Privacy Policy
Last updated: 12 July 2026
This policy explains what personal data TaalKlaar ("we", "us") processes, why, and the rights you have under the EU General Data Protection Regulation (GDPR / AVG).
1. Who we are
TaalKlaar is operated by Legal operator pending configuration. Data-protection contact: privacy@taalklaar.app.
2. Data we collect
- Account data — your email address (for passwordless sign-in).
- Learning profile — target exam, level, exam date, and placement results you provide.
- Progress data — practice scores, attempts, and study activity.
- Speaking submissions — temporary audio, transcript, rubric and feedback used to score and improve your practice.
- Technical data — IP address and request metadata, used for security and rate limiting.
- Billing data — handled by our payment provider (Mollie); we do not store full card details.
3. Why we process it (legal basis)
- Contract — to provide the learning service and your account.
- Legitimate interest — security, fraud and abuse prevention (rate limiting).
- Consent — optional features such as analytics, where applicable.
- Legal obligation — tax and accounting records for purchases.
4. AI processing
Writing and speaking submissions are analysed by automated models to generate feedback and a CEFR estimate. Results are indicative and not an official assessment. Recordings and texts are not used to train third-party models.
5. Sharing & sub-processors
We use Cloudflare (hosting, database, temporary audio processing and AI), Resend (transactional email), Google (optional sign-in), and Mollie (payments). These providers receive only the information needed to deliver their service. We do not sell your data.
Where a provider processes data outside the European Economic Area, we rely on an applicable adequacy decision or the European Commission's Standard Contractual Clauses and review the provider's security and data-processing terms.
6. Retention
Account, transcript, feedback and progress data are kept while your account is active and are deleted when you delete the account. Raw speaking audio is deleted immediately after transcription and scoring; it is not retained as a learning artifact. Passwordless sign-in tokens expire after 15 minutes and sessions after 30 days. Rate-limit records expire between one hour and 15 days, depending on the security control. Payment and invoice records may be retained for seven years where Dutch tax law requires it.
7. Your rights
You have the right to access, rectify, erase, restrict, and port your data, and to object to processing. You may also lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). To exercise any right, email privacy@taalklaar.app.
8. Cookies
We use a strictly necessary session cookie to keep you signed in. We do not set advertising cookies. Any optional analytics will be loaded only with your consent.
9. Changes
We may update this policy; material changes will be announced in the app or by email.
See also our Terms of Service.