Privacy Policy

1. Introduction

Welcome to Ashburn Studios ("we", "us", "our", "Company"). This Privacy Policy explains how we collect, use, process, and protect your personal information when you use our AI-powered language learning conversation platform ("Service", "Platform").

We are committed to protecting your privacy and handling your personal data transparently and securely. This policy applies to all users of our Service, including visitors to our website and mobile applications.

By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with our practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you provide when you:

• Account Registration: Email address, username, password, language preferences
• Profile Information: Optional profile details, learning goals, skill level
• Payment Information: Billing details processed securely through payment providers
• Communications: Messages when you contact our support team
• Feedback: Ratings, reviews, and suggestions you provide

2.2 Content and Conversation Data

When using our Service, we collect:

• Text Messages: Conversations with AI agents for providing responses and improving our Service
• Audio Recordings: Voice messages for speech-to-text conversion and language practice
• Voice Biometric Data: Audio characteristics necessary for speech recognition processing
• Translations: Source and target text for providing translation services
• Learning Progress: Vocabulary usage, conversation topics, skill assessments

2.3 Automatically Collected Information

We automatically collect:

• Usage Data: Features used, time spent, interaction patterns, session duration
• Device Information: Device type, operating system, browser version, IP address
• Technical Data: Error logs, performance metrics, crash reports
• Analytics Data: User behavior patterns, feature effectiveness, usage statistics

2.4 Third-Party Information

We may receive information from:

• OAuth Providers: Google, Microsoft, or other authentication services (with your consent)
• Payment Processors: Stripe and other payment services for transaction verification
• Analytics Services: Aggregated usage data from our analytics providers

3. How We Use Your Information

3.1 Service Provision

We use your information to:

• Provide AI-powered conversation practice and language learning features
• Process speech-to-text and text-to-speech requests
• Deliver real-time translations and language assistance
• Maintain conversation history and learning progress
• Customize content based on your language level and preferences
• Enable vocabulary tracking and skill assessment

3.2 AI Model Training and Improvement

Important: We may use your conversations, audio recordings, and usage patterns to:

• Improve the accuracy of our AI conversation models
• Enhance speech recognition and text-to-speech capabilities
• Develop better translation and language detection algorithms
• Optimize conversation flow and response quality
• Train educational content recommendation systems

Data Protection: All data used for AI training is processed in accordance with our data protection standards. We implement privacy-preserving techniques and do not use your data to identify you personally in AI training contexts.

3.3 Communication and Support

We use your information to:

• Provide customer support and respond to your inquiries
• Send service-related notifications and updates
• Deliver important account and security information
• Notify you of new features or changes to our Service

3.4 Business Operations

We use your information for:

• Processing payments and managing token balances
• Preventing fraud and ensuring account security
• Analytics to understand usage patterns and improve our Service
• Compliance with legal obligations and regulatory requirements

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your data based on:

• Contract Performance: To provide the Service you've agreed to use
• Legitimate Interest: To improve our Service, ensure security, and conduct business operations
• Consent: For optional features, marketing communications, or AI training where required by law
• Legal Obligation: To comply with applicable laws and regulations

5. How We Share Your Information

5.1 Third-Party Service Providers

We share information with trusted service providers who help us operate our Service:

• AI/ML Providers: OpenAI, Anthropic, or other AI services for conversation processing
• Cloud Services: AWS, Google Cloud, or similar for hosting and data processing
• Payment Processors: Stripe and other payment services for transaction processing
• Analytics Services: For understanding usage patterns and improving our Service
• Translation Services: Third-party translation APIs for language processing
• Speech Services: ElevenLabs and similar providers for text-to-speech generation

All service providers are bound by strict data protection agreements and can only use your data to provide services on our behalf.

5.2 Legal Requirements

We may disclose your information when required by law:

• To comply with legal processes, court orders, or government requests
• To protect our rights, property, or safety, or that of our users
• To investigate or prevent illegal activities or security breaches
• In connection with business transfers or mergers (with user notification)

5.3 No Sale of Personal Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We do not sell your personal data as defined by applicable privacy laws including CCPA.

