Beta

Privacy

Privacy Policy

How SveLingo handles account data, learning progress, local storage, and diagnostics during the free beta.

Last updated: June 12, 2026

Back to SveLingo

1. Who operates SveLingo

SveLingo is operated by Wenlin Fan, an independent developer based in Linköping, Sweden. For privacy requests, contact privacy@svelingo.com.

2. Data we collect

We collect the minimum data needed to provide Swedish learning features and keep the service reliable.

  • Account data: email address, authentication provider details, password hash when password sign-in is used, refresh tokens, and login timestamps.
  • Learning data: word progress, session history, review state, streaks, saved words, wordbooks, grammar practice state, and placement or CAT results.
  • Search and dictionary activity: search queries, whether a query had results, response timing, and related technical metadata used to improve dictionary coverage.
  • Diagnostics and product analytics: route or page events, navigation events, search metadata, audio playback events, login entry or exit events, request status, app version, deployment environment, pseudonymised identifiers, consent state, and error metadata needed for troubleshooting and product improvement.
  • Support messages: information you choose to send when contacting support, privacy, or security channels.

3. How we use data

  • Provide account access, learning sessions, review scheduling, saved words, wordbooks, and search.
  • Maintain service security, detect abuse, debug errors, and measure reliability.
  • Improve dictionary coverage, learning flow quality, and product usability.
  • Respond to support, privacy, data export, deletion, or security requests.

4. Storage on your device

SveLingo uses browser storage for essential product behavior and preferences.

  • Authentication tokens or secure cookies keep you signed in.
  • Locale preferences remember your language setting.
  • Recent searches, tutorial state, and in-progress practice state improve the local experience.
  • A device identifier may be used for authentication, diagnostics, rate limiting, or abuse prevention.
  • An analytics consent preference remembers whether optional product analytics are allowed.

We do not use advertising cookies. Cloudflare may use security-related cookies or similar technologies when protecting the service.

5. Diagnostics and analytics

Optional product analytics are used only in production and only after you allow analytics. We use Google Analytics and a self-hosted Rybbit deployment to understand aggregate page visits, geographic distribution, navigation, word search behavior, audio playback, and login flow behavior.

Raw search terms are not sent to analytics services. Search analytics events use limited metadata such as query length, route, and event type. Signed-in analytics events may include a transformed user identifier so product behavior can be analyzed across sessions without sending email addresses.

Current diagnostics and analytics are pseudonymised, not fully anonymous. Identifiers are transformed before they are written to analytics or diagnostic systems, but they may still be linkable within operational systems.

We do not sell analytics data or use it for advertising. Advertising storage, ad personalization, and ad user data are not enabled for analytics consent.

6. Service providers

We use service providers only to operate, secure, and observe the product.

  • Cloudflare: DNS, routing, security, and performance protection.
  • Datadog: observability, logs, metrics, and reliability diagnostics.
  • Google Analytics: consent-based product analytics for page visits, geography, navigation, and interaction events.
  • Self-hosted Rybbit: consent-based product analytics operated on SveLingo-controlled infrastructure.
  • Infrastructure providers: hosting, database, storage, and deployment services needed to run SveLingo.

7. Retention

Account and learning data are kept while your account is active so the product can preserve progress. Authentication tokens expire or are revoked according to security settings.

Raw search and diagnostic logs should be retained only as long as needed for troubleshooting and product quality, then deleted or converted into aggregate metrics. Analytics event retention is managed through Google Analytics and the self-hosted Rybbit deployment. During beta, retention windows may be adjusted as the operational setup matures.

8. Your choices and rights

You can request access, correction, export, or deletion of your account data by emailing privacy@svelingo.com. A self-service export and deletion flow is planned for Settings.

9. Children

SveLingo is not directed to children under 13. Minors should use the service only with consent from a parent or guardian.

10. Security

We use technical and organizational safeguards appropriate for a free beta product, including HTTPS in production, access controls, token expiry, and diagnostic filtering for sensitive keys. No online service can be guaranteed completely secure.

11. Changes

This policy may change as SveLingo moves from beta to a broader launch. Material updates will be reflected on this page with a new last-updated date.