Effective date: March 04, 2026 · Last updated: March 04, 2026
1.1. This Privacy Policy (hereinafter — the "Policy") defines the procedure for collecting, processing, storing, and protecting the personal data of users of the Linglass service (hereinafter — the "Service").
1.2. The personal data operator is Individual Entrepreneur Furtaev Ilya Vladislavovich, TIN 860504589900, OGRNIP 326861700021947 (hereinafter — the "Operator").
1.3. This Policy has been developed in accordance with Federal Law No. 152-FZ of 27.07.2006 "On Personal Data" (hereinafter — "152-FZ"), Government Decree of the Russian Federation No. 1119 of 01.11.2012 "On Approval of Requirements for the Protection of Personal Data during Processing in Personal Data Information Systems", and other regulatory legal acts of the Russian Federation.
1.4. By using the Service and/or providing their personal data, the User expresses consent to the terms of this Policy. If the User disagrees with the terms of the Policy, the User must cease using the Service.
1.5. The Operator may make changes to this Policy. The current version of the Policy is published on the Service website at https://linglass.app/privacy. The Operator notifies Users of material changes by email or through the Service interface.
2.1. Personal data is processed on the following legal bases (Article 6 of 152-FZ):
3.1. The Operator processes personal data for the following purposes:
| Data category | Composition | Required |
|---|---|---|
| Email address | Required | |
| Name | First name, last name | Optional |
| Password | Stored in encrypted form | Required (for email registration) |
| Data category | Composition | Source |
|---|---|---|
| User identifier | Hashed identifier in the provider's system | Google, Yandex |
| Email address | Google, Yandex | |
| Name | First name, last name | Google, Yandex |
| Avatar URL | Link to profile image | Google, Yandex |
| Data category | Composition | Purpose |
|---|---|---|
| Saved words | Word, language, normalized form | Personal dictionary |
| Translations | Translation, target language | Contextual translation |
| Transcription (IPA) | Phonetic transcription of the word | Pronunciation |
| Context sentence | The sentence in which the word appeared | Learning context |
| Source metadata | Platform, video URL, video identifier, timestamp | Source attribution |
| Video frame screenshot | Image (JPEG) | Visual context |
| Audio clip | Audio fragment from the video | Audio context |
| Data category | Composition | Purpose |
|---|---|---|
| Card state | Difficulty, stability, retrievability, interval | Repetition algorithm |
| Answer grades | Grade (again/hard/good/easy) | Repetition history |
| Repetition dates and times | Timestamps | Repetition schedule |
| Repetition parameters | Desired retention, new cards per day, max interval | Learning settings |
| Usage statistics | Aggregated data on Service feature usage | Subscription limit management |
Payment processing is carried out through the payment system of JSC "T-Bank" (T-Bank), certified to the PCI DSS standard. The Operator does not receive or store the full bank card details of the User (card number, CVV/CVC code). The Operator stores only the following data necessary for displaying payment method information:
Data on each transaction (date, amount, currency, payment status) is stored to provide the User with a payment history and to comply with legal requirements. The card may be removed by the User at any time through the "Subscription Management" section.
During use of the Service, technical data is automatically processed: IP address, browser type, and server request information. This data is used to ensure the security and operability of the Service, is not stored in association with the User's account, and is deleted in accordance with the log rotation policy.
To ensure account security and maintain an active session, the Service processes session data (encrypted authentication tokens, email confirmation codes). Session data is stored for a limited time and is automatically deleted upon expiration.
5.1. The Service uses strictly necessary cookies for User authentication and session management. Without these cookies, the Service cannot be used. The Service does not use advertising or marketing cookies.
5.2. The Service uses a third-party web analytics service to analyze traffic and user behavior. The analytics service may use its own cookies. The processing of data by the analytics service is governed by its own privacy policy.
5.3. The User may manage cookies through their browser settings. Disabling cookies may result in the inability to use the Service.
6.1. To provide its functionality, the Service interacts with third-party services. The following lists the categories of services and the data transferred to them.
