Privacy Policy
Last updated: June 2, 2026
Colexi helps learners turn books, articles, videos, class material, diary writing, flashcards, and speaking practice into study material. This policy explains what personal data we collect, why we use it, how long we keep it, who we share it with, and the rights you have under the General Data Protection Regulation (GDPR) and other privacy laws that may apply.
1. Who We Are
Colexi is the controller for personal data processed through Colexi, unless we say otherwise in a specific feature notice.
- Controller: Colexi
- Privacy contact: [email protected]
By signing up for Colexi, you agree to this Privacy Policy. That agreement confirms you have read this notice; it does not mean we rely on consent for every use of personal data. We rely on consent only where we specifically ask for it, and otherwise use the lawful bases described below.
2. Personal Data We Collect
We collect personal data you provide directly, data created while you use the service, and limited technical data needed to operate and protect the platform.
- Account data: name, email address, password hash, login provider identifiers, verification status, settings, subscription status, and support messages.
- Study profile data: target language, native language, level, learning preferences, progress, daily reading settings, sprint goals, review history, and study state.
- Learning content: books, articles, URLs, YouTube videos, transcripts, uploaded or pasted text, class material, generated study notes, translations, summaries, flashcards, vocabulary, questions, and source-aware chat messages.
- Writing and speech data: diary entries, AI feedback, rehearsed speech text, voice-chat usage, recordings or audio you submit for speaking practice, text-to-speech outputs, and related metadata.
- Billing data: plan, subscription status, checkout and billing portal identifiers, invoices or payment events, and customer references from our payment provider. We do not store full card numbers.
- Device, log, and security data: IP address, browser or device type, session identifiers, request logs, API tokens, cookies, error logs, feature usage, and security events.
Please do not upload sensitive personal data unless it is necessary for your learning activity. If you include sensitive information in diary entries, sources, recordings, or chat messages, we process it only to provide the feature you chose and to protect the service.
3. How We Use Personal Data
| Purpose | Examples | GDPR lawful basis |
|---|---|---|
| Provide the service | Create accounts, keep you signed in, save learning material, generate study notes, translate content, run flashcards, and sync progress. | Performance of a contract. |
| Personalize learning | Use your active study profile, languages, level, study history, and selected sources to adapt explanations, practice, and recommendations. | Performance of a contract and legitimate interests in improving learner outcomes. |
| AI, speech, and content generation | Send the source text, transcript, prompt, recording, or context needed to generate summaries, translations, feedback, audio, images, or chat responses. | Performance of a contract; consent where a feature specifically asks for optional processing. |
| Payments and subscriptions | Start checkout, manage plans, apply feature access, process refunds, keep accounting records, and respond to billing support. | Performance of a contract and legal obligations. |
| Communications | Send login, security, account, support, billing, daily reading, sprint reminder, or product update messages. | Performance of a contract, legitimate interests, legal obligations, or consent for optional reminders and marketing. |
| Safety, debugging, and improvement | Prevent abuse, troubleshoot errors, secure API access, understand feature usage, maintain backups, and improve reliability. | Legitimate interests and legal obligations. |
| Legal compliance | Respond to lawful requests, enforce rights, keep tax or accounting records, and handle disputes. | Legal obligations and legitimate interests. |
4. AI Features and User Content
Colexi uses AI services to generate learning support from the content you choose. When you ask for an AI feature, we may send the relevant source, prompt, transcript, diary text, flashcard context, chat message, or audio to service providers that help us process the request. We limit what we send to what is needed for the selected feature.
AI output is study assistance, not a decision with legal or similarly significant effects. We do not use solely automated decision-making to decide whether you can use the service, receive a subscription, or exercise your privacy rights.
5. Cookies, Local Storage, and Similar Technologies
We use essential cookies and local storage to keep you signed in, protect forms, remember language and appearance preferences, support the progressive web app, route Livewire requests, prevent abuse, and maintain session security. If we introduce non-essential analytics or advertising cookies, we will ask for consent where required.
6. Who Receives Personal Data
We do not sell personal data. We share personal data only where needed for the purposes in this policy:
- hosting, database, storage, backup, queue, logging, and security providers;
- AI, speech-to-text, text-to-speech, image generation, transcript, translation, and content-processing providers;
- authentication providers when you sign in with a third-party account;
- payment, subscription, tax, and billing providers;
- email, notification, customer support, and operational communication providers;
- professional advisers, authorities, or courts where required to comply with law or protect rights.
Service providers process personal data under contractual restrictions. Some providers may also act as independent controllers for limited purposes, such as payment processing or third-party account authentication, under their own privacy notices.
7. International Transfers
We may process or transfer personal data outside the United Kingdom, European Union, or European Economic Area when our providers or infrastructure are located elsewhere. Where required, we use safeguards such as adequacy decisions, Standard Contractual Clauses, transfer impact assessments, supplementary security measures, and provider commitments to protect transferred data.
8. How Long We Keep Data
We keep personal data only for as long as needed for the purposes described in this policy, unless a longer period is required by law or needed to protect legal rights.
- Account, study profile, sources, notes, diary, flashcard, progress, and speech practice data are generally kept while your account is active.
- If you delete content or close your account, we delete or anonymize related data within a reasonable period, subject to backups, legal obligations, billing records, security needs, and dispute records.
- Security logs, technical logs, and backups are kept for limited operational periods and then deleted, rotated, or anonymized.
- Billing and accounting records are retained for the periods required by tax, accounting, and consumer protection laws.
9. Your Privacy Rights
Depending on where you live, you may have rights to access, correct, delete, restrict, or receive a copy of your personal data; object to certain processing; withdraw consent; and complain to a data protection authority. If you withdraw consent, we will stop the consent-based processing, but this will not affect processing already carried out lawfully.
To exercise rights, contact us at [email protected]. We may need to verify your identity before acting on a request. For GDPR requests, we aim to respond within one month, unless the request is complex or numerous and the law allows more time.
10. Security
We use technical and organizational measures designed to protect personal data, including access controls, encryption where appropriate, secure authentication, logging, backups, and least-privilege access for operational systems. No online service can guarantee perfect security, so please use a strong password and protect your login credentials.
11. Children
Colexi is not intended for children who cannot lawfully create an account or consent to online services in their country without parent, guardian, or school authorization. If you believe a child provided personal data without required authorization, contact us and we will review the account.
12. Changes
We may update this policy as the service, providers, or legal requirements change. If changes are material, we will take reasonable steps to notify you, such as by updating this page, sending an email, or showing an in-app notice.
13. Contact and Complaints
Questions or requests about privacy can be sent to [email protected].
If you are in the EU, EEA, or UK, you also have the right to lodge a complaint with your local data protection authority. We encourage you to contact us first so we can try to help.