Privacy Policy

How we collect, use, and protect your information

  1. Introduction

  Catlangu (“we,” “us,” or “our”) operates the website https://catlangu.com/ and the Catlangu mobile application (collectively, the “Services”). This Privacy Policy explains how we collect, use, and disclose your personal information when you visit or use our Services.

  2. Information We Collect

  2.1. Information You Provide

  Account Information: When you register, we collect your name, email address, profile picture, and any profile details you choose to share (bio, birthday, language preferences).

  Authentication: When you sign in with Google or Apple, we receive your profile information (name, email, profile picture) via Firebase Authentication services.

  Payment Information: When you purchase subscriptions, payment is processed by Apple App Store or Google Play Store. We receive transaction confirmation data but do not store your payment card details.

  2.2. Automatically Collected Information

  Usage Data: Pages you visit, features you use, session length, and technical details (e.g., browser type, IP address, device type, OS version).

  Device Information: Device identifiers, mobile carrier, timezone, and crash reports for improving app stability.

  Cookies and Tracking Technologies: We use cookies, web beacons, local storage, and similar technologies to recognize your browser, remember your preferences, and provide personalized content.

  2.3. Voice/Video Chat and Media Access

  Camera and Microphone Access: We request permission to access your camera and microphone to enable voice and video chat functionality with other users.

  WebRTC Processing: Voice and video streams are processed through WebRTC technology for direct peer-to-peer connections between users.

  No Recording or Storage: We do not record, store, or retain any voice/video chat sessions, audio, or visual content from your conversations.

  Real-Time Only: All voice and video data is transmitted in real-time between participants and is not saved on our servers.

  3. How We Use Your Information

  Provide and Improve Services: To operate, maintain, and enhance the Services and their features.

  Communication: To send you updates, security alerts, support messages, and service-related notifications.

  Personalization: To tailor content, recommendations, and language matching.

  Analytics: To understand user behavior, improve performance, and develop new features.

  Security and Safety: To detect fraud, prevent abuse, and enforce our Terms and Community Guidelines.

  Legal Compliance: To comply with legal obligations and respond to legal requests.

  4. Cookies and Similar Technologies

  We use the following types of cookies and tracking technologies:

  Essential Cookies: Required for authentication, security, and core functionality.

  Session Cookies: Expire when you close your browser or app.

  Persistent Cookies: Remain on your device until deleted or expired (typically 1 year).

  Analytics Cookies: Help us understand how users interact with our Services.

  Advertising Identifiers: Used by Google AdMob for personalized advertising on mobile devices.

  Cookie Management: You can manage cookie preferences through your browser or device settings. However, disabling certain cookies may affect Service functionality. On mobile devices, you can reset your advertising identifier through system settings.

  5. Data Sharing and Disclosure

  We share your information only in the following circumstances:

  Google/Firebase: We share authentication data with Google Firebase for secure login services and user authentication management.

  Payment Processors: Apple App Store and Google Play Store process payments on our behalf. We receive transaction confirmations but do not handle payment card details.

  Google AdMob: We share advertising identifiers and usage data with Google AdMob for personalized advertising on our mobile app.

  Analytics Providers: We use analytics services to understand usage patterns and improve our Services.

  Service Providers: We may share data with third parties who perform services on our behalf (e.g., cloud hosting, email delivery, customer support).

  Legal Requirements: We may disclose information if required by law, court order, or to protect our rights, safety, or property.

  Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new owner.

  With Your Consent: We may share information for other purposes with your explicit consent.

  No Data Sales: We do not sell your personal information to third parties for monetary or other valuable consideration.

  6. Data Retention Periods

  We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy:

  Account Data: Retained while your account is active. Permanently deleted immediately when you delete your account via profile settings.

  Profile Information: Name, bio, birthday, and preferences stored until account deletion.

  Session Data: Temporary session information cleared when you log out or delete your account.

  Usage Analytics: Aggregated and anonymized data retained for up to 5 years for service improvement.

  Support Communications: Retained for 3 years after resolution for quality assurance.

  Payment Information: Transaction records retained for 7 years as required by financial regulations.

  Cookie Data: Session cookies expire when you close your browser/app; persistent cookies expire after 1 year.

  Logs and Technical Data: Server logs retained for 90 days for security and troubleshooting.

