Effective 2026-05-14
Privacy Policy
This policy explains what we collect, why, and what you can do about it.
ListenDaily is the controller of your personal data. Contact: [email protected].
1. What we collect
When you use the Service without an account
- Anonymous identifier — a random ID we mint server-side and store against your trial progress. The progress itself sits on our servers (not just your browser) so we can rebuild it if something goes wrong locally
- Listening progress — which lessons you've started, what you typed for each sentence, and whether you got it right on the first attempt (this is what powers your accuracy score)
- Technical data — IP address (for rate limiting and abuse prevention), browser type, device, approximate location (country level), timezone
When you create an account
- Sign-in details — email address and, if you sign in with Google or Apple, your provider ID and basic profile information they share
- Profile data — display name, self-assessed CEFR level (A1–C2), daily-goal preference, timezone, theme, and audio preferences (accent, playback speed)
- Learning history — lessons completed, per-sentence answers, first-try accuracy, streak, time spent
- Communications — emails you send us and our replies
Linking trial progress to your account. If you used ListenDaily during the free trial before signing up, the progress saved against your anonymous identifier is linked to your new account when you create it. That way you don't lose the work you've already done. After linking, the anonymous identifier is no longer used for that progress.
When you subscribe
- Billing data — your payment processor (Polar) handles card details. We don't see or store your full card number; we receive limited metadata such as billing region, the last four digits of the card where the processor exposes it, and whether the payment succeeded
- Subscription state — your plan, renewal date, payment status
What we don't collect
- We don't use the microphone. We don't record your voice.
- We don't sell your data to advertisers.
- We don't track you across the web with third-party advertising cookies.
2. Why we collect it
| Purpose | Data used | Legal basis (EU/UK) |
|---|---|---|
| Run the Service | Anonymous ID, progress, account data | Contract |
| Process payments | Billing data, account data | Contract |
| Improve the product | Aggregate accuracy and completion data | Legitimate interests |
| Prevent abuse | IP, device, account data | Legitimate interests |
| Service emails | Email, account data | Contract |
| Marketing emails (optional) | Consent |
3. Who we share it with
We share data only with the third parties we need to run the Service:
| Provider | What they do | Data they receive |
|---|---|---|
| Supabase | Database, auth, and transactional emails (sign-in links, password resets) | Account data, learning progress, email address |
| Cloudflare | Hosting, CDN, and audio file storage (R2) | IP, browser data, requests |
| Polar | Payment processing and subscription billing | Billing data (full card details handled directly by them) |
| Upstash | Rate limiting | IP address |
| Sentry | Error reporting and crash diagnostics | Error context, including the URL, user ID (if signed in), and the technical details of the error |
We do not sell your data. We do not share it with advertisers. We will share data if a court or law requires it.
International transfers. Our providers above operate globally, so your data may be processed in the United States or other countries outside your own. Where required (for example, for EU or UK residents), we rely on Standard Contractual Clauses or equivalent transfer mechanisms with our providers.
4. How long we keep it
- Active account data — while your account is open
- Anonymous (no account) progress — up to 12 months of inactivity, then deleted
- Closed-account learning history — 30 days after closure, then deleted
- Billing records — 7 years after the last transaction (tax/audit requirement)
- Server logs — 90 days
5. Your rights
You can ask us, at any time, to:
- Access — get a copy of the data we hold about you
- Correct — fix data that's wrong
- Delete — close your account and remove your data (we'll keep what we must by law)
- Export — get your learning history in a portable format
- Object — stop us using your data for things you didn't agree to
- Withdraw consent — for anything based on your consent
Email [email protected] and we'll respond within 30 days.
California residents have the same rights, plus the right to opt out of any "sale" or "sharing" of personal information. We don't sell or share personal information as defined under the CCPA — there's nothing to opt out of, but email us and we'll confirm in writing.
EU/UK residents can also complain to your local data-protection authority. We don't currently meet the threshold that would require us to appoint an EU representative under Article 27 of the GDPR. For any EU-data question, write to the email above.
Everywhere else. ListenDaily serves English learners worldwide. You may have rights under your country's own data-protection law — for example, Brazil's LGPD, Japan's APPI, Mexico's LFPDPPP, Korea's PIPA, or another similar law. Email us with what you need; we'll honor any right we can verify under your local law.
6. Cookies and local storage
We use a small number of cookies and browser storage entries — only the ones the Service needs to work. We don't use third-party advertising cookies.
| Name / type | Purpose | Category | Duration |
|---|---|---|---|
| Auth session (sb-*) | Keep you signed in | Strictly necessary | Session / up to 1 year |
| Anonymous ID | Save trial progress before sign-up | Strictly necessary | Up to 12 months |
| Preferences | Theme, daily-goal, audio settings | Functional | Persistent (until you clear it) |
Strictly-necessary entries are required for the Service to function and don't need consent under EU/UK law. If we add anything beyond that — for example, an analytics or marketing cookie — we'll ask for your consent first and you'll be able to refuse without losing access to the Service.
7. Children
The Service is not for anyone under 16. We don't knowingly collect data from anyone under 16. If you believe a younger person has given us data, email [email protected] and we'll delete it.
8. Security
We use industry-standard protections — encrypted connections (TLS), encrypted-at-rest storage, hashed passwords, server-side authentication, rate limiting. No system is perfectly secure. If a breach affects your data, we'll notify you and the relevant authorities within 72 hours of becoming aware, as required by the GDPR and similar laws.
9. Changes to this policy
If we make material changes, we'll notify you by email or in the Service at least 14 days before they take effect.
Questions? Email [email protected].