slangy — free slang courses
All themes Slang of the Day Blog News Request a Course Log In Start free →
💬 Give Feedback ☕ Buy me a coffee

Privacy Policy

Last updated: 6 March 2026

1. Who we are

slangy is operated by Madalina Ciortan ("we", "us"). Our contact details are on the Imprint page. We are the data controller for personal data processed through this website under the EU General Data Protection Regulation (GDPR).

2. What data we collect

DataWhenLegal basis
Email address, display name, hashed passwordWhen you create an accountContract (Art. 6(1)(b) GDPR)
Lesson progress & scoresWhen you complete lessons (logged-in users only)Contract (Art. 6(1)(b) GDPR)
Anonymous session cookieWhen you use lessons without an accountLegitimate interest (Art. 6(1)(f) GDPR) — necessary for the service to function
JWT authentication cookieWhen you log inContract (Art. 6(1)(b) GDPR)

We do not use third-party tracking (no Google Analytics, no Facebook Pixel), and do not serve ads.

3. How we use your data

  • To provide the language-learning service (exercises, progress tracking)
  • To authenticate you when you log in
  • To send you service-critical emails (e.g., password reset) — we do not send marketing emails

4. Data sharing

We do not sell, rent, or share your personal data with third parties, except:

  • Hosting provider: Railway Inc. (US) hosts the application and database. Data transfers are covered by Standard Contractual Clauses.

5. Data retention

  • Account data is kept as long as your account is active.
  • If you delete your account, all personal data is removed within 30 days.
  • Anonymous session cookies expire after 30 days and hold no personal data.

6. Your rights (GDPR)

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing
  • Data portability — receive your data in a structured format
  • Object to processing based on legitimate interest
  • Withdraw consent at any time (where consent is the legal basis)

To exercise any of these rights, email us at the address on our Imprint page.

7. International data transfers

Our database is hosted by Railway Inc. in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission to safeguard data transfers outside the EEA.

8. Security

Passwords are hashed with bcrypt. Authentication cookies are HttpOnly and Secure. We use HTTPS in production. We do not store payment card data.

9. Children

This service is not directed at children under 16. We do not knowingly collect data from children.

10. Changes to this policy

We will update the "Last updated" date above when the policy changes. Material changes will be announced on the site.

11. Supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority in your country of residence.