Updated January 15, 2026
Fasaha ("we", "us") is an AI-powered Arabic learning platform available globally through our mobile apps and fasaha.app. This policy explains what data we collect, why, who helps us process it, and how you stay in control.
Applies to: Fasaha iOS/Android apps, fasaha.app, and support channels. Schools or enterprise customers may have supplemental agreements provided by their administrator.
Fasaha controls personal data for our consumer services. When delivered through a school or employer, that organization may act as joint controller.
Email fasaha.app@gmail.com for any privacy question. EEA/UK users: add "GDPR" to the subject line. We respond within 30 days.
We collect only what is needed to deliver lessons, meet legal obligations, or improve the product. Decline optional collection via in-app settings or device permissions.
Name, email, auth tokens, language preferences, timezone, and profile photo. Passwords are hashed—never stored in plaintext.
Lesson progress, streaks, quiz scores, dictionary lookups, translations, and prompts sent to AI tutors.
Audio recordings, speech transcripts, or camera input when you use pronunciation or scanning features. Recordings stay on-device when possible; uploads occur only when you initiate scoring or sync.
Voice biometrics derived from pronunciation practice are treated as sensitive personal information. We do not collect neural data (brain-wave or nervous-system signals). If we ever do, we will obtain explicit opt-in consent first.
Subscription tier, trial dates, store receipts, and anonymized RevenueCat IDs. Apple/Google process payments; we receive only transaction tokens.
Model, OS, app version, locale, crash logs, and (if enabled) ad identifiers for debugging and platform compliance.
Approximate location from IP/timezone to localize content and display correct legal terms.
Essential cookies for language prefs; optional Vercel Web Analytics running cookieless by default (no third-party ads). We do not load it when your browser signals Global Privacy Control or Do Not Track.
Sync lessons and progress across devices via Supabase/Firebase. Surface weak vocabulary. Provide AI tutoring and speech feedback through vetted APIs (e.g., Google Cloud Speech). Prompts are pseudonymized and blocked from training public models unless you opt in.
Service messages, security alerts, study reminders, and marketing (unsubscribe anytime). Push notifications are opt-in via device settings.
Aggregate de-identified metrics for product decisions, A/B tests, and fraud detection.
Enforce Terms of Service, respond to lawful requests, maintain audit trails required by education and consumer-protection laws.
Effective January 2026, California requires disclosure of automated decision-making technology (ADMT). Here is how Fasaha uses it:
Algorithms adjust lesson difficulty based on your quiz performance and time spent. You can reset adaptive settings in Settings → Learning.
AI models grade pronunciation. Scores influence practice recommendations but do not restrict access to content.
Automated systems flag suspicious account activity (e.g., abnormal streaks). Flagged accounts are reviewed by a human before any action is taken.
California residents may request information about ADMT logic, opt out of certain profiling, and access outputs. Email fasaha.app@gmail.com with subject "ADMT Request".
Contract – account, progress, and payment data needed to deliver the service.
Legitimate interests – diagnostics, analytics, safety monitoring, limited marketing to existing users.
Consent – push notifications, marketing emails, non-essential cookies, research programs.
Legal obligation – tax records, anti-fraud logs, platform reporting.
Infrastructure (Supabase, AWS, Google Cloud), auth/media (Firebase, Expo), analytics (Vercel Web Analytics + Speed Insights—cookieless, no PII), payments (RevenueCat, Apple, Google), communications (Expo Push, support inbox).
All have signed DPAs; sub-processing is restricted; security audited annually.
Joining challenges or sharing vocab lists makes your display name, avatar, and shared content visible to participants. Delete anytime from the relevant screen.
In a merger, acquisition, or bankruptcy, data transfers to the successor under this policy. We may also disclose to comply with law or protect users.
We ask explicit permission before sharing data with research partners, featuring testimonials, or enabling SSO integrations.
Primary storage is in the United States. Cross-border transfers rely on Standard Contractual Clauses or equivalent mechanisms. Data is encrypted in transit and at rest.
Account data: retained while active; deleted after 24 months of inactivity (two reminder emails sent first).
Learning artifacts (audio, transcripts, dictionary history): clear anytime via Settings → Privacy.
Server logs: up to 12 months. Purchase records: as required by tax law.
TLS encryption, role-based access, secret scanning, routine pen-tests. We maintain incident-response playbooks and notify regulators/users of breaches as required.
Download learning history, update profile, or delete account in Settings → Account. Need help? Email fasaha.app@gmail.com.
Every marketing email has an unsubscribe link. We currently use essential cookies only and honor Global Privacy Control (GPC) signals.
Residents of California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Montana, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia can: know what data we hold, correct it, delete it, obtain a copy, and opt out of "sale" or "sharing" for targeted ads.
Fasaha does not sell personal data. To submit or appeal a request, email fasaha.app@gmail.com. We will verify identity and respond within the statutory period (usually 45 days).
Our apps and site detect GPC browser signals. When detected, we automatically treat it as an opt-out of sharing for cross-context behavioral advertising.
Our App Store Privacy Nutrition Label and Google Play Data Safety form list each data type, purpose, and linkage to identity—synced with this policy before every release.
The app includes a link to this policy in Settings → Privacy (required under CCPA 2026 for mobile apps).
Permissions (microphone, camera, speech recognition, notifications, media library, motion) are requested just-in-time and revocable in device settings.
Fasaha is for learners 13+. We do not knowingly collect data from children under 13 without verifiable parental consent. If discovered, such data is deleted immediately.
For users under 16, we obtain opt-in consent before any "sale" or "sharing" of personal information. In practice, Fasaha does not sell data, but we implement this safeguard as required.
We may use platform-provided age-signal APIs (Apple/Google) to apply appropriate protections per App Store Accountability Acts (TX, CA, LA, UT).
Teachers using Fasaha Classroom must obtain parental/guardian consent and remain the primary contact for students.
We update this policy for new features, processors, or regulatory changes. Material updates are announced via in-app notice or email at least 15 days before taking effect.