Privacy Policy

This policy explains what data the Lexa app collects, why, where it is stored, and the choices you have.

1. Who we are

Lexa (the “app”) is a vocabulary-learning app for iOS and Android. The app and its servers are operated by Oleksandr Myroshnychenko, an independent developer based in Ukraine (“we”, “us”, the “data controller”).

For any privacy question, email privacy@mylexa.app.

2. The short version

• We collect what we need to run your account and sync your learning across your devices — nothing more.
• We do not show ads, we do not sell your data, and we do not use advertising trackers.
• Your data is stored on Microsoft Azure servers in the European Union (Poland).
• You can delete your account — and everything in it — at any time, from inside the app or from our delete-account page.

3. What we collect & why

Account & identity

You sign in with Apple or Google. Through that sign-in we receive your email address and name, which we use to create and secure your account. If you use Sign in with Apple, you may choose to hide your email, in which case we only ever see Apple’s private relay address.

Inside the app you can pick an avatar icon from a built-in set. This is a simple graphic you choose — it is not a photo of you and contains no personal information. We never request access to your camera or photo library.

Your learning content & progress

The words, categories, attached media, and study progress you create are stored on our servers so they stay in sync across every device you sign in on. This content belongs to you; we use it only to provide the learning features of the app.

Subscriptions

If you buy Lexa Pro, the purchase is processed by the App Store or Google Play, and subscription status is managed for us by RevenueCat. We receive only your subscription status (e.g. active / expired) so we can unlock Pro features. We never see or store your card or payment details.

Diagnostics

To find and fix crashes, we use Sentry. When the app encounters an error it may send a diagnostic report including the device model, operating-system and app version, a technical stack trace, and a coarse network identifier such as an IP address. We configure Sentry to minimise personal data in these reports.

4. Legal bases (GDPR)

If you are in the European Economic Area or the UK, we rely on these legal bases:

• Performance of a contract — to create your account and provide and sync the app’s features.
• Legitimate interests — to keep the app secure and stable (including crash diagnostics), balanced against your rights.
• Legal obligation — where we must keep certain records (for example, tax records for purchases).

5. Who we share data with

We do not sell your data. We share it only with the service providers (“processors”) that make the app work, each under their own privacy terms:

• Microsoft Azure — server hosting and storage (EU region). Privacy
• Apple — Sign in with Apple and App Store purchases. Privacy
• Google — Google sign-in and Google Play purchases. Privacy
• RevenueCat — subscription management. Privacy
• Sentry — crash and error diagnostics. Privacy

We may also disclose data if required by law, or to protect the rights, safety, or property of our users or ourselves.

6. Where your data is stored

Your account and learning data are stored on Microsoft Azure servers in the European Union (Poland). Some of our providers (Apple, Google, RevenueCat, Sentry) may process limited data in the United States or other countries. Where data leaves the EEA, those transfers are covered by appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

7. How long we keep it

We keep your account and learning data for as long as your account exists. When you delete your account, we delete that data from our active systems; residual copies in encrypted backups are removed on a rolling cycle. Diagnostic data in Sentry is retained for a limited period (by default around 90 days) and then deleted automatically.

8. Accessing & deleting your data

You are always in control of your data:

• In the app — open your profile and choose Delete account to permanently remove your account and all associated data.
• On the web — follow the steps on our How to delete your account page.
• By email — to access, correct, export, or delete your data, write to privacy@mylexa.app and we will respond within 30 days.

9. Your privacy rights

EEA & UK (GDPR)

You have the right to access, correct, delete, export (portability), restrict, or object to our processing of your data, and to withdraw consent at any time. You may also lodge a complaint with your local data protection authority. (In Ukraine, this is the Ukrainian Parliament Commissioner for Human Rights.)

California (CCPA/CPRA)

California residents have the right to know what personal information we collect, to access and delete it, to correct it, and to not be discriminated against for exercising these rights. We do not sell or share personal information as those terms are defined under California law.

To exercise any of these rights, contact privacy@mylexa.app.

10. Security

All traffic between the app and our servers is encrypted with HTTPS/TLS. Sign-in tokens are stored in the device’s secure storage (Apple Keychain / Android Keystore). We restrict server access and rely on Microsoft Azure’s infrastructure security. No method of transmission or storage is ever 100% secure, but we work to protect your data using industry-standard measures.

11. Children

Lexa is not directed to children. We do not knowingly collect personal data from children under 13 (or under the minimum age required in your country). If you believe a child has provided us data, contact privacy@mylexa.app and we will delete it.

12. Changes to this policy

We may update this policy from time to time. When we do, we will revise the “Last updated” date above, and for significant changes we will provide notice in the app or by email. Continued use of the app after a change means you accept the updated policy.

13. Contact

Questions or requests about your privacy? Email privacy@mylexa.app and we’ll be glad to help.