Lang'oMat
LangOMat - Entraîneur de vocabulaire - Vocabulary Trainer - Vokabeltrainer - Εκπαιδευτής Λεξιλογίου - Entrenador de Vocabulario

Privacy Policy

Details
Written by: admin
Category: Uncategorised
Published: 03 February 2026
Hits: 267

1. Data Controller

The data controller responsible for data processing under the General Data Protection Regulation (GDPR) is:

NATAVO solutions, Inh. Andreas Martschinke, Kuckucksruf 51, 23562 Lübeck, Germany
Email (Data Protection): This email address is being protected from spambots. You need JavaScript enabled to view it.
Email (Legal Notice): This email address is being protected from spambots. You need JavaScript enabled to view it.

2. General Information on Data Processing

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with applicable data protection legislation (GDPR, German BDSG, TDDDG) and this privacy policy. This privacy policy applies to the use of our website at langomat.com as well as the mobile application Lang'oMat (iOS / watchOS).

3. What Data is Collected?

3.1 Web Platform: Registration and User Account

Use of the service requires creating a user account. We collect and store the following data:

  • Email address (for login and communication)
  • Full name (first and last name)
  • Username
  • Password (stored encrypted, never in plain text)

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance)
Storage period: Until deletion of the user account by the user or by us
Purpose: Provision of the online service, authentication, communication

Address or postal data are not collected.

3.2 Web Platform: Usage Data During Learning

When using the language learning service, you submit words and short texts for AI-assisted translation, text-to-speech output, and speech recognition. These inputs are forwarded to external processors for processing (see Section 4).

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance)
Storage period: Inputs are not stored permanently; they are processed solely to provide the requested service.

3.3 Web Platform: Server Log Files

When you access our website, our web host (see 4.6) automatically collects information transmitted by your browser:

  • IP address (truncated/anonymised after a short time)
  • Date and time of access
  • Browser type and version
  • Operating system
  • Referrer URL
  • Data volume transferred, HTTP status code

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in security and stable operation)
Storage period: Generally a maximum of 14 days

3.4 iOS App: Local Data Storage

The Lang'oMat app stores the following data exclusively locally on your device:

  • Vocabulary: Downloaded vocabulary
  • Settings: App language, learning languages, theme selection, haptic feedback
  • Favourites: Vocabulary items marked by you (max. 100)
  • Premium status: Information about active subscriptions

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance)
Storage period: Until app uninstallation or manual deletion of data

3.5 iOS App: Vocabulary Synchronisation (Premium)

With an active premium subscription, the app synchronises vocabulary with our server (langomat.com).

Data transmitted: Selected learning languages, requested vocabulary levels (A, B, C), API token (anonymised), request timestamp.
Not transmitted: Apple ID, name, email, payment data, personal learning progress.

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance)
Storage period: No permanent storage on the server

4. Processors and External Services

To provide our services, we use the following service providers as processors (Art. 28 GDPR). Data processing agreements and/or standard contractual clauses pursuant to Art. 46 GDPR are in place with all providers listed below.

4.1 OpenAI (AI Translation, Web)

We use the OpenAI API for AI-assisted vocabulary completion and translation.

Provider: OpenAI, L.L.C., 3180 18th Street, San Francisco, CA 94110, USA
Data transmitted: Word/phrase entered by the user, source language and target languages
Third-country transfer: USA, safeguarded via standard contractual clauses and EU-US Data Privacy Framework
Privacy policy: https://openai.com/policies/privacy-policy

4.2 Google (Text-to-Speech, Web)

We use Google Translate TTS for text-to-speech output of entered vocabulary.

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company Google LLC, USA)
Data transmitted: The text to be spoken, language code
Third-country transfer: USA, safeguarded via standard contractual clauses and EU-US Data Privacy Framework
Privacy policy: https://policies.google.com/privacy

4.3 Microsoft (Speech Recognition, Web)

We integrate Microsoft Cognitive Services Speech for in-browser speech recognition.

Provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (parent company Microsoft Corporation, USA)
Data transmitted: Voice recording for recognition
Third-country transfer: USA, safeguarded via standard contractual clauses and EU-US Data Privacy Framework
Privacy policy: https://privacy.microsoft.com/en-gb/privacystatement

4.4 PayPal (Payment Processing, Web)

We use PayPal to process paid subscriptions on the web platform.

Provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg
Data transmitted: Name, email address, payment information (processed exclusively by PayPal)
Privacy policy: https://www.paypal.com/uk/legalhub/privacy-full

4.5 Apple (In-App Purchases, iOS App)

When purchasing premium subscriptions in the iOS app, transaction data is processed via Apple's StoreKit. We do not collect or store payment data ourselves.

Provider: Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA
Data processed by Apple: Apple ID, payment information, transaction ID, subscription status and duration
Third-country transfer: USA, safeguarded via standard contractual clauses and EU-US Data Privacy Framework
Privacy policy: https://www.apple.com/legal/privacy/

4.6 Web Host (Strato AG)

Our website is hosted by Strato AG. Server log data is processed as part of hosting (see 3.3).

Provider: Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany
Server location: Germany (EU)
Privacy policy: https://www.strato.de/datenschutz/

5. Cookies

Our website uses only technically necessary cookies required for the login area to function:

  • Joomla session cookie (to maintain your login during your visit)

Legal basis: § 25 para. 2 no. 2 German TDDDG (technically necessary storage), Art. 6 para. 1 lit. f GDPR
Storage period: Session cookies are automatically deleted when the browser is closed.

We do not use tracking, analytics, or advertising cookies.

6. Disclosure of Data

Your personal data is only shared with the processors listed in Section 4 and, in exceptional cases, where we are legally obliged to do so. No disclosure for advertising or marketing purposes takes place.

7. Your Rights

You have the following rights regarding your personal data at any time:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7 para. 3 GDPR)

To exercise your rights, please contact: This email address is being protected from spambots. You need JavaScript enabled to view it.

Deletion of local data (app): You can delete all locally stored app data at any time by uninstalling the app.
Deletion of online account: Please contact us by email.

8. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data. The authority with jurisdiction over us is:

Independent Centre for Privacy Protection Schleswig-Holstein (ULD)
Holstenstraße 98
24103 Kiel, Germany
Phone: +49 431 988-1200
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Web: https://www.datenschutzzentrum.de

9. Data Security

We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, loss, destruction, or unauthorised access:

  • Encrypted transmission via HTTPS (TLS)
  • Passwords are stored exclusively as hashes (never in plain text)
  • Local app data protected by the iOS/watchOS sandbox
  • Access restrictions and regular system updates

10. Children

Our service is not specifically directed at children under the age of 16. We do not knowingly collect personal data from children under 16 without the consent of a parent or guardian. Should we become aware of this, we will delete such data without delay.

11. Changes to this Privacy Policy

We reserve the right to update this privacy policy to reflect changes in the legal situation or changes to our service. The current version is always available on this page and in the app.

12. Data Protection Contact

For questions about data protection or to exercise your rights, please contact us at:

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Postal address: NATAVO solutions, Inh. Andreas Martschinke, Kuckucksruf 51, 23562 Lübeck, Germany


Last updated: April 2026

Next article: Terms and Conditions Next

Select your language

  • Español (España) ES
  • Italiano (it-IT) IT
  • Greek (el-GR) EL
  • French (fr-FR) FR
  • Deutsch (Deutschland) DE
  • English (United Kingdom) EN
  • Legal Notice
  • Terms and Conditions
  • Privacy Policy
App Store Google Play