Privacy in plain language.

• Account identifiers. Email, display name, and avatar URL — whatever your sign-in provider returns (email/password, GitHub, or Google). When you sign in on iOS we also receive an Apple ID identifier if you choose Sign in with Apple. Passwords are bcrypt-hashed on our servers; we never see them in plaintext.
• Learning state. Card states (interval, ease factor, due date), review history with timestamps, custom decks you create or import, achievements earned, XP, streak data, and reminder preferences. This is what the spaced-repetition system needs to surface the right cards at the right time.
• Tutor conversations. The full transcript of your AI tutor sessions, persisted so you can continue conversations across devices and revisit past explanations. Sent to Anthropic at inference time; Anthropic does not train on your messages (per their API policy). Not shared with any other party. Reportable for abuse via the in-app Report flow.
• Audio for pronunciation scoring. When you tap the microphone to score your pronunciation, the raw audio recording is sent to Azure Cognitive Services for analysis and is discarded immediately after scoring. We do not retain the audio file. We do not use it to train any model.
• Subscription state. Plan (free / Plus), status (active / cancelled / trialing), renewal date, and the processor's customer or transaction identifier — Stripe customer ID for web purchases, Apple original-transaction-ID for iOS App Store purchases. We never see, store, or transmit your card number, bank details, or Apple ID password.
• Push subscriptions. If you enable daily reminders, the device endpoint your browser or iOS app exposes for push delivery (VAPID endpoint or APNs token). Lets us send the one reminder you signed up for; nothing else.
• Operational logs. Standard server access logs (IP, user-agent, request path, response code, timestamp) retained for 30 days for debugging and abuse detection. Not joined to your account after that window.
• Aggregate analytics. Page-view counts and basic performance numbers via Vercel Analytics — cookieless, no cross-site tracking, aggregated in such a way that individuals cannot be identified.

We collect each data type only for the purpose it's tied to. Mapped to the Apple App Privacy taxonomy:

• App Functionality. Account identifiers, learning state, tutor conversations, audio for pronunciation scoring, subscription state, push subscriptions. Without these the app's core features — sign-in, study, tutor, scoring, paid features, reminders — cannot work.
• Analytics. Aggregate page-view counts via Vercel Analytics. Used to understand which sections of the app are used and where users get stuck. Not linked to your identity.
• Product Personalization. Learning state + tutor conversations are read back to you to personalize what the app shows next (which cards are due, what the tutor remembers from last session). Never used to personalize anything outside MíngWay.

We do not use your data for advertising, cross-app tracking, behavioral profiling, AI model training, or selling to third parties. We never have.

• Account data + learning state + tutor conversations + subscription state: For the lifetime of your account. When you delete your account via Settings → Delete account (Apple App Store Guideline 5.1.1(v) in-app deletion), every row tied to your user ID is removed immediately. No grace period, no soft-delete, no backup we restore from later.
• Audio recordings: Discarded immediately after pronunciation scoring returns (typically under 5 seconds). Not retained at rest.
• Operational logs: 30 days, after which they are deleted by our hosting provider's retention policy.
• Aggregate analytics: Retained indefinitely in aggregated form. No individual identifiers to delete.
• Tax / billing records tied to subscriptions: Retained as long as the law requires (typically 7 years in the US, 10 years in much of the EU), independent of account deletion. We keep the bare minimum: invoice ID, amount, date — never card or contact data.

Every processor below is bound by a data-processing agreement (DPA) restricting them to the role described.

• Vercel (USA) — hosts the application code, runs Vercel Analytics, terminates TLS, stores operational logs.
• Neon (USA, EU regions available) — managed Postgres for the application database.
• Stripe (USA) — payment processing for web subscriptions. We send Stripe your email and a customer reference; Stripe sees your card data, we never do.
• Apple (USA, EU entity for EEA users) — payment processing for iOS App Store subscriptions. We receive an opaque original-transaction-ID; Apple holds your billing relationship.
• Anthropic (USA) — inference provider for the AI tutor (Claude). Your tutor messages are sent to Anthropic at inference time. Anthropic's API terms forbid training on customer inputs.
• Microsoft Azure (USA + global regions) — Azure Cognitive Services for pronunciation scoring. Audio is processed and discarded; no retention beyond the scoring call.
• Resend (USA) — transactional email delivery (password reset, magic link, account-deletion confirmation). Receives your email address and the message body.
• GitHub, Google, Apple — identity providers for OAuth / Sign in with Apple. We receive the public profile fields they choose to share.

Most of our processors are headquartered in the United States. When data about EEA, UK, or Swiss residents leaves your jurisdiction, the transfer relies on the European Commission's Standard Contractual Clauses (SCCs), each processor's relevant adequacy decision, or — for the US — the EU-US Data Privacy Framework where the processor is self-certified. You can request a copy of the SCCs we rely on by emailing privacy@mingway.app.

You can exercise these rights at any time:

• Delete your account. Built into the app: Settings → Delete account. Confirms with a typed phrase, then irreversibly removes your account and every row tied to it.
• Access / portability. Email privacy@mingway.app for a machine-readable export of everything we have on you. Response within 30 days (often within 7).
• Correct. Most fields are editable in Settings. For anything that isn't, email us.
• Object / restrict. EEA/UK residents can object to or restrict processing under GDPR Articles 18 and 21. Email privacy@mingway.app.
• Withdraw consent. For any processing we rely on your consent for, you can withdraw it via Settings or by emailing us. Withdrawal does not affect processing already performed.
• Complain to a regulator. EEA/UK residents have the right to lodge a complaint with their national data-protection authority.

California residents: Under the CCPA / CPRA you have the right to know what we've collected, request deletion, correct inaccuracies, opt out of sale or sharing, and limit use of sensitive personal information. We do not sell or share personal information. To exercise any right, email privacy@mingway.app.

MíngWay is not directed to children. You must be at least 13 years old (16 in the EEA) to create an account. If you're a parent and believe your child has signed up under our age limit, email privacy@mingway.app and we will delete the account.

The MíngWay tutor uses Anthropic's Claude model family. Replies are generated; they are not authored by a human and may be wrong. Treat them as a study aid, not as authoritative linguistic claims. Every assistant reply has a Report button you can use to flag content you believe violates our content policy or these guidelines; reports are reviewed by our team.

We do not use your tutor conversations to train any AI model (ours or Anthropic's).

We set a session cookie when you sign in (NextAuth), a small theme-preference cookie, and a locale cookie remembering your chosen UI language. None of these are used for cross-site tracking or advertising.

Data in transit is encrypted with TLS 1.2+. Data at rest is encrypted by our hosting provider. Passwords are bcrypt-hashed. Sessions are scoped per-user and expire after 30 days of inactivity. We apply rate limits to authentication and deletion endpoints and rotate any credentials that may have been exposed. No system is perfect — if you spot a security issue, please email support@mingway.app.

When we change this policy in a way that affects your rights or what we collect, we update the date at the top and notify signed-in users via in-app banner and email. Minor edits (typos, clarifications) do not trigger a notice.

Privacy questions: privacy@mingway.app · Everything else: support@mingway.app.