← Back to Home

Privacy Policy

Last Updated: January 2025

1. Introduction

LexiLab ("we," "our," or "us") is committed to protecting your privacy and complying with FERPA (Family Educational Rights and Privacy Act). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our educational application.

2. Information We Collect

2.1 Information We DO Collect:

  • Google User ID: Unique identifier from your Google account
  • Email Address: From your Google account for authentication
  • Optional Nickname: If you choose to provide one (subject to profanity filter)
  • Profile Avatar: From your Google account
  • Learning Progress: Your vocabulary study progress, quiz scores, and learning streaks
  • Usage Data: Information about how you interact with the app (time spent, features used)
  • Device Information: Browser type, operating system, and screen size for optimization

2.2 Information We DO NOT Collect:

  • Full Name: We do not store your full legal name
  • School Information: We do not collect or store your school name or location
  • Teacher Information: We do not collect information about your teachers
  • Grade Level: We do not track your academic grade or class year
  • Payment Information: LexiLab is free and does not process payments

3. How We Use Your Information

We use the collected information to:

  • Authenticate your account and provide access to the service
  • Track and display your learning progress
  • Personalize your learning experience with adaptive study modes
  • Enable optional leaderboard participation (opt-in only)
  • Improve our service through analytics and performance monitoring
  • Sync your progress across devices
  • Provide offline functionality through cached data

4. FERPA Compliance

We are committed to protecting student educational records in compliance with FERPA. We:

  • Minimize data collection to only what is necessary for educational purposes
  • Do not share educational records with third parties without consent
  • Provide students with control over optional features like leaderboards
  • Maintain appropriate technical and organizational security measures
  • Allow users to request deletion of their data

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information only in these circumstances:

  • Service Providers: With trusted third-party services (Supabase for database, Vercel for hosting) that help us operate the application
  • Leaderboard (Opt-in): If you opt into the leaderboard, your nickname and scores may be visible to other users
  • Legal Requirements: If required by law or to protect our rights and safety
  • With Your Consent: When you explicitly authorize us to share information

6. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption of data in transit using HTTPS/SSL
  • Secure authentication through Google OAuth
  • Row-level security policies in our database
  • Regular security audits and updates
  • Limited access to personal data by authorized personnel only

However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Your Rights and Choices

You have the right to:

  • Access: View your personal information and learning data through your profile
  • Correction: Update your nickname and profile information
  • Deletion: Request deletion of your account and associated data
  • Opt-out: Choose not to participate in optional features like leaderboards
  • Data Export: Request a copy of your learning progress data

To exercise these rights, please contact us through the feedback system in the application.

8. Children's Privacy

LexiLab is designed for high school students (typically ages 14+). We comply with applicable laws regarding children's privacy, including COPPA where applicable. We do not knowingly collect personal information from children under 13 without parental consent. If we become aware that we have collected such information, we will take steps to delete it.

9. Cookies and Local Storage

We use browser local storage and cookies to:

  • Maintain your authentication session
  • Enable offline functionality
  • Remember your preferences
  • Improve performance and user experience

You can control cookie settings through your browser, but this may affect functionality.

10. Third-Party Services

LexiLab uses the following third-party services:

  • Google OAuth: For secure authentication
  • Supabase: For database and backend services
  • Vercel: For hosting and deployment
  • Vercel Analytics: For performance monitoring (anonymized)

These services have their own privacy policies, and we encourage you to review them.

11. Data Retention

We retain your personal information and learning data for as long as your account is active or as needed to provide services. If you request account deletion, we will delete or anonymize your personal information within 30 days, except where we are legally required to retain it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of LexiLab after any changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us through the feedback system available in the application.

14. Your California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to request information about the categories and specific pieces of personal information we have collected about you.