Back to Home
Grammar Radar

Important Notice

This document is originally written in English. In case of discrepancy between translations, the English version prevails.

PRIVACY POLICY

Last updated: January 2026

1. INTRODUCTION

Grammar Radar ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

GDPR Compliance

We comply with the EU General Data Protection Regulation (GDPR) and provide EU residents with the rights outlined in Chapter III of the regulation.

2. DATA WE COLLECT

a) Account Data (via Google OAuth)

  • Email address
  • Display name
  • Profile picture (URL)
  • Google account ID (for authentication)

b) Learning Data

  • Quiz responses (O/X answers)
  • Accuracy rates across 13 grammar categories
  • Time spent on questions
  • Learning patterns and progress
  • Favorites and bookmarked questions
  • Review schedules and spaced repetition data

c) Technical Data

  • Browser type and version
  • Device type and operating system
  • IP address
  • Access times and pages viewed
  • Language preferences

3. HOW WE USE YOUR DATA (Legal Bases - GDPR Art. 6)

a) Contract Performance (Art. 6(1)(b))

  • Provide personalized learning experience
  • Track your progress and adapt difficulty
  • Generate your radar charts and statistics
  • Schedule spaced repetition reviews
  • Manage your account and preferences

b) Legitimate Interests (Art. 6(1)(f))

  • Improve service quality and user experience
  • Analyze aggregate learning patterns (anonymized)
  • Prevent fraud and abuse
  • Ensure security of the Service

c) Consent (Art. 6(1)(a))

  • Marketing communications (optional, with clear opt-in)
  • Non-essential cookies and analytics (with consent banner)

4. DATA SHARING

We share data with the following service providers:

Paddle (Payment Processor / MoR)

Payment data is processed by Paddle.com Market Limited as our Merchant of Record. See Paddle's Privacy Policy

Google (Authentication)

OAuth authentication only. We receive limited profile data as authorized by you.

Supabase (Database Provider)

Data storage and database services. Data is encrypted at rest and in transit.

Vercel (Hosting)

Application hosting and edge functions. See Vercel's Privacy Policy

We do not sell your personal data to third parties.

5. DATA RETENTION

  • Active accounts: Data is retained while your account exists and is active.
  • Deleted accounts: Personal data is removed within 30 days of account deletion.
  • Learning history: Can be reset at any time via Profile Settings.
  • Anonymized analytics: May be retained indefinitely for service improvement.

6. YOUR RIGHTS (GDPR Chapter III)

Under GDPR, you have the following rights regarding your personal data:

Art. 15Right of Access - Request a copy of your personal data
Art. 16Right to Rectification - Correct inaccurate personal data
Art. 17Right to Erasure - Request deletion of your personal data
Art. 18Right to Restrict Processing - Limit how we use your data
Art. 20Right to Data Portability - Receive your data in a machine-readable format
Art. 21Right to Object - Object to processing based on legitimate interests
Art. 7(3)Right to Withdraw Consent - Withdraw consent at any time

To exercise these rights, contact us at contact@grammarradar.com. We will respond within 30 days.

7. COOKIES & TRACKING

We use the following types of cookies:

CookieTypePurpose
sb-*EssentialSupabase authentication session
NEXT_LOCALEEssentialLanguage preference
gr_cookie_consentEssentialCookie consent record

You can manage cookie preferences using our cookie consent banner or your browser settings.

8. INTERNATIONAL DATA TRANSFERS

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including:

  • United States (Vercel, Supabase infrastructure)
  • Republic of Korea (Grammar Radar operations)

Where transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

9. DATA SECURITY

We implement appropriate security measures including:

  • Encryption in transit (TLS/HTTPS)
  • Encryption at rest for stored data
  • Secure OAuth authentication (no password storage)
  • Regular security assessments
  • Access controls and audit logging

While we strive to protect your data, no method of transmission or storage is 100% secure.

10. CHILDREN'S PRIVACY

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately, and we will take steps to delete it.

11. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or via email to registered users. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. GOVERNING LAW & JURISDICTION

This Privacy Policy is governed by the laws of the Republic of Korea. Seoul Central District Court shall have exclusive jurisdiction over any disputes.

For EU residents, the provisions of GDPR apply in addition to local laws. You have the right to lodge a complaint with your local supervisory authority.

대한민국 법을 따르며, 서울중앙지방법원을 관할 법원으로 합니다.

13. CONTACT INFORMATION

For privacy-related inquiries or to exercise your rights, contact us:

contact@grammarradar.com

We aim to respond to all inquiries within 30 days.