Privacy policy.

Last Updated: 29 December 2025

1. DATA CONTROLLER

HearSay Learn B.V.
Nieuwe Achtergracht 184, 1018WV Amsterdam, Netherlands
Contact: [email protected]

HearSay is the Data Controller for the personal data of Language Learners and Teacher Partners. Regarding the delivery of messages on the WhatsApp network, Meta Platforms Ireland Ltd. acts as an independent Controller.

2. DATA WE COLLECT

We collect and process the following categories of data:

Identity Data: This includes your WhatsApp display name and phone number. If you are a paid subscriber or teacher, this may also include your email address.

  • Lawful Basis: Performance of Contract.

Usage Data: We track your interactions with the AI, including chat logs, learning progress, corrections history, and mini-game scores to personalize your learning path.

  • Lawful Basis: Performance of Contract.

Payment Data: If you purchase a subscription, our payment processor (Stripe) collects your transaction history and billing address. HearSay does not store full credit card numbers.

  • Lawful Basis: Legal Obligation (Tax and Accounting).

Teacher Partner Data: If you are a Teacher Partner, we collect your name, email, and banking details to process referral payouts and generate self-billing invoices.

  • Lawful Basis: Performance of Contract.

Technical Data: We collect metadata such as your IP address, device type, and browser type when you interact with our web links or apps.

  • Lawful Basis: Legitimate Interest (Security, Fraud Prevention, and Debugging).

Voice Data (Conditional): We generally do not record your voice. However, if you choose to use future interactive pronunciation features, you may submit audio recordings.

  • Lawful Basis: Consent. (By voluntarily sending a voice message, you consent to HearSay processing that audio file using our AI providers to analyze pronunciation and generate a response. Voice data may be stored to track your progress.)

Important Note on Voice Data:
We generally do not record your voice. However, if you choose to use future interactive pronunciation features, by voluntarily sending a voice message, you consent to HearSay processing that audio file using our AI providers to analyze pronunciation and generate a response.

3. SUB-PROCESSORS AND TECHNOLOGY STACK

To provide our Service, we share data with the following third-party service providers. Due to the nature of our "Edge Computing" infrastructure, data may be processed globally.

  • Infrastructure & Hosting:

    • Cloudflare (USA/Global): We use Cloudflare Workers and R2 storage. Data is processed at the "Edge," meaning it may be processed in a data center nearest to you, which may be outside the EEA.

  • AI & Synthesis:

    • Google (USA): We use Vertex AI/Gemini for text generation and Cloud Text-to-Speech for audio.

    • Anthropic (USA): Used for AI text generation.

  • Messaging:

    • Meta Platforms Ireland Ltd (Ireland/USA): To send and receive messages via the WhatsApp Business API.

  • Database & Backend:

    • Neon (USA): Managed PostgreSQL database.

    • Convex (USA): Real-time backend services.

  • Authentication & Payments:

    • BetterAuth: User session management.

    • Stripe (USA): Payment processing.

  • Analytics & Marketing:

    • Mouseflow / Hotjar: Website analytics (on our marketing site).

    • MailerLite: Email communication (primarily for teachers).

4. INTERNATIONAL DATA TRANSFERS

Many of our partners (Google, Anthropic, Cloudflare, Stripe) are based in the United States. We transfer data to the US relying on the EU-US Data Privacy Framework (DPF) where the provider is certified, or Standard Contractual Clauses (SCCs) approved by the European Commission to ensure your data remains protected.

5. DATA RETENTION

  • User Account Data: Retained for the lifetime of your account.

  • Chat Logs: Retained to provide learning history until you request deletion.

  • Financial Records: Retained for 7 years as required by Dutch tax law (Belastingdienst).

6. COOKIES

Our marketing website uses cookies for analytics (e.g., Mouseflow/Hotjar).

  • Essential Cookies: Required for the site to function (e.g., login sessions).

  • Analytics Cookies: Used to understand how you use our site. You will be asked for consent before these are placed.

7. YOUR RIGHTS

Under the GDPR, you have the right to:

  • Access the personal data we hold about you.

  • Rectify incorrect data.

  • Erase your data ("Right to be Forgotten").

  • Restrict or Object to processing.

  • Portability: Receive your data in a structured format.

To exercise these rights, simply email [email protected]. Since we identify users by phone number (WhatsApp ID), please message us from the relevant number or provide proof of ownership.

8. TEACHER PARTNERS & STUDENT DATA

If you are a Teacher Partner, you acknowledge that HearSay acts as the sole Data Controller for the students you refer. You will be provided with aggregate, anonymized statistics (e.g., "5 referrals"). You will not be granted access to student personal data (such as names or phone numbers) unless explicit additional consent is obtained from the student.