Privacy Policy

Last updated: 24/02/2025

Privacy in Short

• We collect some basic information when you use our service.
• We use this information to provide and improve our service, and to communicate with you.
• We do not sell your personal information to third parties.
• Your data is stored securely using encryption.
• You can request access to your data or ask us to delete it at any time.
• We use cookies and similar technologies to analyze site usage.
• We may update this policy occasionally, and will notify you of any important changes.
• If you have any questions about your privacy, please contact us using the details provided at the bottom of this page.

The full privacy policy is provided below for your reference. If you have any questions or concerns about our privacy practices, please don’t hesitate to contact us.

Introduction

Brief Description of the Policy’s Coverage

OneZero Company (“we”, “our”, or “us”) operates Ellie (the “Service”). This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

This Privacy Policy applies to all personal information collected, used, and stored by the Service when individuals interact with the Service operated by OneZero Company. It outlines the practices regarding the collection, use, and disclosure of personal data through the Service, and covers interactions such as account creation, data submission, and personalized usage of the Service.

Statement of Commitment to Privacy

OneZero Company is fully committed to safeguarding the privacy and personal information of our users. We understand the importance of privacy and are dedicated to managing your personal data transparently, responsibly, and securely. This commitment aligns with our compliance with international standards and regulations, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant data protection laws.

Information We Collect

Types of personal information collected

In connection with your use of the Service, we collect and process the following types of information:

• Authentication credentials, which may include:
  • Email address or phone number
  • Password or passkey
• Account data
  • Origin language
  • Name
  • Date of birth
• Profile data
  • Gender
  • Interests
  • Language goals
  • Target language
  • Target language level
• Purchase data
  • Transaction details (what you purchased, date, price)
  • Transaction platform (IOS or Android, or directly with Ellie)
• Customer support & feedback data
  • In-app feedback
  • Content relevancy check
  • Exercise validation
  • Contact history
• Marketing
• Knowledge library
• Anonymized data related to:
  • Crash reports
  • Error logs
  • Performance metrics
  • Usage patterns

Some of this data may be considered sensitive. If you choose to provide this data, you consent to us using it as laid out in this Privacy Policy.

Interaction with AI

You may also interact with Artificial Intelligence (AI) features, such as Ellie Chat, Answer corrections and the instant lesson feature which generates a lesson instantly based on your input. When interacting with AI features, your information will be shared with AI companies such as OpenAI or Google Gemini, which may keep a copy of your input for their own purposes. Please do not submit any personal or confidential information.

We want to stress that we are committed to keeping your personal data from being submitted to an AI vendor. Solely your profile data will be used as input for content generation.

Speaking functionality

Some lessons require you to repeat or respond to Ellie. Third party providers such as Google, Amazon Web Services or Apple may receive your audio to recognize speech. Additionally, Ellie may collect and analyze your speech to improve the product. These types of lessons are optional.

Any audio that you agree to share with us is anonymised when reaching our servers. We are committed to not leaving any personal information traces attached to the audio. You may choose not to share audio with Ellie for product improvement purposes by adjusting your settings.

Methods of collection

We collect information through the following methods:

• Direct input: Information you provide directly to us when creating an account or using the Service, such as your email address, phone number, or authentication credentials and profile information.
• Automated means: Anonymized data related to crashes, errors, performance, and usage patterns is collected automatically through the Service’s operation.

We want to emphasize that we do not collect any personal information beyond what is strictly necessary for the operation, improvement, and optimization of the Service.

Furthermore:

• We do not sell any collected data under any circumstances.
• We do not share your personal information with third parties, except when legally required to do so by authorities with proper jurisdiction.
• All usage data is anonymized to protect your privacy while allowing us to enhance the Service’s functionality and user experience.

Our commitment is to protect your privacy and maintain the confidentiality of your personal information to the fullest extent possible while providing, improving, and optimizing the Service. The anonymized usage data helps us understand how users interact with the Service, enabling us to make informed decisions about feature enhancements and performance optimizations.

How we use your information

Purposes for data processing

We process the information we collect for various purposes essential to providing and improving the Service. Offering “custom content and adaptive learning paths” inherently means profile and usage data is required to operate that service. These purposes include, but are not limited to:

• Facilitating user authentication and account management
• Ensuring the security and integrity of the Service
• Analyzing and improving the performance of the Service
• Identifying and resolving technical issues, including crashes and errors
• Enhancing user experience through analysis of anonymized usage patterns
• Enhancing service by customizing content and adapting learning paths
• Providing customer support and responding to user inquiries
• ads
• Complying with legal obligations and enforcing our Terms of Service

Legal bases for processing

We process your information in accordance with applicable data protection laws. The legal bases for our processing activities include:

• Contractual Necessity: Processing is necessary for the performance of the contract we have with you (i.e., to provide the Service as outlined in our Terms of Service).
• Legitimate Interests: Processing is necessary for our legitimate interests, such as improving and optimizing the Service, ensuring its security, and preventing fraud, provided that such interests are not overridden by your fundamental rights and freedoms.
• Legal Obligation: Processing is necessary to comply with our legal obligations, such as responding to lawful requests from public authorities.
• Consent: In specific instances where required by law or where we seek to process your information for purposes beyond those outlined above, we may seek your explicit consent.

