Legal

Privacy Policy for Lexiage

Last Updated: May 2026

1. Data We Collect

We collect information necessary to provide our vocabulary learning services. This includes:

Account Data: Names, email addresses, and account role (Teacher, Student, Parent).

Usage Data: Progress tracking, completed wordlists, study deck metrics, and AI-generated content preferences.

Age Calibration Data: Users may input month and year of birth so Lexiage can calibrate mastery modes and provide more accurate requests to Lexi-AI.

Payment Data: All financial transactions are processed securely via our third-party payment processor, Stripe. Lexiage does not store or see your credit card details. Stripe operates under its own privacy policy compliant with PCI-DSS standards.

2. Children's Privacy (GDPR / COPPA)

Lexiage is designed for schools and families. When student accounts are created under a school or teacher dashboard, the school or teacher warrants that they have obtained parental consent to create these accounts. We do not market directly to minors or sell student data.

3. Data Storage & Hosting

Our landing page and application infrastructure are hosted via Vercel. The Lexiage database is powered by Supabase, with servers located in Germany. Data is securely processed and encrypted both in transit and at rest.

4. Lexi-AI and Third-Party AI Processing

Lexi-AI is powered by OpenAI. When users request AI-generated wordlists, sentence feedback, or related AI features, only the user's age and the necessary prompt or learning context are sent to OpenAI. Age is used to help the language model provide responses that are appropriate to the user's likely capacity. No other user data is sent to OpenAI: no name, no email address, and no other identifying account information.