1. Children and minimum age
Pararead is a general-audience product and is not directed at children. To create an account, you must be at least 16 in the EU/EEA and at least 13 in the United States (COPPA). An age check is presented at sign-up, and the app is rated 13+ (it is not in the App Store Kids Category). We do not knowingly allow accounts below the minimum age; if we learn of one, we close it and delete its data. You can report such an account to support@mail.pararead.app.
2. Data we collect, and why
- Account data - your email and sign-in identifiers (Apple/Google). Purpose: to create your account, keep it secure, and sign you in. Legal basis: contract (GDPR Art. 6(1)(b)). Kept while your account is active and deleted when you delete your account.
- Learning data - saved words and sentences, reading history, and study progress. Purpose: to provide the core features. Legal basis: contract (Art. 6(1)(b)). Deleted when you delete your account.
- Subscription data - subscription status and purchase identifiers (no card data). Purpose: to manage paid subscriptions (Apple bills you; RevenueCat provides status). Legal basis: contract (Art. 6(1)(b)), and legal obligation (Art. 6(1)(c)) for tax and accounting records, which we keep for as long as the law requires.
- Analytics data - usage events and device/app metadata. Purpose: to understand and improve the product. Legal basis: our legitimate interest in improving Pararead (Art. 6(1)(f)); you can object at any time (see “Your rights”). Kept only as long as needed for this purpose, then aggregated or deleted.
- Crash and security data - crash, diagnostic, and security events. Purpose: to detect crashes, prevent abuse, and keep the service secure. Legal basis: our legitimate interest in security and stability (Art. 6(1)(f)); you can object at any time (see “Your rights”). Kept only as long as needed for this purpose.
- Push notification data - your push token. Purpose: to deliver the notifications you enable (Firebase Cloud Messaging). Legal basis: consent (Art. 6(1)(a)); turning notifications off deletes the token.
- Advertising and attribution data - install and in-app conversion events (for example: app install, registration, trial start, subscription), device and app metadata, and - only if you allow tracking in Apple's App Tracking Transparency prompt - your device advertising identifier (IDFA). Purpose: to measure our advertising campaigns, attribute app installs to them, and optimise our advertising. Legal basis: consent (Art. 6(1)(a)) for IDFA-based tracking; our legitimate interest (Art. 6(1)(f)) in measuring advertising for the aggregated, privacy-preserving measurement that runs without the IDFA (Apple SKAdNetwork and equivalent). Kept only as long as needed for measurement, subject to our providers' retention limits.
Your account email and sign-in identifier are required to create an account and use the service. Notifications and IDFA-based ad tracking are optional and off until you allow them.
Automated processing: we use automated methods to estimate your learning level and recommend content. These do not have legal or similarly significant effects on you, and we do not make decisions producing such effects by automated means alone.
Our learning content - articles, stories, facts, translations, and exercises - is produced using AI tools. Your personal data is not sent to those AI providers and is not used to train their models.
3. Who we share data with
We share data with the following processors, who act on our behalf under data-processing agreements:
- RevenueCat - subscription status.
- Google Firebase - analytics, crash reporting (Crashlytics), and notifications (Cloud Messaging).
- AppsFlyer - mobile-measurement and attribution: install and in-app conversion events, device and app metadata, and the IDFA only with your App Tracking Transparency consent.
- DigitalOcean - app backend hosting.
- Cloudflare - website hosting/CDN and email routing for the contact address.
- Resend - transactional email.
Apple acts as merchant of record and as an independent controller for App Store billing and Sign in with Apple, processing that data under its own privacy policy.
To measure and optimise our advertising on Meta platforms (Facebook, Instagram), the app also sends Meta Platforms a limited set of app events - such as install, registration, trial start, and subscription - together with device and app metadata, and the IDFA only if you allowed tracking in the App Tracking Transparency prompt. We do not use Facebook Login and do not share your saved words, reading history, or other learning content with Meta. For matching and measurement, Meta processes this data as a separate controller (and, for some operations, a joint controller with us) under its own terms and privacy policy.
