Privacy Policy

1. Data controller and contact

This Privacy Policy applies to LexStud, including the website, accounts, learning tools, classrooms, teacher profiles, community features, subscriptions, paid plans, digital goods, and related services.

2. Data we collect

Depending on how you use LexStud, we may collect the following categories of personal data:

Account data

• Email address
• Display name or username
• Password hash
• Account settings and preferences
• Selected language and interface preferences
• Plan status, subscription tier, and account permissions

Learning and progress data

• Languages studied
• Kanji, vocabulary, grammar, kana, lesson, quiz, or review progress
• Spaced repetition data, due dates, review history, correctness, and mastery level
• Points, levels, streaks, achievements, daily quests, and game results
• Classroom lesson attempts, submissions, answers, and teacher feedback where classroom features are used

Community and communication data

• Profile text, avatar, country, teacher profile information, and public profile content you choose to add
• Posts, comments, reactions, friend requests, classroom posts, chatroom messages, and direct messages
• Moderation reports, blocks, warnings, and safety-related records
• Support messages, feature suggestions, collaboration inquiries, and contact form submissions

Teacher, classroom, and promotion data

• Teacher profile content, classroom content, lesson content, learner lists, and classroom membership records
• Teacher ads or promotional text/images if promotional tools are enabled
• Teacher profile visibility, profile links, classroom activity, and related platform metrics

Payment and commercial data

• Plan type, subscription status, billing period, payment status, and transaction metadata
• Stripe customer ID or other payment-provider identifiers
• Purchase records for subscriptions, LexPoints, credits, digital goods, downloadable files, books, or other paid features
• We do not intend to store full card numbers. Card processing is handled by payment providers such as Stripe.

Technical, security, and device data

• IP address
• Browser, device, operating system, user-agent, and approximate technical environment
• Pages viewed, timestamps, referrers, error logs, security events, rate-limit records, and login/session records
• Cookie identifiers, consent choices, and preference data

Uploaded files and images

• Avatar images, profile images, classroom files, teacher profile images, advertisement images, or other uploads if those features are enabled
• File metadata such as name, type, size, upload time, and storage path

3. Public vs private information

Some LexStud areas may be public or visible to other users. You should not post anything you do not want others to see.

May be public or visible to other users

• Display name, username, avatar, country, short bio, and public profile information
• Teacher profile information and promotional content
• Posts, comments, public classroom messages, public chatroom messages, reactions, and community activity
• Classroom membership or activity where the classroom feature displays it to teachers or learners

Normally private

• Email address
• Password hash
• Private messages, unless moderation, reporting, safety, or legal review is needed
• Payment-provider identifiers and billing status
• Internal security logs, IP logs, and anti-abuse records

4. Why we use your data

We use personal data for the following purposes:

• To create and manage accounts
• To provide language-learning tools, spaced repetition, reviews, games, lessons, quizzes, and progress tracking
• To run classrooms, teacher profiles, learner submissions, chatrooms, and community features
• To process subscriptions, paid plans, LexPoints, digital goods, and billing-related actions
• To provide support, answer contact requests, and respond to privacy requests
• To prevent spam, abuse, fraud, cheating, scraping, attacks, and unauthorized access
• To moderate content and enforce Terms of Use
• To improve performance, fix bugs, understand feature usage, and develop the platform
• To send important account, security, billing, product, or legal notices
• To comply with legal obligations or respond to lawful requests

5. Legal bases under GDPR

Where GDPR applies, we rely on one or more of the following legal bases:

• Contract: to provide the Service you request, including accounts, learning progress, classrooms, subscriptions, and paid features.
• Legitimate interests: to secure the platform, prevent abuse, improve LexStud, maintain service integrity, moderate content, and protect users.
• Consent: for optional cookies, optional analytics or marketing where required, optional profile/public features, and other optional features that require consent.
• Legal obligation: where processing is required by law, tax, accounting, consumer protection, fraud prevention, or lawful requests.
• Vital interests/public interest: only where legally relevant and necessary, for example in serious safety situations.

6. Cookies, analytics, and similar technologies

LexStud uses essential cookies and similar technologies to keep the Service working. These may include session cookies, CSRF/security cookies, login cookies, language preference cookies, theme preference cookies, and consent-preference cookies.

If LexStud uses optional analytics, marketing, advertising, or tracking cookies, we will ask for consent where required and provide a way to manage or withdraw that consent.

Examples of cookie or local-storage purposes may include:

• Keeping you logged in
• Remembering dark/light mode
• Remembering selected language
• Protecting forms from CSRF attacks
• Saving consent choices
• Understanding page usage and errors, if analytics are enabled

If a dedicated cookie policy is published, it will be available at /legal/cookies.php.

7. Payments, subscriptions, and Stripe

LexStud may offer subscriptions, paid plans, teacher features, classroom limits, LexPoints, credits, digital goods, downloads, books, or other paid features.

Payment processing may be handled by third-party providers such as Stripe. We may receive and store payment-related metadata such as plan type, subscription status, payment status, Stripe customer ID, invoice status, cancellation status, and transaction references.

