Privacy Policy
Last updated: April 4, 2026
This Privacy Policy explains how Nounly ("we", "us", or "our") collects, uses, and protects your personal data when you use our website at nounly.xyz, our web application at app.nounly.xyz, and our browser extension (collectively, the "Service").
1. Data Controller
Nounly is operated by Yehor I., an individual developer based in Poland (EU).
Contact: support@nounly.xyz
2. What Data We Collect
2.1 Account Information
When you register, we collect:
- Email address — for account authentication and communication
- Display name — shown on your profile (optional)
- Username — your unique public handle (optional)
- Profile picture — uploaded by you or imported from Google (optional)
- Authentication data — password hash (email sign-up) or Google OAuth token
2.2 Learning Data
As you use the Service, we collect:
- Words and translations you add to your dictionary
- Vocabulary packs and folders you create
- Training results, scores, and accuracy metrics
- XP (experience points), streaks, coins, and achievement progress
- Language preferences (native and target languages)
- AI-generated content (word analysis, pack generation, roleplay conversations)
2.3 Browser Extension Data
If you use the Nounly browser extension, it may collect:
- Selected text — the word or phrase you highlight on a webpage
- Surrounding context — the sentence or paragraph around the selected word
- Page URL — the address of the page where the word was captured
This data is sent to our servers solely for the purpose of translating and saving words to your Nounly inbox. We do not collect or store browsing history, page content, or any data from pages where you do not actively select a word.
2.4 Social Features Data
- Follower and following relationships
- Publicly visible profile information (nickname, avatar, stats)
- Challenge results between users
- Referral codes
2.5 Analytics and Usage Data
With your consent, we collect anonymized usage data via:
- PostHog (EU-hosted) — page views, feature usage events, session replays (with all text inputs masked)
- Google Analytics (landing page only) — page views, traffic sources, device information
See our Cookie Policy for full details.
2.6 Technical Data
- IP address (processed by our hosting and analytics providers, not stored by us directly)
- Browser type and version
- Device type and operating system
3. How We Use Your Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and operate the Service | Contract performance (Art. 6(1)(b)) |
| Authenticate your account | Contract performance (Art. 6(1)(b)) |
| Process and translate words from the extension | Contract performance (Art. 6(1)(b)) |
| Display social profiles and leaderboards | Contract performance (Art. 6(1)(b)) |
| Send push notifications (if enabled) | Consent (Art. 6(1)(a)) |
| Analytics and product improvement | Consent (Art. 6(1)(a)) |
| Respond to support requests | Legitimate interest (Art. 6(1)(f)) |
4. Third-Party Services
We use the following third-party services to operate Nounly:
| Service | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database, authentication | All account and learning data | EU |
| Cloudinary | Image storage | Profile pictures | EU/US |
| PostHog | Product analytics | Anonymized usage events | EU |
| Google Analytics | Website analytics | Page views, traffic data | US/EU |
| Google Translate API | Word translation | Words and phrases | US |
| Firebase / FCM | Push notifications | Device tokens | US |
| AI Provider | Word analysis, content generation | Words, phrases, conversation text | US/EU |
Each provider processes data under their own privacy policy and applicable data processing agreements.
5. Cookies and Local Storage
We use cookies and browser local storage to operate the Service. Analytics cookies (PostHog, Google Analytics) are only activated with your explicit consent. For detailed information about each cookie, see our Cookie Policy.
6. Data Retention
- Account data — retained as long as your account is active
- Learning data — retained as long as your account is active
- Analytics data — retained according to each provider's policy (typically 12–26 months)
- Deleted accounts — all personal data is deleted immediately upon account deletion
7. Your Rights (GDPR)
As an EU resident or user of an EU-based service, you have the following rights:
- Access — request a copy of your personal data
- Rectification — update or correct your data via your Profile settings
- Erasure — delete your account and all associated data via Profile → Delete Account
- Restriction — request that we limit processing of your data
- Portability — request your data in a machine-readable format
- Objection — object to processing based on legitimate interest
- Withdraw consent — withdraw analytics consent at any time via cookie settings
To exercise any of these rights, contact us at support@nounly.xyz. We will respond within 30 days.
8. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- HTTPS encryption for all data in transit
- Row-Level Security (RLS) policies in our database
- Passwords hashed and never stored in plaintext
- API keys and secrets stored securely on the server side
- Input masking in analytics session recordings
9. International Data Transfers
Some of our third-party providers operate outside the EU. Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions.
10. Children's Privacy
Nounly is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly. If you believe we may have collected data from a child under 13, please contact us at support@nounly.xyz.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact:
Yehor I.
Email: support@nounly.xyz