SpeakNordPricing

Privacy Policy

Last updated: April 4, 2026

1. Introduction

AiFlex, Inc., operating as SpeakNord, ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Finnish language learning platform at speaknord.com ("the Service"). We comply with the EU General Data Protection Regulation (GDPR) and applicable Finnish data protection legislation.

2. Data Controller

The data controller is AiFlex, Inc. For data protection inquiries, contact us at support@speaknord.com.

3. Data We Collect

3.1 Account Data

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • Authentication data (hashed password or Google OAuth identifier)
  • Finnish language proficiency level

3.2 Learning Data

As you use the Service, we collect:

  • Lesson progress, exercise responses, and scores
  • Vocabulary review history (spaced repetition data)
  • Quiz results and leaderboard scores
  • AI tutor conversation history
  • YKI mock test results

3.3 Audio Data

When you use pronunciation features, audio is recorded from your microphone and sent to our servers for analysis. Audio data is processed in real time by Azure Speech Services for pronunciation assessment and is not permanently stored after processing.

3.4 Payment Data

Payment processing is handled entirely by Paddle (Paddle.com Market Limited), our Merchant of Record. We do not store your credit card number or payment details. Paddle collects and processes payment information according to their Privacy Policy. We receive from Paddle: subscription status, plan type, and transaction identifiers.

3.5 Technical Data

We automatically collect:

  • IP address
  • Browser type and version
  • Device type
  • Pages visited and usage patterns

4. How We Use Your Data

We use your data to:

  • Provide and personalize the language learning experience
  • Generate AI-powered lessons and feedback tailored to your level
  • Assess your pronunciation and provide feedback
  • Track your learning progress and maintain spaced repetition schedules
  • Process subscriptions and manage your account
  • Operate leaderboards and community features
  • Send transactional emails (account verification, password resets)
  • Improve the Service through aggregated, anonymized analytics

5. Legal Basis for Processing (GDPR)

  • Contract performance: Processing account, learning, and payment data is necessary to provide the Service you subscribed to.
  • Legitimate interest: Technical data and usage analytics to maintain and improve the Service.
  • Consent: Audio recording for pronunciation assessment (you initiate each recording).

6. Third-Party Services

We use the following third-party services that may process your data:

  • Amazon Web Services (AWS): Cloud hosting and AI model inference (EU region). Data processed under AWS's Privacy Policy.
  • Microsoft Azure Speech Services: Pronunciation assessment. Audio processed in real time, not retained.
  • ElevenLabs: Text-to-speech for conversation partners. Text processed in real time.
  • Paddle: Payment processing and billing (Merchant of Record).
  • Google OAuth: Optional authentication via Google account.

7. Data Retention

  • Account data: Retained while your account is active and for 30 days after deletion request.
  • Learning data: Retained while your account is active. Deleted upon account deletion.
  • Audio data: Processed in real time and not permanently stored.
  • Payment records: Retained as required by tax and accounting regulations (typically 6 years).
  • Technical logs: Retained for up to 90 days.

8. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Request restriction of processing
  • Objection: Object to processing based on legitimate interest
  • Withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, email us at support@speaknord.com. We will respond within 30 days. You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman (tietosuojavaltuutettu) at tietosuoja.fi.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including encrypted data transmission (TLS), secure password hashing, and access controls. However, no method of internet transmission is 100% secure.

10. International Data Transfers

Your data may be processed outside the EU/EEA by our third-party service providers (AWS, Azure, ElevenLabs). These transfers are protected by Standard Contractual Clauses (SCCs) or the service provider's participation in approved transfer mechanisms.

11. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it.

12. Cookies

We use essential cookies for authentication (JWT tokens stored in cookies). We do not use third-party advertising or tracking cookies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service. The "Last updated" date at the top indicates when the policy was last revised.

14. Contact

For privacy-related questions or to exercise your data rights, contact us at support@speaknord.com.

Terms of ServiceRefund PolicyPricing