We do not intend to store full card numbers on LexStud servers. Payment providers process card information under their own terms and privacy notices.

We may retain billing and transaction records where needed for accounting, tax, fraud prevention, dispute handling, and legal compliance.

8. Community, messages, classrooms, and moderation

If you use community features, teacher tools, classrooms, chatrooms, direct messages, comments, posts, friend requests, or learner submissions, the content and related metadata may be stored and processed to provide those features.

Teachers may be able to see learner submissions, answers, classroom membership, classroom activity, and other classroom-related progress. Learners may see teacher profile information, classroom content, and messages shared in classroom spaces.

We may review reported content, moderation queues, messages, posts, classroom content, teacher profile content, and related records where needed to enforce the Terms, protect users, investigate abuse, or comply with law.

9. Teacher profile ads and promotion tools

If LexStud offers teacher profile ads, featured teacher placements, promotional tools, or similar features, we may process profile content, promotional text, images, links, visibility settings, performance metrics, and payment status.

Promotional content may be reviewed, rejected, hidden, or removed if it is misleading, illegal, unsafe, spammy, low-quality, or against LexStud’s rules.

Metrics for promotional features may include impressions, clicks, profile views, classroom views, or other platform activity, depending on what is implemented.

10. Sharing your data

We do not sell your personal data.

We may share personal data with:

• Hosting and infrastructure providers that keep LexStud online.
• Email providers used for contact forms, support, account notices, and transactional email.
• Payment providers such as Stripe for checkout, subscriptions, billing portals, invoices, disputes, and payment events.
• Analytics and error monitoring providers if enabled, subject to cookie/consent rules where required.
• Security and anti-abuse tools used to protect accounts and the platform.
• Teachers and classroom participants where classroom features require showing learner activity, submissions, messages, or membership information.
• Other users when you post public profile, community, classroom, or teacher content.
• Authorities, courts, regulators, or legal advisors where required by law or necessary to protect rights, safety, or security.

11. International transfers

Some service providers may process data outside Greece or outside the European Economic Area. Where required, we use appropriate safeguards such as contractual protections, adequacy decisions, Standard Contractual Clauses, or equivalent legal mechanisms.

12. Data retention

We keep personal data only as long as reasonably needed for the purposes described in this Policy, unless a longer period is required for legal, tax, accounting, security, fraud prevention, dispute handling, backup, or enforcement reasons.

• Account data: usually kept while your account exists.
• Learning progress: kept while your account exists so LexStud can provide progress, spaced repetition, levels, achievements, and history.
• Classroom data: kept while needed for teacher/learner access, classroom records, submissions, moderation, or dispute handling.
• Community content: may remain visible until deleted, removed, or moderated. Some records may remain in logs or backups.
• Private messages and chat: kept as needed to provide messaging, safety, moderation, reporting, and abuse-prevention features.
• Payment records: kept as needed for billing, tax, accounting, dispute, fraud-prevention, and legal obligations.
• Security logs: usually kept for a limited period, but may be kept longer for abuse investigations or legal/security reasons.
• Backups: deleted on a rolling schedule. Residual copies may remain for a limited time.

13. Your GDPR rights

If GDPR applies to you, you may have the following rights, subject to legal limits and verification:

• Access: ask whether we process your personal data and request a copy.
• Rectification: ask us to correct inaccurate or incomplete data.
• Erasure: ask us to delete personal data in certain cases.
• Restriction: ask us to restrict processing in certain cases.
• Objection: object to certain processing based on legitimate interests.
• Portability: request certain data in a structured, commonly used, machine-readable format.
• Withdraw consent: withdraw consent at any time where processing is based on consent.
• Complaint: lodge a complaint with a data protection authority, including the Hellenic Data Protection Authority if you are in Greece.

We may need to verify your identity before responding to a privacy request. Some requests may be limited where we must keep data for legal, security, billing, fraud-prevention, moderation, or rights-protection reasons.

14. Children

LexStud is not intended for children below the age required to consent to online services in their country unless a parent or legal guardian has provided the necessary consent.

In Greece, the age threshold for a child’s consent to information society services is commonly treated as 15. If a user is below that age, consent from a legal representative is required.

If we learn that a child is using LexStud without required consent, we may restrict, suspend, or delete the account and related data where appropriate.

15. Security

We use reasonable technical, organizational, and administrative measures to protect personal data. These may include password hashing, session protection, CSRF protection, rate limiting, access controls, logging, backups, and security monitoring.

No online service is completely secure. You are responsible for keeping your password safe and notifying us if you believe your account has been compromised.

16. Changes to this Policy

We may update this Privacy Policy from time to time. If changes are significant, we will update this page and the effective date. Continued use of LexStud after the updated Policy is posted means the updated Policy applies.

17. Contact and privacy requests

For privacy requests, account-data questions, deletion requests, export requests, or other data-protection questions, contact us through /contact.php or email info@lexstud.com.