Privacy Policy

MandarinLand is operated by [Legal entity name], trading as MandarinLand. If you have questions about this policy or want to exercise a privacy right, contact us at [privacy@your-domain.com] or write to [Registered business address].

• Account data: your name, email address, password credentials handled through our authentication stack, email verification status, and profile image if supplied through a social sign-in provider.
• Session and device data: session identifiers, IP address, browser and device metadata, and user-agent data.
• Learning and preference data: learner persona fields, voice settings, grammar preferences, learning goals, pinned scenarios, retention settings, and similar account preferences.
• User content: chats, scenario prompts, saved scenarios, flashcard prompts and content, reader and dialogue prompts and outputs, scenario reviews, and support messages you send us.
• Media and OCR data: images you upload for OCR, text submitted for text-to-speech or narration, generated audio files, and related timing metadata.
• Billing data: Stripe customer identifiers, subscription identifiers, plan status, billing interval, credit usage, and billing cycle information. We do not store full payment card numbers ourselves.
• Browser storage data: cookies, local storage, IndexedDB records, and service-worker cache entries used for app state and offline functionality.

• To create accounts, authenticate users, and keep sessions secure.
• To deliver language-learning features such as AI chat, flashcards, readers, dialogues, OCR, and audio playback.
• To personalise the service using your settings and learning preferences.
• To manage subscriptions, billing, credits, and cancellation flows.
• To detect abuse, enforce rate limits, investigate misuse, and protect the service.
• To maintain the service, debug issues, and improve reliability and safety.
• To comply with legal obligations and enforce our Terms.

We expect the main lawful bases for MandarinLand to be:

• Contract where processing is necessary to provide the service you asked for, such as account creation, chat, scenario generation, OCR, text-to-speech, billing status, and subscription management.
• Legitimate interests where we need to keep the service secure, prevent abuse, diagnose failures, and improve the reliability of core features in a proportionate way.
• Legal obligation where we need to keep records or respond to valid legal demands.
• Consent only where law requires it, such as for any future non-essential cookies or similar tracking technologies.

We may update this section once the internal lawful-basis matrix is finalised.

Depending on the feature you use, MandarinLand may rely on third-party providers for authentication, email delivery, billing, database hosting, Redis-backed storage, AI generation, text-to-speech, narration, OCR, object storage, and application hosting.

• Google sign-in for optional account authentication.
• Stripe for subscriptions, checkout, and billing portal flows.
• Resend for transactional email such as verification emails.
• Upstash Redis for auth secondary storage and rate limiting.
• Neon Postgres for application data storage.
• DeepSeek via the AI SDK for chat and generation features.
• ElevenLabs for text-to-speech and narration generation.
• Google Cloud Vision for dictionary OCR.
• Cloudflare R2 for media or cache storage where enabled.

We require processors to handle data on our instructions where applicable, but you should expect some of these providers to operate across multiple regions and subprocessors.

MandarinLand may transfer personal data outside the UK when using cloud infrastructure or third-party service providers. We intend to use lawful transfer mechanisms where required and to document those transfer arrangements internally.

Replace this section with the final transfer wording once the vendor review and transfer assessment register are complete.

We keep personal data only as long as reasonably necessary for the purposes described above, to comply with legal obligations, and to defend legal claims.

• Chats are subject to the retention window selected in the product, currently between 1 and 15 days with a default of 3 days.
• Billing records may be kept for longer where tax, accounting, or subscription administration requires it.
• Offline browser data remains on your device until it expires, is overwritten, or you remove it through the browser or app.
• Generated media or cached data may remain in storage or caches until removed under operational retention rules that still need to be finalised.

Subject to applicable law, you may have the right to ask for access to your personal data, correction of inaccurate data, deletion of data, restriction of processing, objection to certain processing, and data portability.

To exercise a right, contact [privacy@your-domain.com]. We may need to verify your identity before acting on a request.

MandarinLand uses browser-side storage for authentication support, UI preferences, offline study features, and cached audio or API responses. For more detail, see the dedicated Cookies & Storage Notice at /cookie-notice.

MandarinLand is a language-learning service and may be attractive to teenagers. Replace this section once the Children's Code assessment is complete and the product's final age position is decided. Until then, do not publish this draft as the final production notice.

Contact us first at [privacy@your-domain.com] if you have a privacy concern. You may also have the right to complain to the UK Information Commissioner's Office if you believe your data has been handled unlawfully.