Privacy Policy
This Privacy Policy describes how the operator of CantoAI (“CantoAI,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you use our website and Cantonese language learning application at canto-ai.com (the “Service”).
By creating an account, signing in, or using the Service, you acknowledge this Privacy Policy. If you do not agree, do not use the Service.
1. Who We Are
Data controller: The operator of CantoAI.
Privacy contact: hello@canto-ai.com
For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we are the controller of personal data described in this policy unless stated otherwise.
2. Information We Collect
Account and identity
- Email address and name from Google sign-in (OAuth)
- Profile information you choose to provide (e.g., first or last name)
- Account identifiers assigned by our authentication provider
Learning and usage data
- Voice transcripts: Text produced from your spoken Cantonese. We do not permanently store raw voice recordings in our database.
- Conversation history: Your prompts, messages, and AI-generated replies
- Learning progress: Sessions, interaction logs, modes used (Chat, Translate, Pronounce), and related metadata
- Technical logs: Error reports, response times, and security-related events
Device, browser, and analytics
- Device and browser information (e.g., browser type, approximate location from IP, referring URL)
- Usage analytics via Google Analytics (page views, events, and similar usage metrics)
- Session and interaction tools via Hotjar (e.g., how users navigate pages and use features, to improve the Service)
- Cookies and similar technologies used for authentication, security, and analytics (see Section 12)
Payments (optional)
If you make a voluntary payment or support contribution, Stripe processes payment information. We receive limited payment metadata (e.g., amount, status, transaction ID) — not your full card number.
Important: Voice audio is sent to third-party speech services for real-time transcription and text-to-speech. We do not permanently store raw voice recordings in our database; only transcribed text and related learning data are stored as described above.
3. How We Use Information
- Provide, operate, and secure the Service
- Generate AI responses, translations, pronunciation help, and audio
- Track progress and personalize your experience
- Process optional payments
- Monitor performance, fix bugs, and prevent abuse
- Communicate service updates and respond to support requests
- Understand aggregate usage patterns to improve the Service
- Comply with law and enforce our Terms of Service
Legal bases (EEA / UK users)
Where GDPR or UK GDPR applies, we rely on:
| Purpose | Legal basis |
|---|---|
| Providing the Service you request (account, chat, translate, pronounce) | Performance of a contract |
| Security, fraud prevention, and service improvement | Legitimate interests (balanced against your rights) |
| Analytics to understand how the Service is used | Legitimate interests; where required, consent |
| Marketing emails (if any) | Consent or legitimate interests, as applicable |
| Legal compliance and dispute handling | Legal obligation or legitimate interests |
Aggregate data and research
We may analyze data in aggregate form only (e.g., popular practice topics, usage trends) to improve the Service or publish non-identifying insights.
We do not sell your personal information. We do not publish individual conversations or data that identifies you without your consent.
4. How We Share Information
We do not sell or rent your personal information. We share information only as follows:
- Service providers (processors): Listed in Section 5, to help us run the Service
- Legal and safety: When required by law, court order, or to protect rights, safety, and security
- Business transfers: In connection with a merger, acquisition, or asset sale, with notice where required
- With your direction: When you ask us to or clearly intend to share information
5. Service Providers (Subprocessors)
We use companies that help us run the Service. They act as our processors (or equivalent under applicable law): they process personal data only on our instructions and to deliver the Service. We use contractual or standard data protection terms where applicable.
Our providers fall into these categories:
- Authentication and data storage — sign-in, accounts, and storing your learning data (e.g., email, name, conversation history, progress).
- Application hosting and infrastructure — running the website and backend in the cloud.
- AI and language processing — generating chat replies, translations, and related text from your prompts.
- Speech and audio processing — transcribing your speech and generating spoken audio. Voice audio is sent to third-party speech services for real-time transcription and text-to-speech. We do not permanently store raw voice recordings in our database.
- Sign-in (OAuth) — Google sign-in to create and access your account.
- Analytics and session tools — understanding traffic, feature usage, and how users interact with the Service (e.g., Google Analytics and Hotjar). These tools may use cookies and similar technologies (see Section 12).
- Payments (optional) — processing voluntary payments or support contributions if you choose to pay.
The specific vendors we use may change as we improve the Service. We review this policy when we add or replace a processor that handles personal data in a materially new way. For the current list of subprocessors, email hello@canto-ai.com with subject line “Subprocessor list request.”