We do not sell your personal data. Disclosing identifiers and app events to Meta and AppsFlyer for advertising measurement may qualify as “sharing” for cross-context behavioural advertising under the CCPA/CPRA; you can opt out at any time - decline or revoke tracking in iOS Settings → Privacy & Security → Tracking, or email support@mail.pararead.app and we will honour the opt-out. Firebase Analytics acts only as our service provider, with its advertising and cross-product data-sharing features disabled.
4. International data transfers
Because the operator is established in Ukraine, the personal data of EU/EEA users is transferred to Ukraine, protected by the EU Standard Contractual Clauses. Some providers - including Google, RevenueCat, AppsFlyer, and Meta Platforms - are located in the United States or elsewhere, each covered by its own safeguard (the EU-US Data Privacy Framework and/or the EU Standard Contractual Clauses). These are the European Commission's published clauses and frameworks; for more information, contact support@mail.pararead.app.
5. How long we keep data
We keep personal data only as long as necessary for the purposes described in this policy. Account and learning data are kept while your account is active and deleted when you delete it. Some records are kept longer where the law requires it (for example, tax and accounting obligations) or to establish, exercise, or defend legal claims and prevent fraud; once no longer needed, it is securely deleted.
6. Cookies and analytics
This website uses self-hosted fonts and no advertising cookies or third-party ad trackers. Where website analytics is used, it is storage-free and sets no identifying cookies, so no cookie-consent banner is required.
In the app, we use Firebase Analytics and Crashlytics to understand usage and diagnose crashes, with their advertising and ad-personalisation features turned off; this product-analytics data is not used for advertising. Separately, for advertising measurement and attribution we use AppsFlyer and Meta app events - see “Who we share data with”.
On iOS, tracking is governed by Apple's App Tracking Transparency: we ask for your permission when the app starts, and your device advertising identifier (IDFA) is used only if you allow it. If you decline, advertising measurement continues only in Apple's aggregated, privacy-preserving mode (SKAdNetwork), without the IDFA. You can change your choice at any time in iOS Settings → Privacy & Security → Tracking.
7. Your rights
Subject to applicable law, you may access, rectify, erase, restrict, or object to the processing of your data; request portability; and withdraw consent (without affecting processing carried out beforehand). To delete your account and data, see Data deletion. For any other request, contact support@mail.pararead.app - at least two contact methods are available, you do not need an account to make a request, and we verify requests by confirming control of the account email.
California (CCPA/CPRA): you have the right to know, delete, and correct your data; to opt out of its sale (we do not sell personal data) and of its “sharing” for cross-context behavioural advertising - see “Who we share data with” for how to opt out; to limit the use of sensitive personal information; and to non-discrimination. Virginia (VCDPA) and Colorado (CPA): you also have the right to appeal a refused request and may then contact your state Attorney General. We review this notice at least every 12 months.
Turkey (KVKK Art. 11): you have equivalent rights and can exercise them by contacting support@mail.pararead.app.
8. Right to lodge a complaint
You may lodge a complaint with a supervisory authority. EU/EEA: your local data-protection authority (the one-stop-shop does not apply). Ukraine: the Ukrainian Parliament Commissioner for Human Rights. Turkey: the Personal Data Protection Authority (KVKK Kurumu), after first applying to us. California: the California Privacy Protection Agency or the Attorney General.
9. Data controller
Pararead is operated by Ivan Nezdropa, individual entrepreneur (Ukraine), the data controller. Privacy enquiries: support@mail.pararead.app.
The operator is established in Ukraine, not in the EU, so the GDPR “one-stop-shop” does not apply. If you are in the EU/EEA, you may contact the data-protection authority in your own country (see “Right to lodge a complaint”).
10. Changes to this policy
We may update this policy. We will post the new version here with a new date, and for material changes we will notify you in the app or by email.