Privacy Policy

Rouge Gorge: Vocab Learning · Last updated: 3 May 2026

This Privacy Policy explains what personal data the Rouge Gorge iOS app and the rougegorge.app website collect, why they collect it, and what rights you have over your data under the EU General Data Protection Regulation (GDPR) and the French Data Protection Act (Loi Informatique et Libertés).

1. Who is responsible for your data

The data controller is:

• Tudual Lucas Huon, sole proprietor (auto-entrepreneur)
• 21 Dom Morice, 35000 Rennes, France
• SIREN: 999 501 703
• Contact: contact@rougegorge.app

2. What we collect

On your device only. The iOS app stores the following locally using Apple's SwiftData framework. This data never leaves your device unless you explicitly share or delete the app:

• The first name or nickname you entered during onboarding
• Your confirmation that you are at least 13 years old (stored as a single yes/no toggle — no date of birth is collected)
• Your home language (as an ISO code, e.g. fr, es)
• Your declared CEFR level (A1 to C2) and learning preferences
• The vocabulary words you save, review or add to your library
• Your learning history, spaced-repetition stats and daily streaks
• Temporary audio recordings made during pronunciation exercises (see §3)

Sent to our backend server (rougegorge.app). When you look up a word, request a definition, submit a pronunciation, or report AI-generated content, the app sends the following to our server:

• The word or short phrase you looked up
• Your CEFR level and home language (as context for Claude to generate a level-appropriate definition)
• For pronunciation: a short audio sample and the target word
• For reports: the Claude output you flagged, the reason you picked, and any optional free-form note (limited to 500 characters)

We do not send your name, date of birth, exact learning history, or any persistent identifier tied to you personally. Each request carries a shared application API key, not a user identifier.

Technical metadata. Like any web server, our backend logs standard connection metadata (IP address, user-agent, timestamp) when you make a request. These logs are retained for up to 30 days for security and debugging, then rotated out.

3. Third parties we share data with

To provide the AI features of Rouge Gorge, we relay certain requests to the following sub-processors. No other third parties receive your data.

• Apple Inc. (United States) — distributes the App through the App Store and, if you subscribe, processes the subscription via StoreKit. Receives a transaction identifier and your App Store account locale; we do not receive your payment card details.
• Anthropic, PBC (United States) — generates vocabulary definitions and translations via the Claude Sonnet model. Receives only the word and the context outlined above.
• ElevenLabs, Inc. (United States) — generates the spoken pronunciation audio (text-to-speech) when you tap the speaker icon next to a word. Receives only the target word.
• Microsoft Azure AI Speech (European Union region) — evaluates pronunciation quality when you record yourself saying a target word. Receives the audio sample and the target word. Audio is processed and discarded; it is not stored by Microsoft for training.
• Cloudflare, Inc. (United States, edge data centers worldwide) — operates the API edge (Cloudflare Workers) that relays your lookup and enrichment requests to Anthropic, and the response cache (Workers KV). Cache entries last up to 90 days and are keyed by an SHA-256 hash of the search term, your CEFR level and your home language only — they contain no user identifier. Transfers covered by the Standard Contractual Clauses (Decision 2021/914) under the Cloudflare Customer Data Processing Addendum.
• Hostinger International Ltd (Cyprus / European Union) — hosts the rougegorge.app server (text-to-speech, pronunciation, content reports). Acts as a technical provider and does not otherwise access the data.

Apple, Anthropic, ElevenLabs and Cloudflare are located in the United States. Transfers outside the European Economic Area are covered by the European Commission's Standard Contractual Clauses (SCC) as published in Decision 2021/914.

4. How long we keep data

• On-device data: stored until you delete the app or clear it from within Settings. We have no access to it.
• Backend cache of definitions: up to 90 days from last use, then evicted. The cache is keyed by an SHA-256 hash of the lookup (search term + CEFR level + home language) and is not tied to individual users.
• Content reports: up to 90 days, then deleted. Used only to improve AI output quality.
• Access logs: up to 30 days for security and debugging.
• Pronunciation audio: deleted immediately after the score is returned to the app. Not persisted.

5. Your rights

Under the GDPR you have the right to:

• access the personal data we hold about you;
• rectify inaccurate data;
• request the deletion of your data (for anything stored on your device, uninstalling the app achieves this instantly; for backend data, write to us);
• restrict or object to processing;
• obtain a portable copy of your data;
• withdraw any consent you previously gave (e.g. the consent screen shown during onboarding);
• lodge a complaint with the French supervisory authority, the CNIL (www.cnil.fr).

To exercise any of these rights, write to contact@rougegorge.app. We respond within one month.

6. Legal basis for processing

• On-device storage of your profile, vocabulary and learning history: execution of the contract to provide you with the app.
• Backend relay to Anthropic / Microsoft: execution of the contract and your explicit consent obtained during onboarding.
• Content reports you choose to send: your consent at the moment of sending.
• Security logs: our legitimate interest in protecting the service.

7. Children

Rouge Gorge is not intended for children under 13. During onboarding we ask you to confirm you are 13 or older with a single yes/no toggle; we do not collect or store a date of birth. If you believe a child under 13 has used the app, write to us and we will delete any associated data.

8. Security

All traffic between the app and the backend is encrypted over HTTPS using TLS 1.2 or 1.3, with the standard system certificate validation provided by iOS. On-device data is protected by iOS sandboxing and benefits from Apple's hardware-backed encryption when your device is locked.

9. Changes to this policy

If we change this policy we will update the date at the top and, for material changes, notify you in the app on next launch. Continuing to use Rouge Gorge after a material change means you accept the new policy.

10. Contact

Questions about this policy or your data: contact@rougegorge.app.

Rouge Gorge: Vocab Learning · Tudual Lucas Huon, auto-entrepreneur · 21 Dom Morice, 35000 Rennes, France · SIREN 999 501 703