Legal, Privacy and Data Protection

Last updated: 2026-02-25

This page describes how Anglicus currently works and is not legal advice.

We update this policy when product behavior changes, so you can see what data is processed, where it is stored, and how to control it.

Terms of Service

By using Anglicus, you agree to these terms.

Anglicus is an educational platform. We do not guarantee specific learning outcomes, exam results, or uninterrupted availability.
You are responsible for account security, for content you submit, and for activity performed through your account.
You may not use the service for unlawful activity, abuse, automated scraping, security probing, or attempts to bypass limits.
AI-generated answers can be incorrect or incomplete. You should verify important information before relying on it.
Paid features and discounts follow the billing flow shown in the app. Crypto payments are irreversible once confirmed on-chain.
We may update, suspend, or remove features to improve reliability, safety, or legal compliance.

If you do not agree with these terms, you should stop using the service.

Privacy

We minimize personal data and separate on-device learning data from limited server-side account data.

On your device, we store profile, learning progress, settings, mistakes, and speaking statistics in local browser storage (localStorage and IndexedDB).
For authentication, the API stores a user ID, hashed email, password hash (email login only), auth provider, and subscription status in our database.
For product operations, we store usage counters and selected analytics events linked to your user ID.
If you enable email reminders, we store email, reminder time, timezone offset, language, and frequency encrypted in reminder storage until you unsubscribe.
If you use paid checkout, we store checkout session data such as address, network, required amount, transaction ID, confirmation state, and paid-until date.
If you submit feedback, we process your message and optional contact email to respond and improve the product.

We do not sell personal data. When ads are enabled, ad partners may process limited identifiers for delivery, measurement, and fraud prevention.

Cookies

Anglicus uses only essential cookies and application storage needed to run core features.

The `anglicus_promo` cookie stores a signed promo token for billing discounts. It is HttpOnly, SameSite=Lax, path-limited to `/api/billing`, and can last up to 1 year.
The `anglicus_referral` cookie stores a signed referral token with the same security settings and lifetime.
When ads are enabled, third-party advertising cookies or similar identifiers can be set for ad delivery, frequency capping, and measurement.
The app also uses localStorage and sessionStorage for auth tokens, language preference, settings, active checkout state, and anti-abuse controls.
If you block or clear cookies/storage, some features (for example discounts or persistent login) may stop working until you sign in or apply codes again.
Browser controls let you manage or delete cookies and local data at any time, and our in-app banner lets you accept or reject non-essential analytics/ads storage.

Cookie values are signed tokens, not plain promo or referral codes.

Data Protection

We apply technical and organizational controls appropriate for a small educational platform.

Email identifiers are stored as hashes in auth records, and passwords are stored as bcrypt hashes.
Reminder subscriptions are encrypted before being stored in reminder infrastructure.
On-device profile storage uses encryption and integrity checks, with local backup logic to reduce tampering and accidental loss.
To prevent abuse, rate-limiting systems may process your IP address or a proxy-derived network identifier.
When required for service delivery, data can be sent to AI model providers, email delivery providers, ad providers, payment or blockchain infrastructure, and Google Sign-In.
Retention varies by dataset: reminder entries remain until unsubscribe, rate-limit records are short-lived, and account/billing/analytics records are kept while needed for operations, fraud prevention, and legal obligations.

You can request access, correction, deletion, or reminder opt-out through Settings and in-app feedback. If local data remains, clear the site's browser storage for a full device-side wipe.