MassVocabulary

Privacy Policy

Effective Date: March 6, 2026

MassVocabulary ("we," "us," or "our") is a vocabulary learning app developed by Jimmy Tran. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data. We are committed to protecting your privacy and being transparent about our data practices.

1. Information We Collect

Account Information

When you create an account using Google Sign-In, we receive and store:

  • Your email address
  • A unique user identifier generated by our authentication provider

We do not access or use your name, profile photo, phone number, or any other personal details from your Google account. Our authentication provider (Supabase) may automatically receive profile metadata from Google during the sign-in process, but our application never reads, displays, or processes this data, and it is deleted when you delete your account.

Learning Data

As you use the app, we store your vocabulary learning progress, including:

  • Words you have studied and their review schedules
  • FSRS spaced repetition parameters (difficulty, stability, review intervals)
  • Study session history and statistics
  • Course progress and preferences

Device Information

To enable database synchronization across your devices, we may collect basic device identifiers. We do not collect location data, contacts, or access your camera or microphone.

Error Reports

We use Sentry for error monitoring in both our mobile app and website. When an error occurs, Sentry may automatically collect technical information such as device type, operating system version, app version, and error stack traces. This data is used solely to identify and fix bugs. Sentry does not collect personally identifiable information such as IP addresses, names, or email addresses. Error data is stored in the European Union via Sentry's EU data region.

Waitlist Information

If you sign up for our waitlist on our website, we collect the email address you provide. This is used only to notify you about app availability and updates.

2. Information We Do Not Collect

  • We do not use advertising SDKs or show ads
  • We do not sell, rent, or trade your personal data
  • We do not use analytics tracking beyond error monitoring (Sentry)
  • We do not collect location data
  • We do not access your contacts, photos, camera, or microphone
  • We do not use cookies for tracking purposes on our website. Our website may use browser local storage solely for temporary authentication sessions (such as during account deletion), which is cleared when you sign out

3. How We Use Your Information

We use your information for the following purposes:

  • Authentication: To create and manage your account
  • Data Sync: To synchronize your learning progress across your devices
  • Spaced Repetition: To schedule your vocabulary reviews at optimal intervals
  • Bug Fixes: To identify and resolve technical issues via error reports
  • Communication: To send waitlist updates (only if you signed up)

4. Data Storage and Security

Local Storage

Your learning data is stored locally on your device using SQLite. The app works fully offline, and your data remains on your device unless you enable cloud sync.

Cloud Storage

If you create an account, your data may be synchronized to our cloud infrastructure:

  • Supabase (PostgreSQL) for authentication and account data, hosted in the European Union in secure, SOC 2 compliant data centers
  • Backblaze B2 for encrypted database backups used in cross-device sync, hosted in the European Union

Security Measures

We take reasonable measures to protect your data, including using HTTPS for all data transmission, presigned URLs with short expiration times for file access, and secure authentication via Supabase and Google OAuth. However, no method of electronic storage or transmission is 100% secure.

5. Third-Party Services

We use the following third-party services that may process your data:

We do not sell or share your personal data with any third parties for advertising or marketing purposes.

6. Data Retention

We retain your data for as long as your account is active. Local data on your device persists until you uninstall the app or clear its data. Cloud data is retained until you delete your account. Accounts that have been inactive for more than two years may be deleted along with all associated data after we make reasonable efforts to notify you via email.

7. Account Deletion

You can permanently delete your account and all associated data at any time by visiting our account deletion page. When you delete your account:

  • Your authentication credentials are removed from Supabase
  • Your cloud-synced database backups are deleted from Backblaze B2
  • Your account record and associated data are permanently erased
  • Local data on your device is not affected — uninstall the app to remove it

Account deletion is irreversible and typically completes within a few seconds.

8. Your Rights

For All Users

  • Access the personal data we hold about you
  • Request deletion of your account and data
  • Export your data (your learning database is stored locally on your device)

For Users in the European Economic Area (GDPR)

If you are located in the EEA, you have additional rights under the General Data Protection Regulation:

  • Legal Basis: We process your data based on your consent (account creation) and our legitimate interest in providing and improving the service
  • Right to Rectification: Request correction of inaccurate data
  • Right to Restriction: Request that we limit processing of your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

For California Residents (CCPA)

Under the California Consumer Privacy Act, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we do not sell your data)
  • Non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at massvocabulary@gmail.com.

9. Children's Privacy

MassVocabulary is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us with personal information, please contact us at massvocabulary@gmail.com.

10. International Data Transfers

All user data is stored and processed within the European Union. Our cloud infrastructure providers — Supabase, Backblaze B2, and Sentry — all host our data in EU data centers. No user data is transferred to or stored in the United States. We rely on our service providers' compliance with the GDPR and applicable data protection frameworks to ensure adequate safeguards for your data.

11. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach. The notification will include a description of the breach, the types of data involved, and steps we are taking to address it. Where required by law, we will also notify the relevant data protection authorities.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you through the app or by updating the effective date at the top of this page. Continued use of MassVocabulary after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or your data, please contact us:

Jimmy Tran

Email: massvocabulary@gmail.com

Website: massvocabulary.com