Privacy Policy

Vocabitor ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use the Vocabitor Chrome extension and website (collectively, "Services").

1. Information We Collect

Account Information: If you create an account, we collect your name, email address, and password (stored as a bcrypt hash). You may also sign in via Google, in which case we receive your Google profile email and display name.

Usage Data: We collect anonymized data about how you use the extension, including which CEFR levels are most used, average session frequency, and feature engagement. This data cannot be traced back to any individual.

Saved Words: Words you save to your personal list are stored in your account in our database. This data is never sold or used for advertising.

No Browsing History: Vocabitor does not record, store, or transmit any information about the websites you visit. The extension only injects flashcards — it never reads page content.

2. How We Use Your Information

• To operate and improve the Vocabitor service
• To sync your settings and saved words across devices
• To send transactional emails (account confirmation, password reset)
• To respond to support requests
• To analyze aggregate usage patterns and improve features

We do not use your data for advertising, do not sell it to third parties, and do not build advertising profiles.

3. Data Storage & Security

Your data is stored on Supabase infrastructure hosted in the United States. All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. We follow industry best practices for database access controls and security auditing.

Passwords are never stored in plaintext. OAuth tokens (Google sign-in) are handled entirely by Supabase Auth and are not accessible to our application code.

4. Information Sharing

We do not sell, rent, or trade your personal information. We may share data only in the following limited circumstances:

• Service Providers: Supabase (database), Stripe (payments), and Google (OAuth), each bound by their own privacy policies.
• Legal Requirements: If required by law, regulation, or valid legal process.
• Business Transfers: In the event of a merger or acquisition, with prior notice to users.

5. Cookies & Analytics

Our website uses minimal cookies for session management and authentication. We use privacy-respecting analytics (no IP storage, no cross-site tracking) to understand aggregate website usage.

The Chrome extension does not use cookies. Settings are stored using Chrome's storage.sync and storage.local APIs.

6. Your Rights

Depending on your location, you may have the following rights under GDPR, CCPA, or other applicable laws:

• Access: Request a copy of your personal data
• Correction: Update inaccurate or incomplete data
• Deletion: Request deletion of your account and all associated data
• Portability: Export your saved words as a JSON or CSV file
• Objection: Object to certain processing of your data

To exercise any right, email us at privacy@vocabitor.com. We will respond within 30 days.

7. Children's Privacy

Vocabitor is not directed at children under 13. We do not knowingly collect personal information from children. If we learn that we have inadvertently collected such information, we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website or emailing registered users at least 14 days before changes take effect.

9. Contact Us

For privacy-related questions or requests, please contact:

• Email: privacy@vocabitor.com
• Website: vocabitor.com