CatlanguCatlangu

Privacy Policy

How we collect, use, and protect your information

Last updated: May 17, 2026

1. Introduction

Catlangu ("we," "us," or "our") operates the website https://catlangu.com/ and the Catlangu mobile application (collectively, the "Services"). This Privacy Policy explains how we collect, use, and disclose your personal information when you visit or use our Services.

2. Information We Collect

2.1. Information You Provide

  • Account Information: When you register, we collect your name, email address, profile picture, and any profile details you choose to share (bio, birthday, language preferences).
  • Profile Photos: You may upload a profile photo and additional photos to your public photo gallery. These images are stored on our cloud storage (Cloudflare R2) and are visible to other Catlangu users.
  • Authentication: When you sign in with Google or Apple, we receive your profile information (name, email, profile picture) via Firebase Authentication services.
  • Payment Information: When you purchase subscriptions on the mobile app, payment is processed by Apple App Store or Google Play Store. On the web, payments are processed by Paddle. We receive transaction confirmation data but do not store your payment card details.

2.2. Automatically Collected Information

  • Usage Data: Pages you visit, features you use, session length, and technical details (e.g., browser type, IP address, device type, OS version).
  • Device Information: Device identifiers, mobile carrier, timezone, and crash reports for improving app stability.
  • Cookies and Tracking Technologies: We use cookies, web beacons, local storage, and similar technologies to recognize your browser, remember your preferences, and provide personalized content.

2.3. Voice Chat and Media Access

  • Microphone Access: We request permission to access your microphone to enable voice chat functionality with other users.
  • WebRTC Processing: Voice streams are processed through WebRTC technology for direct peer-to-peer connections between users.
  • No Recording or Storage (Live Voice Chat): We do not record, store, or retain any live voice chat sessions. All live chat audio is transmitted in real-time between participants and is not saved on our servers.
  • Voice Messages (Chat): You may record and send voice messages to other users in private chat. These audio files are stored on our cloud storage (Cloudflare R2) and are accessible only to the chat participants. Voice messages are deleted when you or the recipient deletes them, or when your account is deleted.

2.4. User-Generated Content (Feed)

  • Text Posts: You may create and publish text posts visible to other users on the community feed.
  • Voice Posts: You may record and publish voice messages to the community feed. These audio files are stored on our cloud storage (Cloudflare R2) until you delete them.
  • Comments and Replies: Text comments and replies you post are stored and visible to other users.
  • Public Visibility: Content you post to the feed is visible to other Catlangu users.
  • Your Control: You can delete your own posts and comments at any time. Deleted content and associated audio files are permanently removed from our servers.
  • Microphone Access for Voice Posts: We use microphone access to record voice posts you choose to publish to the feed.

3. How We Use Your Information

  • Provide and Improve Services: To operate, maintain, and enhance the Services and their features.
  • Communication: To send you updates, security alerts, support messages, and service-related notifications.
  • Personalization: To tailor content, recommendations, and language matching.
  • Analytics: To understand user behavior, improve performance, and develop new features.
  • Security and Safety: To detect fraud, prevent abuse, and enforce our Terms and Community Guidelines.
  • Legal Compliance: To comply with legal obligations and respond to legal requests.

4. Cookies and Similar Technologies

We use the following types of cookies and tracking technologies:

  • Essential Cookies: Required for authentication, security, and core functionality.
  • Session Cookies: Expire when you close your browser or app.
  • Persistent Cookies: Remain on your device until deleted or expired (typically 1 year).
  • Analytics Cookies: Help us understand how users interact with our Services.
  • Advertising Identifiers: Used by Google AdMob for personalized advertising on mobile devices.

Cookie Management: You can manage cookie preferences through your browser or device settings. However, disabling certain cookies may affect Service functionality. On mobile devices, you can reset your advertising identifier through system settings.

5. Data Sharing and Disclosure

We share your information only in the following circumstances:

  • Google/Firebase: We share authentication data with Google Firebase for secure login services and user authentication management.
  • Payment Processors: Apple App Store and Google Play Store process mobile payments on our behalf. Paddle processes web subscription payments on our behalf. We receive transaction confirmations but do not handle payment card details.
  • Google AdMob: We share advertising identifiers and usage data with Google AdMob for personalized advertising on our mobile app.
  • Analytics Providers: We use analytics services to understand usage patterns and improve our Services.
  • Cloudflare: We use Cloudflare R2 cloud storage to store voice audio files, including voice messages sent in private chat and voice posts published to the community feed.
  • Third-Party AI Service: When you use our "Practice with AI" feature, the text messages you send are transmitted to a third-party AI service provider to generate responses. See Section 12 for details.
  • Service Providers: We may share data with third parties who perform services on our behalf (e.g., cloud hosting, email delivery, customer support).
  • Legal Requirements: We may disclose information if required by law, court order, or to protect our rights, safety, or property.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new owner.
  • With Your Consent: We may share information for other purposes with your explicit consent.
  • No Data Sales: We do not sell your personal information to third parties for monetary or other valuable consideration.

