Privacy Policy (English)
1. Introduction
This Privacy Policy explains how Zulfizar LLC ("we", "us", or "our") handles information in connection with the SmartSpeech mobile application (the "App") available on Google Play. SmartSpeech is an educational app that helps users — including children — learn the English alphabet and basic vocabulary through animated lessons, audio playback, and on-device speech recognition.
By installing or using the App you agree to this Privacy Policy. If you do not agree, please do not install or use the App.
2. Information We Collect
2.1 Information you provide (stored only on your device)
During in-app onboarding, the App asks for:
| Data | Purpose | Storage |
|---|---|---|
| First name (or nickname) | Personalised greeting | On-device only (AsyncStorage) |
| Age (3–17) | Choosing an age-appropriate lesson level | On-device only |
| Selected level (Beginner / A1 / A2) | Loading the correct lesson set | On-device only |
| Lesson progress | Continuing where you left off | On-device only |
This information is stored exclusively on the user's device using the operating system's local storage. It is not transmitted to our servers, not shared with third parties, and not associated with any account, because the App has no account system. Uninstalling the App or clearing its data deletes all of this information permanently.
2.2 Microphone audio (processed only on the device)
To support pronunciation exercises the App requests the
RECORD_AUDIO permission. When the user actively starts a
pronunciation exercise, the device's microphone captures short audio that
is passed to the operating system's built-in speech-recognition engine
(expo-speech-recognition; on Android this relies on Google's
on-device speech service).
- Audio is processed transiently to produce a text transcription that the App compares to the expected word.
- Audio is not stored by the App, not uploaded to our servers, and not shared with anyone.
- The actual recognition is performed by Android's speech component. Depending on the device and Android version, that component may run entirely on-device or may send audio to Google. That behaviour is controlled by Android and Google, not by us. See Google's privacy policy.
The user can revoke the microphone permission at any time from Settings → Apps → SmartSpeech → Permissions. The App stays usable; only the speech-recognition exercises become unavailable.
2.3 Network requests to our server
The App contacts our media server at
https://smartspeech.109.205.180.84.nip.io only for:
- Service status check — a single request to
/status. - Static media downloads — lesson videos, soundtracks, audio assets from
/media/.... These files are cached on the device.
Our server may automatically log standard, non-personal connection data: IP address, timestamp, HTTP user-agent, and the URL path requested. We use these logs solely to operate, secure, and troubleshoot the service. We do not combine them with the on-device personal information described in §2.1, because that information is never sent to our server. Server access logs are retained for a maximum of 30 days and then automatically deleted.
2.4 What we do NOT collect
The App does not collect, transmit, or use:
- Email addresses, phone numbers
- Precise or coarse location (GPS, Wi-Fi, cell)
- Contacts, calendar, photos, files
- Camera images or video recordings
- SMS / call logs
- Advertising identifiers (AAID, IDFA)
- Health, fitness, or financial data
- Browsing history outside the App
- Persistent cross-app tracking identifiers
The App contains no advertising SDKs, no third-party analytics (Firebase Analytics, Crashlytics, Sentry, Mixpanel, Amplitude, Segment, AppsFlyer, Adjust, etc.), and no in-app purchases.
3. Permissions Used by the App
| Android permission | Why it is requested |
|---|---|
INTERNET |
Download lesson videos and soundtracks; check service status |
ACCESS_NETWORK_STATE |
Detect connectivity before downloads |
RECORD_AUDIO |
Speech-recognition pronunciation exercises (see §2.2) |
MODIFY_AUDIO_SETTINGS |
Play lesson audio and background music at the correct volume |
The App requests only the permissions it actually uses. Although several Expo libraries are listed as dependencies, runtime permissions for camera, location, contacts, calendar, media library, etc. are not requested, because those features are not used in the production app.
4. Children's Privacy
SmartSpeech is suitable for learners as young as 3 years old, so it falls under Google Play's Designed for Families / Mixed audience category and applicable children's-privacy laws, including the U.S. COPPA and the EU GDPR-K (Article 8 of the GDPR).
- No personal information is sent off-device (see §2.1).
- No advertising and no ad SDKs.
- No third-party analytics, advertising identifiers, or cross-app tracking.
- No social features, chat, friend lists, or user-generated content.
- No in-app purchases or subscriptions.
- Microphone audio is not stored or transmitted by us (see §2.2).
Parents or guardians who believe a child has provided personal information to us in a way not described above can email Umarovazulfizar18@gmail.com and we will investigate and, where appropriate, delete the information.
5. How We Use Information
We use the limited data described in §2 only to:
- Provide the lesson experience.
- Deliver lesson media files to the device.
- Operate, secure, and debug our media server.
- Comply with applicable legal obligations.
We do not use any of the data for advertising, profiling, automated decision-making with legal effects, or sale to third parties.
6. Sharing of Information
We do not sell or rent personal information.
We may disclose information only:
- To hosting / infrastructure providers, who may have technical access to server logs, bound by confidentiality.
- For legal compliance, when required by law or valid legal process, or to protect rights, property, or safety.
- In a business transfer (merger, acquisition, sale of assets); this Policy will continue to apply and users will be notified.
7. Data Retention
- On-device data: kept until the user clears app data or uninstalls the App.
- Server access logs: maximum of 30 days, then automatically deleted.
8. Security
- HTTPS / TLS for all network requests.
- Operating-system-level sandboxing of local storage.
- Minimum permissions — only what the App actually uses.
No method of electronic transmission or storage is 100% secure.
9. International Transfers
Our media server is currently located in Uzbekistan. By using the App from outside Uzbekistan you consent to the limited connection metadata in §2.3 being processed in Uzbekistan.
10. Your Rights
Depending on where you live, you may have rights of access, correction, deletion, objection, restriction, portability, and withdrawal of consent, plus the right to lodge a complaint with a data-protection authority.
Because the on-device personal information described in §2.1 is stored only on your device, you can exercise the access, correction, and deletion rights yourself by:
- Editing values on the in-app onboarding screen, OR
- Going to Android Settings → Apps → SmartSpeech → Storage → Clear data, OR
- Uninstalling the App.
For any other request, email Umarovazulfizar18@gmail.com. We will respond within 30 days.
11. Third-Party Services
| Service | Purpose | Privacy policy |
|---|---|---|
| Google Play | App distribution | link |
| Android speech recognition | Audio → text on Android | link |
| Expo Application Services (EAS) | Optional OTA JavaScript updates | link |
12. Changes to This Policy
We may update this Policy from time to time. The "Last updated" date will change, the new version will be published at this URL, and material changes will be announced inside the App. Continued use after changes take effect means you accept them.
13. Contact
- Company: Zulfizar LLC
- Email: Umarovazulfizar18@gmail.com
- Country: Uzbekistan
14. Google Play "Data safety" — quick reference
- Does the app collect or share user data? No data collected (see §2 — name/age/level/progress are stored only on the device; microphone audio is not stored or transmitted by us).
- Does the app share user data with third parties? No.
- Is all collected user data encrypted in transit? Yes — all network requests use HTTPS / TLS.
- Can users request deletion? Yes — uninstall, clear data, or contact email above.