fluenso

Privacy Policy

Updated: 2026-04-09 Data controller: SHIFT LLC, 5 Street 17, Argel, Nor Hachn, Kotayk region, 2404, Republic of Armenia Contact: support@fluenso.app

This Privacy Policy describes how Fluenso (the English-practice web app at https://fluenso.app, operated by SHIFT LLC) collects, uses, and protects your personal data. It applies to everyone who creates a Fluenso account or uses the service.

We aim to collect only the data we need to run the service and to be transparent about what we do with it.

1. Data we collect

Account data (always collected)

  • Email address (from signup or Google OAuth)
  • Password hash (argon2 — we never see your plaintext password)
  • Display name, if provided
  • Google account identifier, if you sign in with Google
  • Account creation timestamp, last login, email-verified flag

Profile and onboarding data (provided by you)

  • Native language
  • Target learning level / goals
  • Persona fields collected during onboarding (role, industry, work-English situations you want to improve)
  • CEFR level (A1–C2) estimated during onboarding from a short AI conversation
  • Preferred interface language and preferred currency

Practice data (generated while you use Fluenso)

  • Chat transcripts from practice sessions (the messages you type or speak, plus the AI coach's responses, grammar corrections, and suggestions)
  • Mistake patterns detected by the coach (type, frequency, example sentence)
  • Vocabulary items you've encountered and your spaced-repetition flashcard state
  • Scenario and session metadata (which scenario, when, how long, CEFR at the time)

Billing data

  • Subscription tier (Free or Plus), status, current period end, cancellation flag
  • A Monetize customer ID that links your Fluenso account to Monetize
  • Trial start/end timestamps
  • We do not store full credit card numbers. All card data is collected and processed directly by Monetize on their PCI-compliant infrastructure.

Technical data

  • IP address, user-agent string, and timestamps of requests (for security and abuse prevention — retained in server logs for up to 30 days)
  • Push-notification subscription tokens, if you opt in to browser/PWA push notifications
  • A session cookie (mj_token, HttpOnly) used to keep you logged in

We do not collect: phone numbers, physical addresses, biometric data, or advertising identifiers. We do not embed third-party advertising trackers.

2. Why we collect it (legal bases)

  • To provide the service you requested — running practice sessions, storing your transcripts so you can review them, tracking your CEFR level, personalizing scenarios. Legal basis: performance of contract.
  • To bill you — processing payments through Monetize and sending receipts. Legal basis: performance of contract.
  • To communicate essential account updates — verification emails, password resets, billing receipts, subscription-ending notices. Legal basis: performance of contract.
  • To keep the service safe — rate limiting, abuse detection, server logs. Legal basis: legitimate interest in preventing fraud and abuse.
  • To improve the product — aggregated analytics on which scenarios are used, which mistakes are common, error rates. Legal basis: legitimate interest, and only on anonymized/aggregated data.

We do not process your data for behavioral advertising.

3. How we use AI

When you practice with Fluenso, the text of your messages (and a transcript of any voice input) is sent to a large-language-model provider so the AI coach can respond and provide corrections. The LLM provider is contractually required not to train foundation models on your content.

AI providers we currently use:

  • OpenAI (or OpenAI-compatible API) for chat and grammar analysis

Your chat transcripts are stored in our PostgreSQL database in the European / Armenian region where our backend runs. They are associated with your account and visible only to you when you're logged in and to SHIFT LLC support staff when strictly necessary to resolve a support issue you've raised.

4. Who we share data with

We share personal data only with the third parties needed to run the service:

  • Monetize — payment processor. Receives your email and a user_id reference. See Monetize's own privacy policy.
  • OpenAI (or equivalent LLM provider) — receives your practice messages to generate coach responses.
  • Resend / SMTP provider — sends transactional emails (verification, password reset, subscription notices).
  • Hosting / infrastructure — the servers that run the database and application.
  • Google — only if you use "Sign in with Google" (OAuth).

We do not sell, rent, or share your personal data for advertising or marketing by other companies. We may disclose data if required by law.

5. How long we keep your data

  • Active accounts — we keep your data for as long as your account is active.
  • Inactive accounts — if you haven't logged in for 24 months and have no active subscription, we may delete your account after a warning email.
  • Deleted accounts — when you delete your account, we delete your personal data within 30 days, except where we are required to retain records (e.g., tax/accounting records tied to paid invoices, typically 7 years).
  • Server logs — 30 days.

6. Your rights

Depending on where you live, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data (most of it can be edited directly in Settings)
  • Delete your account and personal data
  • Export your data in a portable format
  • Object to certain processing based on legitimate interests
  • Withdraw consent where consent is the legal basis
  • Lodge a complaint with a data-protection authority in your country

To exercise these rights, either use the self-service options in your Account page or email support@fluenso.app. We will respond within 30 days.

7. Security

We take security seriously. We use:

  • Argon2 for password hashing
  • JWT access tokens (short-lived) + HttpOnly refresh cookies
  • HTTPS/TLS for all traffic
  • Database encryption at rest on our managed PostgreSQL
  • PCI-DSS compliance for payments is handled entirely by Monetize
  • Strict access controls on support staff

No system is perfectly secure. If we become aware of a data breach that affects you, we will notify affected users without undue delay.

8. International transfers

Our infrastructure is hosted in the European economic area / Republic of Armenia. LLM requests may be transmitted to OpenAI (United States). Where data leaves the EEA/Armenia, we rely on standard contractual clauses.

9. Children

Fluenso is not directed at children under 16. We do not knowingly collect data from children under 16. If you believe a child under 16 has given us personal data, please contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Updated" date at the top. For material changes we will email active users.

11. Contact

For any privacy-related question:

SHIFT LLC 5 Street 17, Argel, Nor Hachn Kotayk region, 2404, Republic of Armenia Email: support@fluenso.app