We are committed to processing your information only to the extent necessary for the specified purposes and in accordance with the applicable legal bases. We do not use your information for any purposes other than those stated in this privacy policy without providing you with notice and, where required by law, obtaining your consent.

Data Sharing and Disclosure

Third-party service providers

We may engage trusted third-party companies and individuals to facilitate our Service, provide the Service on our behalf, perform Service-related services, or assist us in analyzing how our Service is used. These third parties have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. We ensure that all third-party service providers we engage are compliant with applicable data protection laws and maintain appropriate security measures to protect your information.

Current third-party service providers

Note that the list of third-party service providers may change over time. The purposes mentioned might not always be utilized but are within the scope of the services provided by the third-party providers. For the most up-to-date information, please refer to the list below:

• Google Cloud Platform & Firebase
  • Authentication
  • Data storage
  • Compute resources
  • Remote configuration
  • Push notifications
• Sentry
  • Error monitoring
  • Performance monitoring
• Apple Inc.
  • Authentication
  • Cloud storage
  • Push notifications
  • In-app purchases
• Google Inc.
  • Authentication
  • Cloud storage
  • Push notifications
  • In-app purchases
• Google Analytics

Legal requirements

We may disclose your personal information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency). We may also disclose your information when we believe disclosure is necessary to:

• Comply with a legal obligation
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of users of the Service or the public
• Protect against legal liability

Business transfers

In the event that we are involved in a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

We want to emphasize that we do not sell your personal information under any circumstances. Any sharing or disclosure of your information is strictly limited to the purposes outlined in this section and is conducted in compliance with applicable data protection laws.

Data Security

Security measures in place

We prioritize the security of your personal information and utilize secure cloud-based platforms to manage our backend services. Our chosen providers incorporate various security measures, including:

• Secure infrastructure from reputable cloud service providers
• Automatic data backups
• Built-in protection against DDoS attacks and other web threats
• Regular security updates and patches
• Access controls and authentication protocols to prevent unauthorized access

We ensure that any provider we work with adheres to these security standards to protect your personal information. However, it’s important to note that no method of transmission over the Internet or method of electronic storage is 100% secure.

Encryption practices

We employ industry-standard encryption techniques to secure your data:

• Data in transit: All communication between your device and our servers is encrypted using HTTPS, ensuring that your data remains protected during transmission.
• Data at rest: We ensure that data stored at rest is encrypted using strong encryption algorithms such as AES256.
• Authentication: We use industry standards like OAuth 2.0 and OpenID Connect for secure user authentication.

These encryption practices are regularly reviewed and updated to align with current industry standards in data protection.

While we rely on our providers’ security infrastructure, we also implement best practices in our application code to ensure the secure handling of your data. We encourage users to take additional steps to protect their own data, such as using strong, unique passwords and enabling two-factor authentication where available in the Service.

We continuously monitor and evaluate our security measures and those of our providers to maintain the highest standards of data protection for our users.

Data Retention

Duration of data storage

We retain your personal information for as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law. The specific duration of data storage may vary depending on the type of information and the context in which it was collected.

In general, we adhere to the following retention principles:

• Account information is retained for as long as your account remains active.
• Anonymized usage data may be retained indefinitely for analytical purposes.
• Crash reports and error logs are typically retained for a limited period to facilitate troubleshooting and service improvements.

Criteria for determining retention periods

We use the following criteria to determine appropriate retention periods for different types of personal information:

• Legal and regulatory requirements: We retain data as required by applicable laws and regulations.
• Operational necessity: We keep information necessary for the ongoing operation and improvement of the Service.
• User expectations: We consider how long users would reasonably expect us to retain certain types of information.
• Contractual obligations: We retain data as required by our agreements with users and third-party service providers.
• Technical constraints: We consider the technical feasibility and cost of data deletion when determining retention periods.

Upon the expiration of the applicable retention period, we will securely delete or anonymize your personal information in accordance with our data deletion procedures. If it is not possible to delete or anonymize the data completely, we will securely store and isolate it from any further processing until deletion is possible.

You may request the deletion of your personal information at any time by contacting us. We will process your request in accordance with applicable data protection laws, subject to any legal or operational constraints that may prevent complete deletion.

