Privacy Policy

Last updated: December 3, 2025

TL;DR

  • We never access your Netflix/YouTube accounts, passwords, or watch history
  • Payment info goes directly to Stripe—we don't store card numbers
  • Your vocabulary and learning data stay on your device until you sync them
  • You can delete all your data anytime. Just email us.
  • We're transparent. If anything changes, we tell you first.
01

Why we request permissions

Netflix & YouTube access (scripting, activeTab)

We need this to inject bilingual subtitles into video players and let you tap words to learn. We read subtitle text only—never video/audio streams or your watch history.

Storage permission

We cache your vocabulary, session state, and preferences locally so the extension works instantly and syncs when you're online.

Tabs & sidePanel permissions

To open the learning dashboard and keep your progress in sync across the tabs you're studying in.

Offscreen document

For background processing of subtitles and scheduled syncs without interrupting your browsing.

02

What data we collect

  • Account info: Email, preferences, learning sessions (synced to Supabase)
  • Learning activity: Words you save, session progress, time spent on subtitles (for your dashboard and tutor insights)
  • Optional telemetry: Errors, feature usage, session timestamps (strictly for debugging)
  • Subtitle text: Extracted from Netflix/YouTube, processed locally, stored in your account for review decks
03

What we never store

Full video/audio streams from Netflix or YouTube—only subtitle text and timestamps

Your Netflix/YouTube login credentials or authentication tokens

Credit card numbers—Stripe handles all payments, we never see them

Your watching habits beyond what you explicitly enable for learning

04

How we protect your data

  • Error reports are hashed and deduplicated before storage
  • Sensitive fields (tokens, full subtitles) are scrubbed before transmission
  • IP addresses and user agents are not logged—only anonymous session IDs
  • You can opt out of telemetry anytime in extension settings
05

Third-party services

Supabase (Postgres + Auth)

Hosts your account and learning data. GDPR and SOC2 compliant. We control who accesses your data.

Stripe

Handles all payment processing. We never see your full card number—only the last 4 digits for reference.

OpenAI API (optional)

Only if you enable AI definitions. Subtitle text is sent to OpenAI for processing. You control this feature and can disable it anytime.

06

Billing & subscription data

We track credits earned, spent, and expiration dates. Your subscription tier (Free/Basic/Pro), billing dates, and renewal dates are kept for accurate billing and dispute resolution. Email and location (country/state) are used for billing purposes only.

07

Your rights

  • Export or delete your data: Email privacy@violingo.ai
  • Report security issues: Email security@violingo.ai
  • Opt out of telemetry: Disable in extension settings anytime
  • Permanent deletion: Contact us within 30 days of account closure
  • Refund review: Request within 7 days of charge for unused credits