  Self-Service Deletion: You can delete all your data instantly via your profile settings – no waiting periods or contact required.

  7. Security and Data Breach Notification

  We implement comprehensive security measures to protect your information:

  Encryption: Data encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

  Access Controls: Strict employee access controls, role-based permissions, and regular security training.

  Regular Audits: Quarterly security assessments and penetration testing.

  Infrastructure: Secure cloud hosting with automated backups and disaster recovery procedures.

  Authentication: Multi-factor authentication for administrative access.

  Data Breach Response

  In the unlikely event of a data breach affecting your personal information:

  We will notify you within 72 hours of discovering the breach via email or in-app notification.

  Notification will include details of what information was affected and when the breach occurred.

  We will provide guidance on steps you can take to protect yourself.

  Relevant authorities will be notified as required by law (e.g., GDPR, CCPA).

  However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

  8. Third-Party Links and Services

  Our Services may contain links to third-party websites, applications, or services (e.g., Google Sign-In, social media). This Privacy Policy does not apply to those third-party services, and we are not responsible for their content, privacy policies, or practices. We encourage you to review their privacy policies before providing any information.

  9. Children’s Privacy (18+ Only)

  Our Services are intended for adults only (18+). We do not allow account creation for anyone under 18. This age restriction is enforced due to the nature of our voice/video chat services and user safety considerations.

  Account creation is restricted to users 18 years and older.

  Age Verification: Users must enter their birthday during registration. Our system prevents account creation for users under 18 through both frontend validation and server-side verification.

  Accounts suspected of being operated by minors are immediately investigated and terminated.

  We will delete any information from users under 18 within 24 hours of discovery.

  Parents/guardians can contact us at support@catlangu.com to report suspected underage use.

  COPPA Notice: The Children’s Online Privacy Protection Act (COPPA) does not apply to our Services as we are an adult-only platform that does not permit users under 18.

  10. California Privacy Rights (CCPA/CPRA)

  If you are a California resident, you have additional privacy rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  Your California Rights

  Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell.

  Right to Delete: Request deletion of your personal information (available instantly via profile settings or by contacting us).

  Right to Opt-Out: Opt out of the sale or sharing of your personal information.

  Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

  Right to Correct: Request correction of inaccurate personal information.

  Right to Limit: Limit use and disclosure of sensitive personal information.

  Data Sale and Sharing

  We Do Not Sell Personal Data: Catlangu does not sell your personal information to third parties for monetary consideration.

  No Sale: We do not sell personal data as defined under CCPA/CPRA.

  Limited Sharing: We may share data with service providers for business purposes (authentication, in-app payment processing via Apple/Google, cloud hosting, analytics).

  AdMob (Mobile): We use Google AdMob for advertising in our mobile app, which may use advertising identifiers for personalized ads. You can opt out via Google Ad Settings, or reset your advertising ID in your device settings (iOS: Settings > Privacy > Advertising; Android: Settings > Google > Ads).

  How to Exercise Your Rights

  Self-Service: Delete your account directly via profile settings for immediate data deletion.

  Email Request: Contact us at support@catlangu.com with “California Privacy Request” in the subject line.

  Identity Verification: We may require verification of your identity before processing requests to protect your privacy.

  Response Time: We will respond to verified requests within 45 days (may be extended by 45 days if necessary).

  No Fee: We do not charge a fee to process or respond to your requests unless they are excessive or repetitive.

  For more information about your California privacy rights, visit the California Attorney General’s website.

  11. European Privacy Rights (GDPR)

  If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

  Right of Access: Request a copy of your personal data we hold.

  Right to Rectification: Correct inaccurate or incomplete personal data.

  Right to Erasure: Request deletion of your personal data (available via profile settings).

  Right to Restrict Processing: Request limitation of how we process your data.

  Right to Data Portability: Receive your data in a structured, commonly used format.

  Right to Object: Object to processing of your data for certain purposes.

  Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

  Right to Lodge a Complaint: File a complaint with your local supervisory authority.

  Legal Basis for Processing

  We process your personal data under the following legal bases:

  Contract: To provide Services you’ve requested (account creation, language matching, chat functionality).

  Legitimate Interest: To improve Services, ensure security, and prevent fraud.