6. Data Security

6.1 Security Measures

We implement comprehensive security measures including:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access Controls: Strict authentication and authorization protocols
• Regular Audits: Security assessments and vulnerability testing
• Employee Training: Regular security awareness and privacy training
• Incident Response: Procedures for handling security breaches

6.2 Voice and Audio Data Security

Special protection measures for voice data include:

• Secure transmission and storage of all audio recordings
• Processing audio data only for specified purposes (transcription, TTS)
• Automatic deletion of temporary audio processing files
• Anonymization of voice characteristics where technically feasible

6.3 Limitations

While we implement strong security measures, no internet transmission or storage system is 100% secure. We cannot guarantee absolute security but commit to addressing any security incidents promptly and transparently.

7. Data Retention

7.1 General Retention Policy

We retain your information for different periods based on data type:

• Account Information: Until you delete your account, plus 30 days for account recovery
• Conversation History: Until deletion by user or account termination
• Audio Recordings: Processed and deleted within 48 hours unless saved by user
• Payment Records: 7 years for tax and legal compliance
• Usage Analytics: Up to 2 years in aggregated, non-identifiable form

7.2 AI Training Data

Data used for AI model training may be retained longer to maintain model performance, but is processed in anonymized or pseudonymized form where possible. You can request exclusion from AI training as described in the "Your Rights" section.

7.3 Data Deletion

When data is scheduled for deletion, we permanently remove it from our active systems within 90 days. Backup copies are deleted within 12 months unless legally required to retain them.

8. International Data Transfers

Your information may be processed in countries other than your country of residence, including the United States where our servers are primarily located. We ensure adequate protection through:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by relevant data protection authorities
• Other legally recognized data transfer mechanisms
• Equivalent protection standards regardless of processing location

9. Your Privacy Rights

9.1 GDPR Rights (EU Users)

Under GDPR, you have the right to:

• Access: Request copies of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data
• Restrict Processing: Limit how we process your data
• Data Portability: Receive your data in a portable format
• Object: Opt out of processing for legitimate interests or direct marketing
• Withdraw Consent: Where processing is based on consent

9.2 CCPA Rights (California Users)

Under CCPA, you have the right to:

• Know what personal information we collect and how it's used
• Delete personal information we have collected
• Opt out of the sale of personal information (we don't sell your data)
• Non-discrimination for exercising your privacy rights

9.3 AI Training Opt-Out

You can opt out of having your data used for AI model training by:

• Adjusting your privacy settings in your account dashboard
• Contacting our support team with your request
• Note: Opting out may limit some Service features that rely on personalized models

9.4 Exercising Your Rights

To exercise any of these rights, contact us at privacy@chtrbx.app. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

10. Children's Privacy

10.1 Age Restrictions

Our Service is not intended for children under 13 years old. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

10.2 Teens (13-18)

Users between 13-18 years old must have parental or guardian consent to use our Service. We may implement additional protections for teen users, including enhanced privacy settings and restricted data processing for AI training purposes.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Enable core functionality and security features
• Performance Cookies: Analyze usage and improve Service performance
• Preference Cookies: Remember your settings and preferences
• Analytics: Understand user behavior and Service effectiveness

You can control cookies through your browser settings, but disabling certain cookies may limit Service functionality.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will:

• Post updated policies on our website with a new "Last updated" date
• Notify you via email for material changes
• Provide in-app notifications for significant policy updates
• Give you opportunity to review changes before they take effect

Continued use of our Service after policy updates constitutes acceptance of the new terms.

13. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our privacy compliance. You can contact our DPO regarding any privacy-related questions or concerns at dpo@chtrbx.app.

14. Contact Information

For any questions about this Privacy Policy or our privacy practices, please contact us:

15. Supervisory Authority

If you have concerns about our data processing that we cannot resolve, you have the right to lodge a complaint with your local data protection supervisory authority.