Privacy Policy

1. Data Controller

SareLearn GmbH, Musterstraße 1, 10115 Berlin, Germany (email: privacy@sarelearn.com) is the data controller for personal data processed through the SareLearn platform.

If you are in the EU or EEA, this privacy policy sets out your rights under the General Data Protection Regulation (GDPR).

2. Data We Collect

Account data: Name, email address, and password (hashed) when you register.

Usage data: Practice sessions, exam scores, vocabulary progress, and session durations. We use this to power your learning dashboard and recommendations.

AI conversation data: Exchanges with our AI coach Alex. These are used to generate responses and, in anonymised form, to improve our AI models. Conversations are not linked to your identity when used for training.

Payment data: We use Stripe for payment processing. We do not store your full card details — only the last 4 digits and card type for display purposes.

Technical data: IP address, browser type, device type, and cookies. Used for security, analytics, and service improvement.

3. Legal Basis for Processing

We process your data on the following legal bases:

Contract: Processing your account data and usage data is necessary to provide the SareLearn service you've signed up for (Art. 6(1)(b) GDPR).

Legitimate interests: We process technical data and usage analytics to improve the service, prevent fraud, and ensure security (Art. 6(1)(f) GDPR).

Consent: We use optional cookies for analytics and personalisation only with your consent (Art. 6(1)(a) GDPR). You can withdraw consent at any time in your cookie settings.

Legal obligation: We may retain transaction records as required by German tax law (Art. 6(1)(c) GDPR).

4. AI Coaching and Data

The AI coach (Alex) is powered by Anthropic's Claude API. Your conversation messages are transmitted to Anthropic's servers to generate responses. Anthropic processes this data under their own privacy policy and data processing agreement with SareLearn.

We do not use your identifiable conversation data to train AI models without your explicit consent. Anonymised, aggregated patterns (e.g., "students struggle with Konjunktiv II questions") may be used to improve our exercise library.

5. Data Sharing

We share data with:

Firebase: Authentication hosting and user session management. Servers in EU regions where available.

Anthropic: AI responses for the coaching feature. Data Processing Agreement in place.

Stripe: Payment processing. PCI-DSS compliant. No full card data stored by SareLearn.

Vercel: Hosting and edge network. Servers in EU regions used where possible.

We do not sell your personal data to third parties. We do not share your data with advertising networks.

6. Data Retention

Account data is retained for as long as your account is active plus 30 days after deletion, to allow recovery.

AI conversation logs are retained for 90 days. You can delete your conversation history at any time from your settings.

Payment records are retained for 10 years as required by German commercial law (§ 257 HGB).

Technical logs (IP addresses, server logs) are retained for 30 days.

7. Your Rights (GDPR)

If you are in the EU/EEA, you have the following rights:

Access: Request a copy of all personal data we hold about you.

Rectification: Correct inaccurate data in your account settings or by contacting us.

Erasure: Request deletion of your account and associated data. Note: some data must be retained for legal reasons.

Portability: Request your data in a machine-readable format.

Restriction: Request that we restrict processing while a dispute is resolved.

Objection: Object to processing based on legitimate interests.

To exercise any of these rights, email privacy@sarelearn.com. We respond within 30 days.

8. Cookies

We use strictly necessary cookies for authentication and session management (no consent required).

With your consent, we use analytics cookies (PostHog) to understand how features are used and improve the product. You can manage your cookie preferences in our Cookie Settings, accessible from the footer.

9. International Data Transfers

Our primary infrastructure is in the EU (Germany/Frankfurt). Where data is transferred outside the EU (e.g., Anthropic's API servers in the US), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the European Commission.

10. Complaints

If you believe we have processed your data unlawfully, you have the right to lodge a complaint with your national data protection authority. In Germany, the supervisory authority is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit Friedrichstr. 219, 10969 Berlin mailbox@datenschutz-berlin.de

We would appreciate the opportunity to resolve your concern directly — please contact us at privacy@sarelearn.com first.

11. Changes to This Policy

We will notify you of material changes to this privacy policy by email at least 30 days before they take effect. The current version is always available at sarelearn.com/privacy.

Last updated: 1 January 2026