AloWorld

Legal & trust

Public notices for privacy, acceptable use, AI disclosure, account controls, and named data providers.

Privacy Policy

How AloWorld handles account, chat, voice, learning, analytics, and safety data.

Privacy Policy

Last updated: 2026-05-19

This Privacy Policy explains how DigitalCarbon, Inc. collects, uses, shares, stores, and deletes personal data when you use aloworld.

Scope

This policy applies to the aloworld mobile app, web app, server APIs, AI conversation features, voice features, account tools, safety tools, support interactions, and any other product surface that links to this policy.

Data we collect

We collect data you provide, data created when you use the service, and technical data needed to operate the service.

The categories may include:

  • account data, such as email address, login provider, user ID, and authentication records
  • profile data, such as display name, language settings, timezone, learning preferences, and app settings
  • conversation data, such as messages, AI responses, session metadata, reactions, reports, and conversation state
  • voice data, such as microphone audio, voice recordings, speech-to-text transcripts, text-to-speech metadata, and playback metadata
  • learning data, such as feedback, corrections, progress reports, skill scores, and practice history
  • safety data, such as user reports, moderation signals, abuse-prevention signals, and investigation notes
  • device and usage data, such as IP address, device model, operating system, app version, browser type, crash logs, performance logs, feature usage, and analytics events
  • support and request data, such as messages you send us, privacy requests, and account-deletion requests
  • purchase or entitlement data if paid features are offered through a payment platform

We do not use voice recordings for biometric identification.

We do not intentionally collect sensitive personal information. If you choose to include sensitive information in a message, voice recording, report, or support request, it may be processed as part of providing and securing the service.

Data from third parties

We may receive limited data from third-party services you use with aloworld, such as:

  • authentication providers, including Apple, Google, and Supabase Auth
  • app platforms, including Apple App Store, Google Play, and Expo/EAS
  • analytics, hosting, and error-reporting providers
  • payment platforms if paid features are offered

The data we receive depends on your settings and the provider's rules.

How we use data

We use personal data to:

  • create, authenticate, and secure accounts
  • operate chat, voice, AI character, progress, and feedback features
  • transcribe speech and synthesize character audio
  • personalize practice partners, settings, and product experience
  • generate progress reports, corrections, translations, and sentence help
  • maintain conversation continuity and product state
  • detect, investigate, and prevent abuse, fraud, spam, safety violations, and policy violations
  • respond to support, privacy, and deletion requests
  • debug issues, monitor performance, and improve service quality
  • comply with law, platform requirements, and legal process

AI processing

aloworld uses third-party AI and speech providers to provide core product features.

Depending on the feature, your messages, transcripts, voice recordings, AI outputs, profile context, safety instructions, and related metadata may be processed by providers for:

  • AI text generation
  • speech-to-text transcription
  • pronunciation and speech assessment
  • text-to-speech voice synthesis
  • progress scoring and report generation
  • safety, reliability, and abuse-prevention operations

We do not intentionally use user conversations to train an aloworld-specific model today.

The current named AI and speech providers that may process end-user data are Google Gemini, AssemblyAI, Microsoft Azure Speech, Cartesia, Inworld, MiniMax, and Fish Audio. Google Gemini may process messages, transcripts, profile context, conversation context, safety instructions, and AI outputs. AssemblyAI and Microsoft Azure Speech may process voice recordings, speech segments, transcripts, and speaking-feedback metadata. Cartesia, Inworld, MiniMax, and Fish Audio may process AI reply text and speech-generation metadata for character voice output.

Third-party providers may process data according to their own enterprise/API terms and retention rules. We require providers that process personal data for aloworld to provide the same or equal protection required by this policy and applicable platform requirements. The current named providers that process end-user data are listed in the Subprocessors page.

Analytics and session replay

When analytics is enabled, aloworld may collect product events, page views, device metadata, performance data, and session replay data to understand usage, debug issues, and improve the product.

We do not currently use third-party advertising SDKs or cross-app tracking in the product surface.

If advertising, cross-app tracking, or materially broader analytics are added, we will update this policy before rollout.

Legal bases

Where applicable, we process personal data on one or more of these bases:

  • contract performance, when processing is needed to provide the service you requested
  • legitimate interests, such as security, abuse prevention, reliability, product improvement, and legal defense
  • consent, where required by law or platform policy
  • legal obligation, where processing is required for compliance
  • vital interests, where processing is necessary to protect someone from serious harm

Sharing and recipients

We share personal data only as needed to operate, secure, support, and improve aloworld.

Recipients may include:

  • AI text-generation providers
  • speech recognition and speech assessment providers
  • speech synthesis providers
  • authentication, database, storage, and hosting providers
  • analytics, crash-reporting, and performance-monitoring providers
  • app delivery and update providers
  • payment platforms if paid features are offered
  • customer-support, legal, security, and compliance service providers
  • authorities or third parties where required by law, legal process, or safety obligations

We may also share data in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, subject to appropriate safeguards.

Cross-border transfers

aloworld and its providers may process data in countries other than the country where you are located.

When cross-border transfers apply, we use reasonable contractual, technical, and organizational safeguards appropriate to the service and applicable law.

Retention

We keep personal data only for as long as reasonably needed for the purposes described in this policy.

Our current baseline retention posture is:

  • account and profile data: while the account remains active
  • conversation logs, session records, memory records, user reports, and similar safety data: up to 90 days on a rolling basis unless longer retention is required for security, abuse investigation, legal compliance, or dispute resolution
  • local device audio cache: controlled by the app/device and removable by deleting the app or account where applicable
  • backups: retained on a rolling backup schedule
  • legal, security, fraud-prevention, and dispute records: retained as long as reasonably necessary

If you delete your account, we delete or de-identify associated data subject to backup latency, legal obligations, fraud prevention, and abuse-investigation needs.

Your choices and rights

Depending on your location, you may have rights to:

  • access your data
  • correct inaccurate data
  • delete your account and associated data
  • object to or restrict certain processing
  • withdraw consent where processing is based on consent
  • receive a copy of certain data
  • complain to a regulator

aloworld provides self-serve account deletion in the profile area and a public request path in the Privacy Choices page.

Children

aloworld is designed for English practice and is not directed to children.

Users under 18 may not use the service. If we learn that a minor has provided personal data in violation of this policy, we may suspend the account and delete the data where appropriate.

Security

We use reasonable technical and organizational measures appropriate to the service and the risks involved.

These measures include:

  • encryption in transit using TLS
  • infrastructure-provider encryption at rest
  • access controls for internal systems
  • authentication and session controls
  • logging, monitoring, and abuse-prevention controls
  • account deletion controls

No internet service can be guaranteed to be completely secure. aloworld is not end-to-end encrypted.

Cookies and similar technologies

aloworld uses cookies, local storage, and similar technologies primarily for authentication, session continuity, security, app operation, analytics, and debugging.

When analytics is enabled, these technologies may also support event attribution, replay stitching, and product-quality measurement.

Do-not-track signals

Some browsers offer do-not-track signals. There is no common industry standard for responding to these signals, so aloworld does not currently respond to them.

Policy changes

We may update this policy from time to time. If changes are material, we may notify users in-product, by email, or by updating the effective date above.

Contact

Privacy questions and requests can be sent to founders@digitalcarbon.ai.