Your Rights and Choices

Access, correction, and deletion of data

We respect your right to control your personal information. You have the following rights regarding your data:

• Access: You have the right to request access to the personal information we hold about you. We will provide you with a copy of your data in a commonly used electronic format.
• Correction: If you believe that any personal information we hold about you is inaccurate or incomplete, you have the right to request correction of this information.
• Deletion: You have the right to request the deletion of your personal information from our systems, subject to any legal or operational constraints that may prevent complete deletion.

To exercise these rights, please contact us through the provided contact information in this privacy policy. We will respond to your request within a reasonable timeframe and in accordance with applicable data protection laws.

Opt-out options

We provide you with several options to control the use of your information:

• Email communications: You can opt-out of receiving non-essential email communications from us by following the unsubscribe instructions included in each email.
• Push notifications: You can manage push notifications through your device settings or within the Service itself.
• Analytics data collection: While we use anonymized data for analytics purposes, you may have the option to opt-out of certain data collection practices through your device or browser settings.

Please note that even if you opt-out of certain data collection or communications, we may still need to send you important Service-related messages and retain certain information for legal and security purposes.

If you have any questions or concerns about your rights or the choices available to you, please don’t hesitate to contact us. We are committed to addressing your inquiries and ensuring that you have control over your personal information to the extent possible while using our Service.

International Data Transfers

Cross-border data transfer practices

Our Service operates globally, and as such, your personal information may be transferred to, stored, and processed in countries other than the one in which you reside. Specifically, our servers and those of our third-party service providers may be located in various jurisdictions around the world. This means that when we collect your personal information, we may process it in countries that may have data protection laws that are different from those in your country of residence.

By using our Service and providing us with your personal information, you acknowledge and consent to the transfer of your data across international borders as necessary for the purposes outlined in this privacy policy.

Safeguards for international transfers

We are committed to ensuring that your personal information receives an adequate level of protection when transferred internationally. To safeguard your data during these transfers, we implement appropriate measures, which may include:

• Entering into Standard Contractual Clauses approved by the European Commission with our service providers and partners
• Ensuring that recipients of your data are certified under privacy frameworks such as the EU-US Privacy Shield or its successors
• Implementing technical and organizational measures to protect your personal information during transfer and processing
• Conducting regular assessments of data protection laws in recipient countries
• Limiting the amount of personal data transferred to what is strictly necessary

We take steps to ensure that any international transfer of personal data is managed carefully to protect your privacy rights and interests. These safeguards are designed to provide a level of protection for your personal information that is consistent with the requirements of applicable data protection laws.

If you have questions about our international data transfer practices or would like more information about the specific safeguards we use for certain transfers, please contact us using the information provided in this privacy policy.

Children’s Privacy

Age restrictions

Our Service is not intended for use by children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us immediately. We will take steps to remove that information from our servers.

Handling of minors’ data

In the event that we learn that we have collected personal information from a child under the age of 13 without verification of parental consent, we will take immediate steps to delete that information from our servers. If you believe we might have any information from or about a child under 13, please contact us using the information provided in this privacy policy.

For users between the ages of 13 and the age of maturity in their jurisdiction:

• We recommend that minors ask their parents for permission before sending any information about themselves to anyone over the Internet.
• We encourage parents to teach their children about safe internet use practices and to monitor their children’s use of online services.

If we change our practices in the future and begin to allow users under the age of 13 to use the Service, we will obtain parental consent as required by the Children’s Online Privacy Protection Act (COPPA) and other applicable laws.

We are committed to protecting the privacy of children and complying with all applicable laws and regulations regarding the collection, use, and disclosure of personal information from minors.

Changes to the Privacy Policy

Notification of updates

We reserve the right to modify this privacy policy at any time. When we make changes to this policy, we will update the “Effective Date” at the top of this page and take reasonable steps to notify you of any material changes. Such notification may include, but is not limited to:

• Sending an email to the address associated with your account
• Displaying a prominent notice within the Service
• Posting a notification on our website

Effective dates of changes

Any changes we make to our privacy policy will become effective immediately upon posting the revised policy on this page. The “Effective Date” at the top of this privacy policy indicates when the policy was last revised.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised privacy policy. If you do not agree to the new policy, you should discontinue your use of the Service.

For significant changes to this policy or in how we use your personal information, we will provide a more prominent notice and, where required by applicable law, seek your consent before implementing the change.

We will retain prior versions of this privacy policy in an archive for your review upon request. To request access to previous versions, please contact us using the information provided in this policy.

Contact Information

How to Contact Us

• Email: Send your inquiries to privacy@get-ellie.com. Please include your contact information and a detailed description of your question or issue to ensure an efficient and effective response.