Privacy Policy

BusinessEnglishAI ("we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share information when you use our platform.

By using our platform, you agree to the collection and use of information in accordance with this policy.

2.1 Information you provide directly

• Account information: Email address, full name, and password when you register.
• Payment information: Billing details processed by Paddle. We do not store your card details.
• Session notes: Any personal notes you choose to save alongside AI feedback.
• Communications: Messages you send us via email or support channels.

2.2 Information collected automatically

• Usage data: Roleplays accessed, session duration, completion status, and weekly unlock activity.
• AI session transcripts: Text transcripts of your AI conversation sessions, used to generate CEFR feedback.
• Performance data: CEFR scores (Accuracy, Range, Interaction) saved per session to track your progress.
• Device and log data: IP address, browser type, and basic device information collected via Vercel and Supabase infrastructure.

2.3 Voice data

In the free tier, your voice is not recorded or stored. In the paid tier, your spoken input is processed in real time by the browser's speech recognition. We do not store audio recordings of your voice on our servers.

We use your information to:

• Provide, operate, and improve the platform and its features.
• Process payments and manage your subscription via Paddle.
• Generate personalised AI feedback on your Business English performance.
• Track your learning progress and maintain session history.
• Send session feedback summaries via email.
• Send transactional emails (account verification, password reset, receipts).
• Enforce usage limits as described in our Terms.
• Detect and prevent fraud, abuse, and violations of our Terms.
• Comply with legal obligations.

We do not use your data to train AI models, sell to advertisers, or share with third parties for marketing purposes.

If you are located in the EEA or United Kingdom, we process your personal data under the following legal bases:

• Contract performance: Processing necessary to provide the service you signed up for.
• Legitimate interests: Improving the platform, fraud prevention, and security.
• Legal obligation: Where required by applicable law.
• Consent: Where we have asked for and received your consent.

We share your data only with trusted third-party service providers necessary to operate the platform:

• Supabase — Database and authentication. SOC 2 Type II certified.
• Vercel — Hosting and deployment.
• Groq — AI conversation (paid tier). Does not use your data to train models.
• Microsoft Azure TTS — Text-to-speech voice synthesis for avatar audio.
• Paddle — Payment processing. PCI-DSS compliant. Acts as Merchant of Record.
• Resend — Transactional email delivery.

We do not sell, rent, or share your personal data with any other third parties for their own commercial purposes.

• Account and profile data: retained while your account exists.
• Session transcripts: retained for up to 12 months.
• CEFR feedback and scores: retained to show your progress over time.
• Payment records: retained as required by financial regulations (typically 7 years).

When you delete your account, we delete or anonymise your personal data within 30 days, except where required by law.

Depending on your location, you may have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your account and associated data.
• Portability: Request your data in a machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, email support@businessenglishai.com. We will respond within 30 days.

We use essential cookies and browser storage to maintain your session and authentication state. These are strictly necessary and cannot be disabled.

We do not use advertising or tracking cookies, or any third-party analytics cookies that track you across sites.

• All data transmitted over HTTPS/TLS.
• Passwords hashed and never stored in plain text (managed by Supabase Auth).
• Row-level security (RLS) policies ensure users can only access their own data.
• Payment data processed exclusively by Paddle — we never receive card details.

In the event of a data breach affecting your rights, we will notify you as required by applicable law.

Our service providers may process data in countries outside your own, including the United States. Where data is transferred outside the EEA or UK, we ensure appropriate safeguards are in place.

Our platform is not directed at children under 16. If you believe we have inadvertently collected data from a child under 16, please contact us at support@businessenglishai.com.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page.

Email: support@businessenglishai.com

If you are in the EU/EEA and unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.