Privacy Policy for UNGAA App

Last updated: 23-02-2026
Controller: VSynap Technologies LLP, Bangalore, India, info@vsynaptech.com, www.vsynaptech.com

1. Summary — in plain language

We help users (children and adults) improve vocabulary, topics and subjects and provide translations. This policy explains what personal data we collect, why we collect it, how we use it, who we share it with, your rights, and how parents can control a child’s account.

2. Scope

This Privacy Policy applies to all UNGAA App services: mobile apps, website, APIs, and in-app features (collectively “Services”) worldwide. If you are a parent or guardian using or supervising a child under local age thresholds, see the Children’s Privacy section.

3. Types of data we collect

We collect only what’s necessary to provide the Services. Categories include:

A. Account & registration data

• Name (optional), email, username, password (hashed).
• Age or date of birth / age band (for age gating and legal compliance).

B. Profile & preferences

• Language preferences, progress, achievements, avatar or profile picture choices.

C. App usage & performance data

• Device type, OS version, app version, log files, IP address (for security and diagnostics), crash reports, timestamps, feature usage metrics (aggregate and pseudonymized where possible).

D. Content data

• Vocabulary practice entries, voice recordings (if voice feature is enabled), typed text and translation requests, user-generated content (UGC). Voice recordings and typed text are processed only with user consent and retained as described below.

E. Payment data

• For purchases: payment token or third-party processor reference (we do not store full card details; payments are processed by our third-party payment provider). There is no payment provide during Beta Launch and will update this section when we launch our Production Version.

F. Third-party data

• Data imported from third-party services (e.g., Google, Apple) only with explicit user consent.

4. Children’s privacy (age gates, parental consent)

We provide services to children and professionals. We treat child accounts with heightened protections.

• If a user is under the age that requires parental consent where they live (for example: under 13 in the U.S. under COPPA), we will not collect personal information from the child unless we obtain verifiable parental consent. (See section: Parental Controls & Consent.)
• We collect minimal data for child accounts (a persistent, non-identifying learner profile, progress, and locally necessary age band). We disable targeted advertising and profiling for child accounts by default. For EU/UK, we implement age-appropriate defaults per the ICO’s Age-Appropriate Design guidance.

5. Legal bases for processing (where applicable)

• Consent: for optional features (voice recording, analytics where required, or targeted marketing).
• Performance of a contract: to provide the app and purchased features.
• Legitimate interests: limited diagnostics, fraud prevention, and feature improvement — balanced against user rights.
• Legal obligation / public interest: when required by law.

(For EU/EEA users we will record the legal basis per GDPR; for California residents we will follow CPRA/CCPA rights.)

6. How we use data (purposes)

• Provide, update, and personalize the Services (progress tracking, multi-language translations).
• Improve and develop features (A/B testing, analytics) — only aggregated or pseudonymized data for product improvement unless user consents otherwise.
• Security, fraud prevention, bug fixes, and abuse detection.
• Process payments and order history.
• Send transactional messages (account, password resets) and optional marketing with opt-in.
• Comply with legal requests.

7. Third parties & processors

We use third-party processors (cloud hosting, analytics, voice processing, payment processors). We share only the minimum data needed. Where required, we will use approved transfer mechanisms (e.g., EU Standard Contractual Clauses or local legal alternatives) for cross-border transfers.

8. International transfers

Personal data may be transferred outside your country for hosting, analytics, or third-party services. We assess legal requirements and implement safeguards (adequacy findings, SCCs, encryption).

9. Data retention

• Basic account data: until user deletes the account + 6 months for backups and legal obligations.
• Child account data: retention minimized; parents can request deletion at any time.
• Transactional/payment information: retained per applicable tax and accounting laws.

10. Security

We use industry best practices: encryption in transit (TLS), encryption at rest where feasible, hashing of credentials, regular security audits, vulnerability patching, and access controls. If a breach affects user data, we will notify affected users and relevant authorities per applicable laws.

11. Cookies & tracking

We use cookies and similar technologies for essential functionality and (with consent, where required) analytics. Users can manage cookie preferences in the app or via device settings.

12. Your rights (how to exercise)

• Access, correct, delete your personal data.
• Portability of data.
• Restrict or object to processing.
• Withdraw consent at any time.

13. Parental controls & verifiable parental consent

1. Parents must provide verifiable consent before we collect more than minimal data.
2. Parents may review, modify, or delete the child’s data, and revoke consent at any time.
3. We provide easy parental controls inside the app and a clear parental consent flow. For U.S. users, we follow COPPA guidance for verifiable parental consent.

14. Account deletion & portability

Users (and parents of children) can request account deletion or export of their data by contacting info@vsynaptech.com. Deletion will be completed within a reasonable timeframe subject to legal exceptions.

16. Changes to this policy

We may update this policy. For material changes we will notify registered users and publish the effective date.

17. Contact & supervisory authority

Questions: for any questions, you can reach us via our email info@vsynaptech. We will respond to your questions at the earliest opportunity.