Privacy Policy

1. Who we are

Venakhi is the data controller for the personal data processed through this service. We are established in the European Union and our contact details are at the bottom of this page.

2. What we collect

Account data: your name, email address, password hash, and the language(s) you're learning.

Session data: the audio recordings, transcripts, and chat messages from your live tutoring sessions, plus the analyses we generate from them.

Usage data: pages you visit inside the app, the device and browser you use, and the date/time of your visits. Used to keep the service reliable and to debug.

Billing data: handled by our payment processor (Stripe). We store the last four digits of your card and your invoice history, never the full card number.

3. Why we process it (lawful basis)

Contract: to provide the tutoring rooms, materials, and analyses you signed up for. Without this we can't operate the service.

Consent: for any optional features — for example, recording a live session requires explicit consent from every participant, captured on the guest invite page.

Legitimate interest: to keep the service secure, prevent abuse, and improve the product. We balance this against your privacy rights and minimize what we collect.

Legal obligation: to keep certain financial records, and to respond to lawful requests from authorities.

4. How long we keep it

Account data is kept while your account is active and for 30 days after closure, so you can change your mind.

Session recordings + transcripts are kept until you delete the session, or for 12 months — whichever comes first — unless you've explicitly enabled a longer retention window in Settings.

Deleted sessions sit in Recently Deleted for 7 days, then are permanently removed.

Billing records are kept for the period required by tax law (typically 7 years in the EU).

5. Who we share it with

Service providers we use to run Venakhi: hosting (Vercel, Supabase), transcription / language analysis (Anthropic, AssemblyAI), payment processing (Stripe), and transactional email (Postmark). Each is bound by a data processing agreement.

We do not sell your personal data. We do not share it for advertising purposes.

We do not use your session content to train third-party AI models without explicit, separate consent.

6. International transfers

Some of our processors are based outside the EU/EEA. Where that's the case we rely on the European Commission's Standard Contractual Clauses (SCCs) and equivalent transfer mechanisms to protect your data.

7. Your rights

You can: access your data, correct it, delete it, export it (data portability), restrict our processing of it, object to processing based on legitimate interest, and withdraw consent at any time.

Most of these can be exercised directly from Settings. For anything else, email privacy@venakhi.com and we'll respond within one month.

You also have the right to lodge a complaint with your national data protection authority.

8. Cookies and similar technologies

We use a small set of cookies to keep you signed in and to remember your preferences. These are essential — without them the app can't function — and don't require consent.

We use a privacy-respecting analytics tool to understand which pages are used. You can accept or reject it from the cookie banner at the bottom of the screen.

We do not use advertising cookies.

9. Security

Your data is encrypted in transit (TLS) and at rest. Passwords are stored as salted hashes; we never see the plaintext. We follow the principle of least privilege — only the people who need access to your data have it, and access is logged.

No system is perfectly secure. We will notify you within 72 hours of becoming aware of a personal data breach that affects you.

10. Contact

Data protection questions: privacy@venakhi.com.

General contact: hi@venakhi.com.