Privacy Policy

Introduction

Welcome to Joe Speaking, operated by JUST JOE TECHNOLOGIES INC. ("we," "our," or "us"). We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, share, and protect your information when you use our English speaking practice application.

Joe Speaking is designed with a privacy-first, local-first approach. Your data stays on your device unless you explicitly choose to enable cloud synchronization through authentication.

Information We Collect

1. Local-Only Users (Unauthenticated)

If you use Joe Speaking without signing in, all your data stays on your device:

• Practice sessions, recordings, and transcripts stored in browser IndexedDB
• Application settings and preferences stored locally
• No personal information is collected or transmitted
• No tracking or analytics (unless you explicitly opt-in)

2. Authenticated Users (Cloud Sync Enabled)

When you sign in with Google OAuth, we collect:

Account Information:

• Email address
• Full name (from Google account)
• User ID (unique identifier)
• Account creation date

Practice Data:

• Audio recordings of your speaking practice
• Transcripts of your speech
• AI-generated feedback and scores
• Session metadata (title, topic, duration, test type)
• Collections (vocabulary, grammar notes, pronunciation tips)
• Daily and weekly review summaries

IELTS Speaking Simulator Data:

• Real-time audio streams during simulated IELTS Speaking tests
• Live transcripts generated during the simulation
• IELTS-format questions displayed during simulation (Part 1, 2, and 3)
• Simulation session recordings and timing data
• Cue card topics and preparation notes (Part 2)
• AI examiner interactions and follow-up questions

Settings & Preferences:

• Target test type (IELTS, CELPIP) and target scores
• ASR provider preferences (local vs. cloud)
• Third-party API keys (stored encrypted in database)
• Model preferences for transcription

Technical Data:

• Device information (browser, OS, hardware capabilities)
• Sync status and logs
• Error logs and diagnostic information (via Sentry, 10% sample rate)

Payment Information:

• Credit balance and transaction history
• Stripe payment IDs (payment intents, sessions)
• Transaction metadata (date, amount, credit package purchased)
• Note: We do not store or process your credit card information directly. All payment processing is handled securely by Stripe.

How We Use Your Information

We use your information to:

• Provide core functionality: Store and sync your practice sessions across devices
• Generate AI feedback: Analyze your speech and provide personalized improvement suggestions
• Transcribe audio: Convert your speech to text using local or cloud-based services
• IELTS Speaking Simulator: Provide realistic IELTS Speaking test simulations with real-time transcription, AI examiner interactions, and timed practice sessions
• Track progress: Generate daily and weekly review summaries
• Improve the service: Analyze usage patterns (with your consent) to enhance features
• Process payments: Handle credit purchases for cloud transcription services
• Prevent fraud and abuse: Rate limiting and security monitoring
• Provide customer support: Respond to your inquiries and technical issues

Third-Party Services

We integrate with the following third-party services:

Each service has its own privacy policy. We encourage you to review their policies:

• Supabase: https://supabase.com/privacy
• Google: https://policies.google.com/privacy
• PostHog: https://posthog.com/privacy
• Sentry: https://sentry.io/privacy
• Stripe: https://stripe.com/privacy

Data Security

We implement robust security measures to protect your data:

• Encryption in transit: All data transmitted over HTTPS/TLS
• Encryption at rest: Sensitive API keys encrypted in database using pgsodium
• Row Level Security (RLS): Database policies ensure users can only access their own data
• Secure authentication: Google OAuth 2.0 for user authentication
• Rate limiting: Protection against abuse and unauthorized access
• Environment separation: Production and staging data kept separate

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Your Privacy Rights

You have the following rights regarding your personal data:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data
• Portability: Export your data in a standard format (available in Settings)
• Withdraw consent: Opt-out of analytics at any time
• Object to processing: Object to certain types of data processing

To exercise these rights, please contact us at the email address provided below.

Analytics & Cookies

Analytics are disabled by default. We use PostHog for product analytics, but only with your explicit consent:

• Analytics tracking requires opt-in through Settings
• You can withdraw consent at any time
• We do not collect personally identifiable information in analytics events
• Session replay is disabled

We use essential cookies and local storage for:

• Authentication and session management
• Storing your practice data locally
• Remembering your preferences and settings

Data Retention

We retain your data as follows:

• Practice data: Retained indefinitely until you delete it or close your account
• Account information: Retained until account deletion
• Analytics data: Retained for up to 7 years for business analysis (if opted-in)
• Error logs: Retained for 90 days for debugging purposes
• Payment records: Retained for 7 years for tax and legal compliance

Children's Privacy

Joe Speaking is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from your country. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending an email notification for significant changes (if you have an account)

Your continued use of Joe Speaking after changes become effective constitutes acceptance of the revised Privacy Policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to be informed about data collection and use
• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

Our lawful basis for processing your data is your consent (for analytics) and performance of contract (for core functionality).

CCPA Compliance (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to deletion of personal information
• Right to non-discrimination for exercising your rights

We do not sell your personal information to third parties.