Legal

Privacy Policy

Last updated: February 14, 2026

This Privacy Policy describes how Maksymilian Mogilski, operating under the trade name FlowON (NIP: 7011223575), hereinafter referred to as "we," "us," or "the Company," collects, uses, stores, and protects your personal data when you use the LingoLock mobile application (the "App") and our website (collectively, the "Services").

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.

1. Data Controller

The data controller responsible for your personal data is:

Maksymilian Mogilski
Trade name: FlowON
NIP (Tax Identification Number): 7011223575
Email: maxmogilski@gmail.com

2. Data We Collect

We collect the following categories of personal data when you use our Services:

2.1 Account Information

When you create an account, we may collect your email address, display name, and authentication credentials. If you sign in via a third-party service (e.g., Apple Sign-In), we receive limited information as permitted by that provider.

2.2 Vocabulary Learning Progress & Statistics

  • Words learned, accuracy rates, and learning history
  • Daily goals and streaks data
  • Time Bank balances and usage records
  • Language preferences and course selections

2.3 App Usage & Screen Time Data

  • Time spent using the App and studying vocabulary
  • Screen time earned and consumed
  • App unlock/lock events and patterns
  • Feature usage statistics

2.4 Device Information

  • Device type, model, and manufacturer
  • Operating system type and version
  • Device language and regional settings
  • Unique device identifiers (e.g., IDFV)
  • Screen resolution and display settings

2.5 Payment & Subscription Data

Subscription purchases are processed through the Apple App Store. We do not directly collect or store your credit card number, bank account details, or other financial payment information. We receive from Apple limited transaction data, including subscription status, purchase date, expiration date, and transaction identifiers, which we use to manage your subscription and provide access to premium features.

2.6 Push Notification Tokens

If you opt in to push notifications, we collect your device's push notification token to send you reminders, streak alerts, and important service updates.

2.7 Analytics & Crash Reports

  • Crash logs and performance diagnostics
  • Aggregated usage analytics
  • Error reports and debugging data
  • Network connection type at time of crash

3. How We Use Your Data

We use the data we collect for the following purposes:

  • Providing and operating the Services: Managing your account, tracking vocabulary progress, calculating Time Bank balances, and delivering the core App experience.
  • Personalization: Adapting learning content to your level, preferences, and study patterns.
  • Subscription management: Verifying subscription status, processing renewals, and managing access to premium features.
  • Communication: Sending push notifications (with your consent), streak reminders, and important service announcements.
  • Improvement and analytics: Analyzing usage patterns to improve the App, fix bugs, and develop new features.
  • Security and fraud prevention: Detecting and preventing misuse, unauthorized access, or fraudulent activity.
  • Legal compliance: Fulfilling legal obligations, responding to legal requests, and protecting our rights.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), the United Kingdom, and other jurisdictions where GDPR or similar regulations apply, we process your personal data based on the following legal grounds:

  • Contract performance (Art. 6(1)(b) GDPR): Processing necessary to perform our contract with you (i.e., providing the App and managing your account and subscription).
  • Legitimate interest (Art. 6(1)(f) GDPR): Processing necessary for our legitimate interests, such as improving the App, ensuring security, and conducting analytics, provided these interests are not overridden by your rights.
  • Consent (Art. 6(1)(a) GDPR): Where you have given specific consent, such as opting into push notifications or marketing communications. You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c) GDPR): Where processing is necessary to comply with legal obligations to which we are subject.

5. Data Sharing & Third Parties

We do not sell your personal data to third parties. We may share your data with the following categories of recipients:

  • Apple Inc.: For payment processing, subscription management, and App Store distribution.
  • Analytics providers: We use analytics services to understand how the App is used, which may process aggregated or pseudonymized data.
  • Cloud infrastructure providers: To host and store data securely.
  • Legal authorities: When required by law, court order, or governmental regulation.

All third-party service providers are contractually obligated to protect your data and may only use it for the purposes we specify.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside of your country of residence, including countries outside the EEA. When we transfer data internationally, we implement appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions issued by the European Commission for recipient countries
  • Other legally recognized transfer mechanisms under applicable law

7. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

  • Account data: Retained for the duration of your account and for up to 30 days after deletion request for backup purposes.
  • Learning progress data: Retained for the duration of your account.
  • Transaction data: Retained for the period required by applicable tax and financial regulations (typically 5-7 years).
  • Analytics data: Retained in aggregated, anonymized form for up to 24 months.
  • Crash reports: Retained for up to 12 months.

8. Your Rights

8.1 Rights Under GDPR (EEA & UK Users)

If you are located in the EEA or the United Kingdom, you have the following rights under the GDPR:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to legal exceptions.
  • Right to restriction of processing: Request that we limit how we use your data.
  • Right to data portability: Receive your data in a structured, commonly used, machine-readable format.
  • Right to object: Object to processing based on legitimate interest or for direct marketing purposes.
  • Right to withdraw consent: Withdraw previously given consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to lodge a complaint: File a complaint with your local data protection authority (in Poland: Prezes Urzędu Ochrony Danych Osobowych, UODO).

8.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know: Request information about the categories and specific pieces of personal information we have collected.
  • Right to delete: Request deletion of personal information we have collected from you.
  • Right to opt-out of sale: We do not sell personal information. However, you have the right to opt out if this changes.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.
  • Right to correct: Request correction of inaccurate personal information.
  • Right to limit use of sensitive personal information: Direct us to limit our use of your sensitive personal information to what is necessary to provide the Services.

To exercise any of these rights, please contact us at maxmogilski@gmail.com. We will respond to verifiable consumer requests within 45 days.

8.3 Do Not Track

Our App does not currently respond to "Do Not Track" (DNT) signals. However, you can control tracking through your device settings.

9. Children's Privacy

Our Services are not directed to children under the age of 13 (or 16 in certain EEA jurisdictions). We do not knowingly collect personal data from children under these ages. If we become aware that we have inadvertently collected personal data from a child under the applicable age limit, we will take steps to delete such data as soon as possible. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at maxmogilski@gmail.com.

10. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Regular security assessments and vulnerability testing
  • Access controls and authentication mechanisms
  • Secure development practices
  • Incident response procedures

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. Cookies & Similar Technologies

Our website may use cookies and similar technologies to analyze traffic and improve your experience. You can manage your cookie preferences through your browser settings. The App itself does not use browser cookies but may use similar device-level identifiers for analytics and functionality purposes.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and/or through the App with a new "Last Updated" date. For significant changes, we may also send you a push notification or email (if available). Your continued use of the Services after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Maksymilian Mogilski - FlowON
Email: maxmogilski@gmail.com
NIP: 7011223575

For GDPR-related inquiries, you may also contact the Polish data protection authority: Prezes Urzędu Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warszawa, Poland.