When you use voice or chat features, your content is transmitted to AI and speech providers for processing. Those providers may retain data according to their own policies and our agreements with them. We configure providers for service delivery and do not authorize them to use your content to train public models where opt-out or API terms allow us to restrict that use.
6. Data Security
We use reasonable technical and organizational measures designed to protect personal information, including:
- Encryption in transit (HTTPS/TLS)
- Access controls limiting staff access to production data
- Hosted infrastructure with industry-standard security practices
- Monitoring for abuse and unauthorized access
No method of transmission or storage is 100% secure. We cannot guarantee absolute security.
7. Data Retention
- Active accounts: We retain account and learning data while your account is active to provide the Service.
- Deletion requests: If you request account deletion, we will delete or anonymize personal data in our systems within 30 days, unless a longer period is required by law.
- Backups: Residual copies may remain in encrypted backups for a limited period, then are overwritten.
- Third parties: Data held by our service providers (e.g., AI and speech processors) is subject to their retention schedules. We request deletion where our agreements allow.
- Legal holds: We may retain information when required for legal, tax, audit, or safety purposes.
To request deletion, email hello@canto-ai.com from your account email with subject line “Account deletion request.”
8. International Data Transfers
We are based in the United States. Your information may be processed in the United States and other countries where our service providers operate. Those countries may have different data protection laws than your country.
Where required, we rely on appropriate safeguards such as the provider’s standard contractual clauses, data processing agreements, or equivalent mechanisms approved under applicable law.
9. Your Privacy Rights
Depending on where you live, you may have the right to:
- Access personal information we hold about you
- Correct inaccurate information
- Delete your personal information
- Export a copy of your data in a portable format
- Object to or restrict certain processing
- Withdraw consent where processing is based on consent
- Opt out of certain analytics or marketing, where applicable
To exercise these rights, contact hello@canto-ai.com. We may need to verify your identity. We will respond within 30 days (or the period required by applicable law).
EEA / UK — additional information
- You may lodge a complaint with your local data protection authority.
- Our legal bases are described in Section 3.
- You have the right to object to processing based on legitimate interests; we will consider your request as required by law.
California residents (CCPA / CPRA)
This section applies to California residents.
Categories collected (last 12 months): Identifiers (email, name, account ID); internet activity (usage, analytics); audio-related data (transcripts, not stored recordings); learning content you submit; payment metadata if you pay.
Sources: You, your device/browser, Google sign-in, analytics tools, and payment processor.
Business purposes: As described in Section 3.
Sale or share: We do not sell personal information. We may “share” limited device and usage data with analytics providers (e.g., Google Analytics and Hotjar) for analytics and product improvement; you may limit this via browser settings, opt-out tools, or contacting us.
Your California rights: Right to know, delete, correct, and opt out of sale/sharing (not applicable to sale because we do not sell). We will not discriminate against you for exercising these rights.
Authorized agents: Agents may submit requests with proof of authorization.
Submit requests to hello@canto-ai.com.
10. Children’s Privacy
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are 13–17, you should use the Service only with a parent or guardian’s permission.
If you believe a child under 13 has provided personal information, contact us at hello@canto-ai.com and we will take steps to delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We also review it when we add or replace service providers that process personal data in a materially new way, or at least annually. Routine changes to vendors that fit the categories in Section 5 do not require listing every tool in this policy.
If we make material changes, we will post the updated policy on this page and update the “Last Updated” date. Where required, we will provide additional notice (e.g., email or in-app notice).
Continued use after changes take effect constitutes acceptance of the updated policy, except where further consent is required by law.
12. Cookies and Analytics
We use cookies and similar technologies for:
- Essential operation: Authentication and security (e.g., session cookies)
- Analytics: Google Analytics to understand traffic and feature usage
- Session tools: Hotjar to understand how users interact with pages and improve the Service
You can control cookies through your browser settings. Blocking essential cookies may prevent sign-in. To learn how Google uses data, see Google’s partner sites policy and Google Analytics opt-out. For Hotjar, see Hotjar’s privacy policy and your browser’s cookie controls.
13. Contact Us
Questions about this Privacy Policy or your data rights:
- Email: hello@canto-ai.com
- Website: canto-ai.com
This Privacy Policy is provided for transparency and user protection. It is not legal advice. If you need advice for your specific situation, consult a qualified attorney.