Privacy Policy
1. Introduction
Welcome to LingoSheets ("we", "our", or "us"). We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This Privacy Policy explains how we collect, use, store, and share your personal data when you visit our website at lingosheets.store and use our services.
2. Data Controller
Auf dem Glück 1
44894 Bochum
Germany
LingoSheets
Auf dem Glück 1
44894 Bochum
Email: admin@lingosheets.store
3. What Data We Collect
We collect the following categories of personal data:
3.1 Account Data (via Netlify Identity)
- Email address —” used for account creation, login, and communication
- Full name —” if provided during registration
- Password —” stored securely and hashed by Netlify Identity
3.2 Payment Data (via Stripe)
- Name, email, billing address —” required to process your payment
- Payment method details (credit/debit card) —” processed and stored exclusively by Stripe; we do not store your full card details on our servers
- Transaction records —” purchase history and amounts for order fulfillment
3.3 Usage Data (Automatically Collected)
- IP address (anonymized where possible)
- Browser type and version
- Pages visited and time spent
- Referring website
- Device type and operating system
3.4 Free Tier Users
If you use our free tier (5 free lessons), we may collect your email address for account access. No payment data is collected for free tier usage.
4. How We Use Your Data
We process your personal data for the following purposes:
- Contract fulfillment (Art. 6(1)(b) GDPR) —” to process purchases, deliver digital products (PDF learning sheets), and manage your account
- Legal obligation (Art. 6(1)(c) GDPR) —” to comply with tax, accounting, and legal requirements
- Legitimate interest (Art. 6(1)(f) GDPR) —” to improve our website, prevent fraud, and ensure security
- Consent (Art. 6(1)(a) GDPR) —” to send you marketing emails (only if you opt in); you can unsubscribe at any time
5. Third-Party Services
We use the following third-party services that may process your data:
5.1 Stripe (Payment Processing)
Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA. Stripe processes your payment information securely under PCI DSS Level 1 compliance. When you make a purchase, your card data is transmitted directly to Stripe's servers and never touches ours.
Stripe's Privacy Policy: https://stripe.com/privacy
5.2 Netlify (Hosting & Authentication)
Netlify, Inc., 512 2nd Street, Suite 200, San Francisco, CA 94107, USA. Our website is hosted on Netlify's infrastructure. Netlify Identity is used for user authentication. Netlify may collect server logs including IP addresses.
Netlify's Privacy Policy: https://www.netlify.com/privacy/
5.3 Google Fonts
This website uses Google Fonts for typography. When you load a page, your browser may connect to Google's servers to retrieve font files, which may transmit your IP address to Google.
Google's Privacy Policy: https://policies.google.com/privacy
6. Cookies & Local Storage
Our website uses the following storage mechanisms:
- Essential cookies/local storage —” for authentication sessions (Netlify Identity) and theme preferences (dark/light mode). These are strictly necessary and do not require consent.
- Stripe cookies —” Stripe may set cookies for fraud prevention during the checkout process.
Meta Pixel & Facebook Ads: With your consent, we use the "Meta Pixel" from Meta Platforms Ireland Ltd. to track conversion rates from our Facebook ads and optimize our marketing campaigns. This allows us to show relevant ads to users who have shown interest in our website. This process may involve the use of cookies. You can revoke this consent at any time via your browser settings or Facebook ad preferences.
7. Data Retention
- Account data —” retained as long as your account is active or as needed to provide services. You may request deletion at any time.
- Payment/transaction data —” retained for the legally required period (typically 10 years for tax records in Germany).
- Server logs —” automatically deleted after 30 days by our hosting provider.
8. International Data Transfers
Some of our third-party service providers (Stripe, Netlify) are based in the United States. Data transfers to the US are conducted under appropriate safeguards, including the EU-US Data Privacy Framework and/or Standard Contractual Clauses (SCCs) as approved by the European Commission.
9. Your Rights Under GDPR
As a data subject, you have the following rights:
- Right of access (Art. 15 GDPR) —” request a copy of your personal data
- Right to rectification (Art. 16 GDPR) —” correct inaccurate data
- Right to erasure (Art. 17 GDPR) —” request deletion of your data ("right to be forgotten")
- Right to restrict processing (Art. 18 GDPR) —” limit how we use your data
- Right to data portability (Art. 20 GDPR) —” receive your data in a machine-readable format
- Right to object (Art. 21 GDPR) —” object to processing based on legitimate interests
- Right to withdraw consent (Art. 7(3) GDPR) —” withdraw consent at any time without affecting prior processing
To exercise any of these rights, please contact us at admin@lingosheets.store. We will respond to your request within 30 days.
10. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority. For Germany, the competent authority is:
Kavalleriestr. 2-4, 40213 Düsseldorf, Germany
https://www.ldi.nrw.de
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:
- SSL/TLS encryption for all data in transit
- Secure password hashing via Netlify Identity
- PCI DSS Level 1 compliant payment processing via Stripe
- Regular security reviews and updates
12. Children's Privacy
Our services are not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically. Continued use of our website after changes constitutes acceptance of the revised policy.
14. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us: