Privacy
Policy.

This is the privacy policy for NeonArc Studio ("NeonArc", "we", "us", "our") and the products we operate — including LinguiSpark (Android, package com.neonarcstudio.linguispark), Clear Skies (our Android game), our website (neonarcstudio.pl), and any future titles we ship. NeonArc Studio is the data controller for all personal data described in this policy.

01 / What we collect

The data we collect depends on which product you use and whether you create an account. Here is a precise breakdown:

LinguiSpark (Android app)

If you use the app without an account (guest mode). Your learning content stays on your device in local storage — your username, age range, learning goal, current and target CEFR level, study schedule, points, streak history, completed lessons, exercise and exam scores, daily task history, earned badges, and Word-of-the-Day history are all held locally and controlled by you. However, even as a guest the app creates a temporary anonymous account with Firebase (Google) so your progress can be linked if you later sign in. The only things that leave your device in guest mode are an anonymous Firebase user ID and a random device identifier (a UUID generated on first launch, not tied to your hardware, reset if you clear app data) — neither of which carries your email or any personal details. We collect no other data remotely until you create an account.

If you create an account (email/password or Google Sign-In). Creating an account lets you back up your progress and restore it on the same or a new device. When you sign in, we collect and store in the cloud:

• Your email address (from account registration or from your Google account).
• A Firebase User ID (a unique identifier generated by Google Firebase when your account is created).
• Your learning data: the same progress, profile, and preference fields listed above for guest mode.
• A device identifier: a randomly generated UUID created by the app on first launch and stored on your device. This is synced to your cloud record to help identify which device last wrote your progress. It is not tied to your hardware and resets if you clear app data.
• A timestamp recording when your progress was last synced.
• An optional "About me" note — a short free-text note you write yourself (for example, why you are learning Polish). It is visible only to you; there are no social or sharing features in the app. It is synced to Firestore for your own cross-device convenience.
• Optional country, if you choose to enter it in your account settings.

Google Sign-In. If you choose to sign in with Google, Google authenticates you and returns an ID token to the app. We use that token to create or sign in to your Firebase account. The data we receive from Google is limited to your email address and your Firebase User ID. We do not receive or store your Google profile photo or display name from Google.

Profile photo. You may optionally set a profile photo by picking an image from your device gallery. The photo is saved only to your device's local storage. It is not uploaded to our servers or to Firebase.

Notification token. If you grant notification permission, the app schedules a daily study reminder locally on your device using Android's notification system. No push token is sent to our servers. Notifications are generated entirely on-device.

Password reset email. If you request a password reset, Firebase Authentication sends a reset link to your email address on our behalf. We do not use a separate email provider for this.

Text-to-speech. The app uses your device's operating-system TTS engine (Android's built-in text-to-speech) to read vocabulary and example sentences aloud. No audio is recorded or transmitted; all TTS processing happens locally on your device. We do not use any third-party TTS service.

Website (neonarcstudio.pl)

Our website does not use Google Analytics, Meta Pixel, or any behaviour-tracking script. Google Fonts are loaded via the standard Google Fonts CDN; Google may log your IP address as part of serving those font files, subject to Google's Privacy Policy. We do not operate a newsletter or collect email addresses through the website at this time.

02 / Why we collect it

We collect data for the following purposes:

• To provide the service (contract performance / legitimate interest). Storing your progress so you can continue where you left off; syncing it to the cloud so you can use the same account on multiple devices or after reinstalling; sending password reset emails when you request them.
• To keep the service secure. Firebase Authentication and Firestore security rules enforce that only you can read or write your own data.

We do not use your data to train external models, profile you for advertising, or score you against other users. We do not send marketing emails. No marketing consent is collected in this version of the app.

03 / Cookies & tracking

Our website (neonarcstudio.pl) does not use Google Analytics, Meta Pixel, Hotjar, or any third-party advertising or behaviour-tracking script. Our marketing site loads no third-party JavaScript other than Google Fonts.

The LinguiSpark app does not use advertising SDKs and does not fingerprint your device. The analytics and ads preference toggles shown during onboarding do nothing today — no analytics or advertising software runs in this version of the app. They record your preference in case those features are ever added; you can change them in Settings → Privacy. If analytics, advertising, or crash-reporting services are ever enabled, this section will be updated and you will be told before they are turned on.

04 / Third parties

We use the following third-party services. Each one only processes the slice of data necessary to perform its function:

• Google Firebase (Google LLC, USA) — provides authentication (Firebase Auth) and cloud database (Firestore) for LinguiSpark accounts. Firebase Auth processes your email address and issues a User ID. Firestore stores your learning data, preferences, and device identifier under your User ID. Firebase also hosts our website. Google's data processing is governed by the Firebase Privacy and Security documentation and Google's standard contractual clauses for data transfers outside the EU/EEA. Firebase does not receive your profile photo or notification tokens.
• Google (Sign-In — Google LLC, USA) — if you choose Google Sign-In, Google authenticates you and provides your email address and an ID token to the app. This is subject to Google's Privacy Policy.
• Google Play (Google LLC, USA) — distributes the LinguiSpark app and processes app downloads under Google's Privacy Policy. We do not process in-app payments at this time.
• Device OS text-to-speech (on-device, no data leaves the device) — vocabulary and example sentences are read aloud using Android's built-in TTS engine. No audio is sent to any server; no third-party TTS service is used.

