Privacy Policy
Last updated: July 4, 20261. Data Controller
Data controller under the General Data Protection Regulation (GDPR) is:
DeDaBe UG (limited liability)
Fürther Str. 64b
90429 Nuremberg, Germany
[email protected]
2. General Information
This privacy policy explains the nature, scope, and purpose of processing personal data within the Spinlin platform.
Spinlin is an AI-powered language learning platform that enables users to practice conversations, receive feedback, and connect with other learners.
3. Types of Data Processed
We process the following types of data:
- Login data (Google OAuth)
- Profile information (name, email address, language preferences)
- Speech and chat transcripts
- AI-generated analysis and feedback data
- Usage data (sessions, interactions)
- Technical data (IP address, browser, device information)
4. Google OAuth
Login is provided via Google OAuth. We receive basic profile data provided by Google (name, email address, profile picture).
Legal basis: Art. 6(1)(b) GDPR.
5. AI Processing
The platform uses artificial intelligence to analyze spoken conversations and generate feedback (grammar, vocabulary, expression).
Processing is carried out by external providers:
- Anthropic PBC (USA) – Claude AI (claude-haiku-4-5 API)
- DeepL SE (EU) – translation services
- Google Web Speech API (USA) – speech recognition (browser-based)
Only text transcripts are processed; audio files are not stored and are deleted immediately after processing.
Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
6. Hosting / Infrastructure
Hetzner Online GmbH hosts the platform in Germany.
All data is stored on servers located within the European Union.
7. Error Monitoring
We use Sentry for error monitoring. Technical data such as IP addresses and error logs may be processed.
8. Communication
The platform currently does not send emails.
9. Payment Processing (Stripe)
For paid features (subscriptions and one-time exam purchases), we use the payment provider Stripe Payments Europe Ltd., Ireland.
The following data may be processed:
- Name
- Email address
- Payment details (e.g., credit card, SEPA)
- Transaction data
- Billing information
Stripe may transfer data to affiliated companies outside the EU (especially the United States).
Legal basis: Art. 6(1)(b) GDPR (contract performance).
More information: https://stripe.com/privacy
10. Speech Processing
Voice recordings are used exclusively for transcription into text.
- Audio is not stored permanently
- Audio is deleted immediately after processing
- Only text transcripts are stored and analyzed
Processing is done via browser-based APIs (Google Web Speech API or similar services).
11. AI Analysis (Anthropic Claude)
Text transcripts are sent to the AI provider Anthropic PBC (USA) for analysis.
The AI generates:
- Grammar corrections
- Vocabulary feedback
- Improvement suggestions
- Language performance feedback
This processing is necessary for providing the core platform functionality.
12. Translation Services
For optional translations we use DeepL SE (Germany).
13. Random Partner Matching
The platform randomly connects users for language practice.
- No manual matching is performed
- Users cannot choose conversation partners
- Connection data is used only for the session
14. Friend System
Users may add other users as “friends” after conversations.
- Friend relationships are stored
- Enables future interactions between users
15. Data Retention
Stored data includes:
- Transcripts: stored until account deletion
- AI feedback: stored until account deletion
- Friend connections: stored until deletion
Not stored:
- Audio files (deleted immediately after processing)
16. Cookies & Local Storage
The platform uses only technically necessary cookies for:
- Login sessions
- Security
- User state management
No tracking or marketing cookies are used.
17. International Data Transfers
Data may be transferred to third countries outside the EU, especially:
- United States (Anthropic, Google)
- Safeguarded via Standard Contractual Clauses (SCCs)
18. User Rights (GDPR)
You have the following rights:
- Access (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection (Art. 21 GDPR)
Contact: [email protected]
19. Data Security
We implement technical and organizational measures to protect data against loss, misuse, and unauthorized access.
20. Changes
We reserve the right to update this privacy policy.