|

Privacy Policy

Last updated: April 27, 2026

Introduction

PokiSpokey ("we", "us") is committed to protecting your privacy. This policy explains what personal data we collect when you use our language learning platform, how we use it, who we share it with, and what rights you have. By using the Service you agree to the practices described here.

Data We Collect

Account data

Email address, display name, and profile picture if you sign in with Google. Passwords are stored as one-way hashes — we never see your plain-text password.

Usage data

Search queries, language preferences, and monthly search and AI credit counts. This data powers your usage meter and enforces plan limits.

Technical data

IP address (for security and rate limiting), browser type, and device type. Used for diagnostics and abuse prevention only.

Billing data

Payments are handled entirely by Polar.sh. We store only your subscription status and customer reference — no card details ever touch our servers.

How We Use It

We use your data strictly to operate and improve the Service. We do not sell your personal data.

  • Authenticate you and manage your account
  • Deliver search, video playback, and AI features
  • Enforce plan limits and track usage
  • Send transactional emails (verification codes, billing receipts)
  • Detect and prevent abuse and unauthorized access
  • Improve the Service using anonymized, aggregated data

Data Sharing

We share data only with the services required to operate PokiSpokey:

  • Polar.sh — payment processing (PCI-DSS compliant)
  • Groq — AI inference; your message is sent to generate a response
  • YouTube — video playback via the official IFrame API
  • Vercel — frontend hosting

We do not share your data with advertisers or data brokers.

Retention

  • Account data is kept until you request deletion
  • Usage counters reset monthly; aggregate totals are retained for analytics
  • AI conversation logs are kept for up to 90 days for abuse monitoring, then permanently deleted
  • Billing history is retained for a minimum of 5 years for financial and legal compliance

Security

All data is transmitted over TLS/HTTPS. Passwords are hashed before storage. We use short-lived authentication tokens with automatic rotation, rate limiting, and IP-based abuse detection. In the event of a confirmed data breach, we will notify affected users promptly.

Your Rights

Depending on your location (GDPR, CCPA, and similar laws), you may have the right to:

  • Access a copy of your personal data
  • Correct inaccurate information
  • Request deletion of your account and all associated data
  • Export your data in a portable format
  • Object to or restrict certain types of processing

To exercise any of these rights, email support@pokispokey.com. We respond within 30 days.

Cookies

We use only strictly necessary cookies for authentication. We do not use tracking, advertising, or analytics cookies. Disabling cookies in your browser will prevent login from functioning.

Policy Changes

We may update this policy. The "Last updated" date at the top reflects the most recent revision. We will notify registered users of material changes via email or an in-app notice before they take effect.

Contact

Questions or requests? Email us at support@pokispokey.com.