We do not share your personal data with any other third party without telling you first, except where required by Polish or EU law. We do not use analytics, advertising, or crash-reporting services in this version of the app; if that changes, the vendor will be added to this list before the feature is enabled.

05 / Your rights

Under the GDPR and Polish data protection law (ustawa o ochronie danych osobowych), you have the right to:

• Access. Ask us for a copy of all personal data we hold on you. We will respond within 30 days.
• Rectification. Ask us to correct inaccurate data we hold about you.
• Erasure. Ask us to delete your account and all personal data tied to it. We will confirm deletion within 7 days. You can also delete all local data immediately by clearing app data in your Android device settings or by uninstalling the app.
• Restriction. Ask us to restrict how we process your data while a dispute is resolved.
• Portability. Ask us for a machine-readable copy of the personal data you provided to us.
• Objection. Object to processing based on our legitimate interests.
• Withdraw consent. Where we rely on your consent (for example, account creation and cloud sync), you may withdraw it at any time by deleting your account (Settings → Account → Delete account). Withdrawal does not affect the lawfulness of processing before withdrawal.
• Complaint. Lodge a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych — UODO), ul. Stawki 2, 00-193 Warsaw, Poland, uodo.gov.pl, if you believe we have handled your data unlawfully.

To exercise any of these rights, email support@neonarcstudio.pl. A real person will reply.

06 / Children

LinguiSpark is intended for users aged 13 and over and is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has created an account, please email us at support@neonarcstudio.pl and we will remove the account promptly.

07 / Retention

We keep your account and cloud-synced learning data for as long as your account exists. We do not automatically delete inactive accounts. If you delete your account (Settings → Account → Delete account), both your Firestore data record and your Firebase Authentication account are deleted immediately by the app; all local data on your device is also wiped at the same time. Local on-device data (guest mode data, profile photo, notification schedule) is deleted immediately when you clear app data or uninstall the app.

08 / Security

All data in transit between the app and Firebase is encrypted using TLS. Data at rest in Firestore is encrypted by Google at rest by default. Firestore security rules enforce that only an authenticated user can read or write their own data document — no other user or unauthenticated request can access it. NeonArc Studio is a solo-developer operation; only the developer has administrative access to the Firebase project. We have not had a known data breach. If a breach occurs that is likely to result in a risk to your rights, we will notify you and the UODO within 72 hours of becoming aware.

09 / International transfers

NeonArc Studio is based in Poland (EU/EEA). Your LinguiSpark account data in Cloud Firestore is stored in Google's eur3 multi-region location, which is hosted inside the European Union (associated with the europe-west region). Firebase and Google Sign-In are operated by Google LLC, headquartered in the United States, and some account-level processing — for example, Firebase Authentication — may take place on Google infrastructure outside the EU/EEA. Where personal data is transferred outside the EU/EEA, Google provides appropriate safeguards through Standard Contractual Clauses (SCCs) approved by the European Commission. For details, see Firebase's privacy documentation.

10 / Lawful basis for processing

We rely on the following lawful bases under Article 6 GDPR:

• Contract performance (Art. 6(1)(b)). Processing your email address and learning data to provide the account and cloud sync service you signed up for.
• Consent (Art. 6(1)(a)). Creating an account and enabling cloud sync. You provide consent when you choose to sign in; you may withdraw it at any time by deleting your account.
• Legitimate interests (Art. 6(1)(f)). Creating a temporary anonymous Firebase account and storing a random device identifier — for both guest and signed-in use — so the app works without forcing sign-up, can link guest progress to a later account, and maintains data integrity across sync operations. Our interest in providing a reliable, linkable service outweighs any privacy impact because the anonymous account and the identifier carry no email or personal details, are not hardware-derived, and reset when you clear app data.

11 / Changes to this policy

If we change anything substantive, we will bump the version number and update the effective date at the top of this page, and notify users with active accounts by email where we hold an email address. We will not make changes retroactive. Previous versions are available on request by emailing support@neonarcstudio.pl.

12 / How to reach us

NeonArc Studio (data controller)
Wrocław, Poland
Privacy and data protection questions: support@neonarcstudio.pl
General support: support@neonarcstudio.pl

Supervisory authority: President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland — uodo.gov.pl

13 / Account & data deletion

You have several ways to delete your data:

• In-app (signed-in users). Go to Settings → Account → Delete account. This permanently deletes your cloud-synced Firestore data record, removes your Firebase Authentication account, and wipes all local app data on your device in a single operation. Deletion is immediate and cannot be undone.
• Uninstall or clear app data (guest users). In guest mode your learning content is stored only on your device, while a temporary anonymous Firebase account — holding no email or personal details — exists on Google's servers. Uninstalling the app or clearing app data in your Android device settings removes all on-device data immediately; to also have the dormant anonymous account record deleted, email us at the address below.
• By email request. Email support@neonarcstudio.pl and ask us to delete your account and all associated data. We will confirm deletion within 7 days.

This page serves as the public account-deletion information URL for the Google Play Console listing.

END OF DOCUMENT · NEONARC STUDIO · v1.3 · 2026-06-05