Spokit Privacy Policy
Effective date: July 3, 2026
Summary
Spokit collects data needed to provide language-learning functionality, subscriptions, account access, security, support, and product reliability. Spokit does not sell personal data, uses no third-party advertising, and has no tracking across apps or websites for advertising. Service-provider processing is still data sharing for app functionality and must be disclosed accurately.
This draft is not public HTTPS policy text, is not public HTTPS URLs, and is not legal counsel approval. The owner must review, publish, and configure https://spokit.app/privacy before App Store submission.
Data We Collect
Account and authentication data:
- Email address.
- Optional OAuth name, meaning the optional name from Apple Sign in with Apple or Google OAuth, used for account display and app functionality.
- Account identifiers, session identifiers, auth provider identifiers, and RevenueCat app user identifiers.
- OAuth profile image URLs are discarded in V1 and are not persisted by local auth mapping.
users.imageremains compatibility-only for legacy/auth schema compatibility.
Onboarding and profile data:
- Native language and target language.
- V1 no longer asks for age range, under_18 status, or location-like profile text. Legacy
users.ageRangeandusers.locationfields remain compatibility-only and V1 app/backend paths write and return empty strings. - Learning goal, level, daily and weekly goals, reminder settings, app language, and audio/display preferences.
- Selected Crew friend or other local preference fields when enabled.
Learning and user content:
- Typed phrase prompts.
- Speech recordings, uploaded audio, transcription results, generated target/native phrases, saved review cards, token analysis, vocabulary, review history, journal/review data, and audio files stored in Convex storage.
- App interaction events such as phrase production, saved review items, audio failures, rate-limit events, subscription state, and credit usage.
Purchase and subscription data:
- RevenueCat entitlement state, product identifiers, renewal/cancellation/expiration status, purchase history events, App Store app user identifiers, and billing-period metadata.
Device and technical data:
- App version/configuration, basic diagnostics, and platform data needed for app functionality, security, rate limiting, local notifications, and backend reliability.
How We Use Data
Spokit uses data to:
- Create and manage accounts and sessions.
- Generate language-learning phrases, speech transcription, optional audio, token analysis, grammar notes, and spaced-repetition review.
- Store and sync learning progress.
- Enforce credits, subscriptions, rate limits, abuse prevention, and security.
- Provide account deletion, support, data export, and customer service.
- Maintain product reliability and diagnose backend failures.
- Satisfy legal, tax, billing, App Store, and security obligations.
Processors And Service Providers
Spokit may process data with service providers needed to operate v1:
- Convex for backend, database, auth/session storage, server functions, file storage, and analytics events.
- RevenueCat for subscription entitlement processing and App Store purchase lifecycle events.
- Apple Sign in with Apple and Google OAuth for authentication.
- OpenRouter for AI phrase and grammar generation.
- ElevenLabs for speech-to-text and optional text-to-speech audio.
When users type phrases, speak into the microphone, or request generated language content, relevant text and audio may be sent to AI or speech processors for app functionality. The local observability contract currently forbids sending phrase text, transcript text, audio payloads, tokens, emails, or raw provider payloads to external monitoring. If Sentry or any other external observability provider is configured before launch, update this policy and App Privacy answers for the actual provider and payload shape before publish.
Microphone And Audio
Spokit requests microphone permission so users can speak practice prompts. Audio may be uploaded to Spokit storage and sent to a speech processor when the user uses speech features. Generated audio may be stored for playback. Users can type instead of speaking where the app provides text input.
Purchases And RevenueCat
Spokit uses RevenueCat to process subscription entitlement state. Apple handles payment details, refunds, cancellation, and subscription management through the App Store. Spokit receives purchase history and subscription status events needed to unlock Pro, enforce credits, and support billing questions.
App Privacy Label Mapping
Current iOS privacy manifest data types include:
NSPrivacyCollectedDataTypeEmailAddressfor account contact information.NSPrivacyCollectedDataTypeNamefor optional OAuth name used for account display.NSPrivacyCollectedDataTypeAudioDatafor microphone and generated audio features.NSPrivacyCollectedDataTypeOtherUserContentfor phrases, saved cards, speech text, and journal/review content.NSPrivacyCollectedDataTypeUserIDfor Convex and RevenueCat identifiers.NSPrivacyCollectedDataTypeProductInteractionfor app usage and product events.NSPrivacyCollectedDataTypePurchaseHistoryfor RevenueCat and App Store purchase lifecycle events.
Before submission, reconcile App Privacy labels and the privacy manifest with learning goal, selected languages, level, reminder/profile preferences, and any external observability provider configured under docs/observability/v1-production-observability-contract.md. V1 does not collect age range or location-like profile text through local app/backend paths; if any production environment already contains legacy non-empty values, decide on owner-approved cleanup, export, and retention treatment before submission. Do not add avatar or profile photo collection without updating the manifest, App Privacy answers, and this policy.
Tracking, Ads, And Sale
Spokit does not use tracking for advertising, does not show third-party ads, and does not sell personal data. Data may still be disclosed to service providers listed above for app functionality, security, billing, and support.
Account Deletion And Export
Users can initiate Account deletion from the app's Profile settings. Deletion removes or scrubs Spokit-owned account and learning data such as phrases, tokens, reviews, language decks, analytics events, journal entries, seed progress, and auth sessions, except records Spokit must retain for legal, security, billing, fraud-prevention, or App Store requirements.
Users may request data export through support. Support contact is support@spokit.app through https://spokit.app/support.
Retention
Spokit retains account and learning data while the account is active and as needed to provide the service. Deleted-account data is removed or scrubbed according to the deletion flow and legal/security/billing retention needs. Backup, log, and provider retention windows require owner and counsel confirmation before publication.
Security
Spokit uses managed backend, auth, and storage providers to protect data. No system can guarantee absolute security. Users should avoid submitting sensitive, regulated, or confidential information as language practice content.
Children And Minors
V1 no longer asks for age range, under_18 status, or location-like profile text. Before release, owner and counsel should still confirm the COPPA, minors, and Kids Category posture for the final public app. Do not reintroduce age or under_18 collection without updating this policy, App Privacy answers, and the privacy manifest if required.
International Transfers
Spokit and its service providers may process data in countries other than the user's country. The owner and counsel should confirm required transfer language before publication.
Changes
Spokit may update the published Privacy Policy as features, processors, laws, or App Store requirements change. If Sentry, additional analytics, new AI providers, or new social features are added, update this policy and App Privacy answers before release.
Contact
Privacy questions should go to support@spokit.app . This page is published at https://spokit.app/privacy and https://spokit.app/support with final public HTTPS URLs.