Privacy Policy

NativSpeaker is a language-learning web application operated by NativSpeaker Ltd. If you have questions about this policy, contact us at privacy@nativspeaker.com.

When you paste a TikTok video URL, we send that URL to the TikTok Content Posting API to retrieve publicly available caption data. We do not download, store, or redistribute TikTok video files. Captions retrieved are cached temporarily for your session only.

TikTok's own privacy policy governs the data TikTok holds about the content you access. We only receive caption data for publicly available videos.

• To provide and improve the NativSpeaker service
• To authenticate your account and manage your session
• To process payments and manage your subscription (via Stripe)
• To send transactional emails (account confirmation, password reset) via Resend
• To send optional weekly progress summaries (only if you opt in)
• To detect and prevent fraud and abuse
• To comply with legal obligations

We process your data under the following legal bases:

• Contract performance — providing the service you signed up for.
• Legitimate interests — security logging, fraud prevention, and service improvement.
• Consent — marketing emails (you can withdraw consent at any time).
• Legal obligation — complying with applicable laws and regulations.

SCCs = Standard Contractual Clauses for international data transfers.

We retain your account data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are legally required to retain it (e.g., for tax records, which are kept for 7 years).

Server logs are deleted after 30 days. Session cache data is purged after 7 days.

NativSpeaker uses HttpOnly session cookies set by our authentication provider (Supabase) to manage your login state. We do not use advertising or tracking cookies. We use one first-party security cookie (ns_last_active) to enforce our 24-hour inactivity timeout.

If you are located in the EEA or UK, you have the following rights:

• Right to access — request a copy of your data
• Right to rectification — correct inaccurate data
• Right to erasure — request deletion of your data
• Right to restriction — restrict how we process your data
• Right to portability — receive your data in a machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — for marketing emails at any time

To exercise any of these rights, email us at privacy@nativspeaker.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

To delete your account and all associated data, go to Settings → Account → Delete Account in the NativSpeaker dashboard, or email us at privacy@nativspeaker.com. Deletion is permanent and irreversible.

NativSpeaker is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We may update this policy from time to time. We will notify you of material changes via email or a prominent notice on the site. The "last updated" date at the top reflects the most recent revision.