Country code ยท phone number | At sign-up | Optional |
| Native language | At sign-up | Required |
| Profile photo | When you upload one | Optional |
| Status message | When you enter one | Optional |
| Push notification token (Expo Push Token) | When you grant notification permission | Optional |
| Messages (source text) | When you send a message | Required |
| Attached images | When you attach one | Optional |
| Microphone recordings (voice messages / speech recognition) | When you use the microphone | Optional |
| Learned voice identifier (ElevenLabs voice_id) | When you train your own voice | Optional |
| Last-seen timestamp | On each authenticated request | Required |
| Two-factor secret (TOTP) | Only when you enable 2FA | Optional |
The App NEVER collects:
- National IDs, home addresses, payment information, or other sensitive personal data
- Advertising identifiers or behavioral tracking data
- Location (GPS)
- Your entire address book
2. How We Use Your Information
- Account authentication: Verify identity via display name and hashed password
- Message delivery & translation: Automatically translate your message into the recipient's native language (KO / VI / EN / JA)
- Voice messages: Synthesize translated text in your learned voice for a natural interpretation experience
- Push notifications: Notify you of new messages
- Friend management: Block / report and other safety features
- Service quality: Error tracking and stability assurance
3. Data Retention
- Account information: Retained until you delete your account; all related data is erased immediately upon deletion
- Messages: Retained until you delete them yourself or delete your account
- Audio files (mp3): Stored only on your device; server stores only the voice identifier
- Access logs: Maximum 30 days
4. Third-Party Processors
We do not sell or transfer your personal information to third parties without your consent. However, we use the following processors to deliver service:
| Processor | Purpose | Data shared |
|---|
| Anthropic, PBC (USA) | Message translation, verification, cultural notes | Message text + up to 8 recent conversation turns |
| ElevenLabs, Inc. (USA) | Voice synthesis and voice cloning | Training voice samples + TTS request text |
| Cloudflare, Inc. (USA) | Backend infrastructure, database (D1), file storage (R2) | Account info, messages, attached images |
| Expo / Google FCM / Apple APNs | Push notification relay | Push token, notification headers |
| Google LLC | Android build distribution and analytics (Play Store) | Play Store standard data |
5. Your Rights
- Right to access: View your information
- Right to correct / delete: Edit directly in app settings, or request via contact email
- Right to stop processing: Delete account in-app to stop all processing immediately
- Account deletion: App โ Settings โ Account โ Delete account. Or request via email.
6. Security Measures
- Passwords are stored as one-way PBKDF2 hashes (raw passwords are never stored on the server)
- All communication is encrypted via HTTPS/WSS (TLS)
- Two-factor authentication (TOTP) supported
- Authentication tokens are stored in the device's secure storage (Keychain/Keystore)
- Even the operator cannot know your password (one-way hashed)
7. Children
The App is not directed to children under 14. Accounts identified as belonging to children under 14 will be deleted immediately. Parents who suspect their child has used the App should contact us immediately.
8. Permissions
| Permission | Purpose |
|---|
| Microphone | Voice messages / speech recognition / voice training |
| Camera | QR code scanning / profile photos |
| Photos / Media | Attach photos to chats / save received photos |
| Notifications | Notify of new messages |
| Bluetooth | Use Bluetooth earphones as audio input device |
| Network | Send / receive messages, communicate with translation server |
9. Cross-border Data Transfer
All third-party processors used by the App are headquartered in the United States. Therefore, parts of your personal information may be transferred to the United States during processing.
- Data transferred: Message text (Anthropic), voice samples and voice_id (ElevenLabs), account info, messages, and images (Cloudflare), push tokens (Expo/Google/Apple)
- Recipient country: United States
- Transfer method: Encrypted network (HTTPS/TLS)
- Safeguards per processor:
- Anthropic: API zero-data-retention policy โ no learning or storage after processing
- ElevenLabs: GDPR-compliant, SOC 2 certified
- Cloudflare: ISO 27001, SOC 2, GDPR-compliant; EU Standard Contractual Clauses (SCCs) in place
- Expo / Google / Apple: Each with their own privacy policies and SCCs
- Legal basis: South Korea Personal Information Protection Act Article 17(3) (overseas transfer consent), GDPR Article 46 (appropriate safeguards), Vietnam PDPL Article 24 (cross-border transfer notification)
By using the App, you are deemed to consent to the cross-border transfer described above. You may withdraw consent at any time by deleting your account.
10. Legal Basis for Processing
- Performance of Contract: Sending messages, translation, voice synthesis โ features necessary to deliver the service
- Legitimate Interest: Security maintenance (2FA, password hashing, logs), abuse/report handling, service reliability
- User Consent: Push notification token, profile photo upload, voice training
- Legal Obligation: Compliance with statutory data retention or production requests
11. Automated Decision-Making / Profiling
The App does not perform automated decision-making or profiling that produces legal or similarly significant effects on users. AI models are used only for translation, voice synthesis, and cultural notes โ never for credit scoring, eligibility assessment, or discriminatory processing.
12. Data Subject Rights (GDPR ยท CCPA ยท PIPA unified)
Depending on your region, you may exercise the following rights:
- Right of Access: Request to view your information
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure / Right to be Forgotten: Request data deletion
- Right to Restriction: Pause specific processing activities
- Right to Data Portability: Request export in standard format (JSON)
- Right to Object: Refuse processing based on legitimate interest
- Right to Withdraw Consent: Withdraw at any time
- CCPA "Do Not Sell" (California residents): The App NEVER sells user data. No separate opt-out required.
- Right to Lodge Complaint: South Korea KISA (call 118) ยท EU residents โ local supervisory authority ยท Japan PPC ยท California Attorney General
Submit requests via the contact email; we respond within 30 days.
13. Data Breach Notification
- Upon discovering a breach, notify South Korea's Personal Information Protection Commission (PIPC) within 72 hours โ compliant with GDPR Article 33 and Korea PIPA Article 34
- For severe breaches (sensitive data or many users affected), directly notify affected users
- Notification content: time, scope, cause, remedial measures, contact
14. Cookies and Tracking
The App is a mobile app and does not use web cookies. No advertising trackers or analytics SDKs (Google Analytics, Facebook SDK, etc.) are integrated.
15. Policy Changes
When this policy is revised, we will notify you in-app or on this page. For material changes, we will obtain your explicit consent again.
10. Contact
This policy is drafted in alignment with the principles of South Korea's Personal Information Protection Act, the EU GDPR, Vietnam's data protection laws, and Japan's Act on the Protection of Personal Information (APPI).