6. Data Retention Periods

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy:

  • Account Data: Retained while your account is active. Permanently deleted immediately when you delete your account via profile settings.
  • Profile Information: Name, bio, birthday, and preferences stored until account deletion.
  • Session Data: Temporary session information cleared when you log out or delete your account.
  • Profile & Gallery Photos: Photos are stored on cloud storage (Cloudflare R2) and retained until you delete them or your account is deleted. Deleted photos are permanently removed from our servers.
  • Feed Posts & Comments: Text posts, voice posts, and comments are retained until you delete them or your account is deleted. Voice audio files are permanently removed from cloud storage upon deletion.
  • Chat Voice Messages: Voice messages sent in private chat are stored on cloud storage (Cloudflare R2) and retained until deleted by a participant or upon account deletion.
  • Usage Analytics: Aggregated and anonymized data retained for up to 5 years for service improvement.
  • Support Communications: Retained for 3 years after resolution for quality assurance.
  • Payment Information: Transaction records (processed via Apple App Store, Google Play Store, or Paddle) retained for 7 years as required by financial regulations.
  • Cookie Data: Session cookies expire when you close your browser/app; persistent cookies expire after 1 year.
  • Logs and Technical Data: Server logs retained for 90 days for security and troubleshooting.
  • Self-Service Deletion: You can delete all your data instantly via your profile settings — no waiting periods or contact required.

7. Security and Data Breach Notification

We implement comprehensive security measures to protect your information:

  • Encryption: Data encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
  • Access Controls: Access to user data is strictly limited and only accessed when necessary to operate or troubleshoot the Services.
  • Regular Reviews: Periodic security reviews and monitoring for vulnerabilities.
  • Infrastructure: Secure cloud hosting with automated backups and disaster recovery procedures.
  • Authentication: Multi-factor authentication for administrative access.

Data Breach Response

In the unlikely event of a data breach affecting your personal information:

  • We will notify you within 72 hours of discovering the breach via email or in-app notification.
  • Notification will include details of what information was affected and when the breach occurred.
  • We will provide guidance on steps you can take to protect yourself.
  • Relevant authorities will be notified as required by law (e.g., GDPR, CCPA).

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services (e.g., Google Sign-In, social media). This Privacy Policy does not apply to those third-party services, and we are not responsible for their content, privacy policies, or practices. We encourage you to review their privacy policies before providing any information.

9. Children's Privacy (18+ Only)

Our Services are intended for adults only (18+). We do not allow account creation for anyone under 18.

  • Account creation is restricted to users 18 years and older.
  • Age Verification: Users must enter their birthday during registration. Our system prevents account creation for users under 18 through both frontend validation and server-side verification.
  • Accounts suspected of being operated by minors are immediately investigated and terminated.
  • We will delete any information from users under 18 within 24 hours of discovery.
  • Parents/guardians can contact us at hello@catlangu.com to report suspected underage use.
  • COPPA Notice: The Children's Online Privacy Protection Act (COPPA) does not apply to our Services as we are an adult-only platform that does not permit users under 18.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional privacy rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

Your California Rights

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell.
  • Right to Delete: Request deletion of your personal information (available instantly via profile settings or by contacting us).
  • Right to Opt-Out: Opt out of the sale or sharing of your personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Limit: Limit use and disclosure of sensitive personal information.

Data Sale and Sharing

  • We Do Not Sell Personal Data: Catlangu does not sell your personal information to third parties for monetary consideration.
  • Limited Sharing: We may share data with service providers for business purposes (authentication, payment processing, cloud hosting, analytics).
  • AdMob (Mobile): We use Google AdMob for advertising in our mobile app, which may use advertising identifiers for personalized ads. You can opt out via Google Ad Settings or reset your advertising ID in device settings.

How to Exercise Your Rights

  • Self-Service: Delete your account directly via profile settings for immediate data deletion.
  • Email Request: Contact us at hello@catlangu.com with "California Privacy Request" in the subject line.
  • Response Time: We will respond to verified requests within 45 days.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access: Request a copy of your personal data we hold.
  • Right to Rectification: Correct inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data (available via profile settings).
  • Right to Restriction: Limit how we process your personal data.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to our processing of your personal data.

12. AI-Powered Features

Our app offers a "Practice with AI" feature that uses artificial intelligence to help users practice English conversation.

What Data Is Shared

  • Text Messages: When you use this feature, the text messages you send are transmitted to a third-party AI service provider to generate responses.
  • Voice Input: If you speak instead of type, your voice is converted to text on your device first. Audio files are not sent to the AI provider — only the resulting text.
  • Conversation Context: Recent messages in the current practice session may be sent together to provide conversational context for the AI.

Purpose

  • To generate AI responses for your practice conversations.
  • Data is not used for advertising or shared beyond what is necessary to operate this feature.

Data Handling by the AI Provider

  • The AI service provider may retain submitted text and use it to improve, maintain, and develop their AI models and services.
  • AI processing servers may be located outside your country, including outside the European Economic Area and the United States.
  • We do not control the AI provider's retention policies; please avoid sharing sensitive personal information (passwords, ID numbers, financial details) when using this feature.

Your Choices

  • Using "Practice with AI" is optional — you can use the rest of the app without using AI features.
  • You can stop using the feature at any time.
  • Deleting your account also stops any further data from being sent to the AI provider.

By using the "Practice with AI" feature, you consent to the data sharing described in this section.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Email: hello@catlangu.com