Services to which personal data is NOT transferred:
During operation, the Service sends anonymized requests (individual words, language pairs, contextual sentences without any link to the user) to third-party machine translation and text-to-speech services. These requests do not contain User identifiers and do not constitute personal data within the meaning of 152-FZ.
Services to which personal data IS transferred:
| Recipient | Data transferred | Purpose | Country of processing |
|---|---|---|---|
| Authentication services (OAuth providers) | OAuth token or authorization code | Authentication via third-party account | Russia, other countries |
| Cloud storage service | Media files (screenshots, audio clips) linked to the account | Media file storage | Russia |
| Web analytics service | Traffic and on-site behavior data | Service usage analysis | Russia, other countries |
| Payment aggregator | Payment data (without card number) | Payment processing | Russia |
6.2. Cross-border data transfer. When authenticating via third-party OAuth providers located outside the Russian Federation, the Operator ensures the transfer of data in accordance with the requirements of Article 12 of 152-FZ. Only the OAuth token necessary for authentication is transferred. The specific list of third parties to whom personal data has been transferred is provided to the User upon request in accordance with Article 14 of 152-FZ.
6.3. The Operator does not sell, rent, or transfer Users' personal data to third parties for marketing purposes.
6.4. The Operator may disclose personal data upon a lawful request from Russian Federation government authorities in cases provided for by law.
Personal data is stored on servers located within the Russian Federation, in accordance with the requirements of Part 5, Article 18 of 152-FZ.
Media files (screenshots, audio clips) are stored in cloud storage within the Russian Federation. Access to media files is provided via signed URLs with a limited validity period (1 hour).
| Data category | Retention period | Basis |
|---|---|---|
| Account data | Until account deletion by the User | Contract performance |
| Learning data (dictionary, cards) | Until deletion of the record by the User | Contract performance |
| Media files (screenshots, audio) | Until deletion of the corresponding record by the User | Contract performance |
| Session data | Limited period, automatic deletion | Contract performance |
| Server logs | In accordance with the log rotation policy | Legitimate interest (security) |
The Operator takes organizational and technical measures to protect personal data in accordance with the requirements of Article 19 of 152-FZ, including: encryption of data during storage and transmission, isolation of user data, protection against unauthorized access, restriction of the number of persons with access to personal data, and regular security audits.
8.1. In accordance with Articles 14, 15, 16, and 17 of 152-FZ, the User has the right:
8.2. To exercise their rights, the User may:
8.3. The Operator reviews requests from personal data subjects within no more than 10 (ten) business days from the date of receipt. If additional identity verification is required, the period may be extended to 30 (thirty) calendar days, with notification to the User.
9.1. The Service is not intended for use by persons under the age of 14. The Operator does not knowingly collect personal data from persons under 14 years of age.
9.2. Persons aged 14 to 18 may use the Service with the consent of their legal representatives (parents, adoptive parents, guardians).
9.3. If the Operator becomes aware that personal data was provided by a person under the age of 14, the Operator will take measures to delete such data.
10.1. In the event of a personal data breach or unauthorized access to personal data, the Operator will:
11.1. The Service uses a spaced repetition algorithm to automatically generate a repetition schedule based on the User's grades. This processing does not entail legal consequences for the User and is aimed solely at optimizing the learning process.
11.2. The Operator does not use Users' personal data for automated decision-making that produces legal effects.
Personal data operator: Individual Entrepreneur Furtaev Ilya Vladislavovich
TIN: 860504589900
OGRNIP: 326861700021947
Email: support@linglass.app
Person responsible for organizing personal data processing: Furtaev I. V., support@linglass.app
13.1. This Policy is an integral part of the Public Offer for the Provision of Services of the Linglass service.
13.2. This Policy is governed by the legislation of the Russian Federation.
13.3. All questions and inquiries related to personal data processing should be directed to the following email address: support@linglass.app.
This document has been prepared in accordance with Federal Law No. 152-FZ of 27.07.2006 "On Personal Data", Government Decree of the Russian Federation No. 1119 of 01.11.2012, Order of the FSTEC of Russia No. 21 of 18.02.2013, and other regulatory legal acts of the Russian Federation in the field of personal data.