  Consent: For marketing communications and non-essential cookies (you can withdraw anytime).

  Legal Obligation: To comply with applicable laws and regulations.

  International Data Transfers

  Your data may be transferred to and processed in countries outside the EEA. When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

  12. Your Rights and Data Control

  Access and Correction: You may access and update your account information by logging into your account settings.

  Data Deletion: You can delete your account and all personal data instantly via your profile settings, or contact us at support@catlangu.com for assistance.

  Opt-Out: You may opt out of promotional emails by following the unsubscribe link in those messages or adjusting settings in your account.

  Do Not Track: We respect browser Do Not Track (DNT) signals where technically feasible.

  How to Delete Your Catlangu Account

  You can delete your account directly from the app at any time. No email or contact is required.

  Steps:

  1. Open the Catlangu app

  2. Go to Settings > Account

  3. Tap Delete Account

  4. Confirm deletion

  What Is Deleted:

  Your profile information (username, bio, profile picture)

  Messages and voice chats

  Followers and following data

  Account settings and preferences

  Authentication links (Google / Apple)

  Premium subscription information (except payment records retained by app stores)

  Deletion is permanent and cannot be undone.

  Complete and Immediate Erasure

  Permanent Deletion: All your data is permanently deleted immediately upon account deletion confirmation. This action cannot be undone.

  No Retention: We do not retain any personal data after account deletion (except as required by law for financial records).

  Database Removal: All records are immediately purged from our production systems.

  Cache Clearing: All cached data is immediately cleared from our servers.

  Backup Removal: Data is removed from backups within 30 days.

  Additional Steps: To completely disconnect from Google or Apple services, you can also revoke Catlangu’s access directly from your Google Account Settings or Apple ID Settings.

  13. Marketing Communications

  We may send you marketing communications about our Services:

  Opt-in Required: We only send marketing emails or push notifications with your explicit consent.

  Easy Unsubscribe: Every email includes a one-click unsubscribe link; push notifications can be disabled in device settings.

  Frequency: Maximum of 2 promotional messages per month.

  Content: Service updates, new features, language learning tips, and special offers.

  Transactional Messages: We may send non-promotional messages (security alerts, subscription confirmations, policy updates) regardless of marketing preferences.

  You can opt out at any time by clicking unsubscribe, adjusting notification settings, or contacting support@catlangu.com.

  14. Analytics and Tracking

  We use the following analytics services to improve our Services:

  Internal Analytics: We track usage patterns, feature adoption, and user flows to improve user experience.

  Performance Monitoring: Technical metrics to ensure service reliability, identify bugs, and optimize performance.

  Google AdMob: We use Google AdMob for advertising in our mobile app, which may collect data for personalized ads.

  Crash Reporting: Automated crash reports help us identify and fix technical issues.

  Cookie Management: You can control cookies through your browser settings. Disabling certain cookies may affect functionality.

  Advertising Opt-Out: You can opt out of personalized advertising by visiting Google Ad Settings, or by resetting your advertising ID on your device (iOS: Settings > Privacy & Security > Apple Advertising > Reset Advertising Identifier; Android: Settings > Google > Ads > Reset advertising ID).

  15. Data Storage and Processing Location

  Your data is stored and processed on secure cloud servers. We use industry-standard database systems with encryption, caching mechanisms for performance, and automated backups for data integrity. By using the Services, you consent to the storage and processing of your data in accordance with this policy and applicable data protection laws.

  16. Changes to This Policy

  We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. The “Last updated” date will reflect when changes were made.

  Notification: For material changes to this policy, we will provide 30 days’ advance notice via email, in-app notification, or prominent Service notice.

  Continued Use: Continued use of the Services after updates are posted constitutes your acceptance of the modified Privacy Policy.

  Disagreement: If you do not agree with the revised Privacy Policy, you should stop using our Services and may delete your account.

  We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

  17. Contact Us

  If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

  Email: support@catlangu.com

  Service Provider: Catlangu

  For GDPR Requests: If you are in the EEA/UK and wish to exercise your rights, please include “GDPR Request” in your subject line.

  For CCPA Requests: If you are a California resident, please include “California Privacy Request” in your subject line.

  Thank you for trusting Catlangu with your information. We are committed to protecting your privacy and providing transparent data practices.

  Last updated: December 18, 2024