Privacy Policy

Last updated: 25 May 2026

1. Who We Are

NuanceLab is a Danish language learning platform operated from Ærø, Denmark. For the purposes of the General Data Protection Regulation (GDPR), NuanceLab acts as the data controller for all personal data described in this policy.

You can reach us at hello@nuancelab.app for any privacy-related questions.

2. Data We Collect

We collect the following categories of personal data:

Account data

Your name and email address, provided when you create an account through our authentication provider (Clerk). We use this to identify your account and communicate service updates.

Audio recordings

WAV audio files you record during pronunciation practice sessions. These files are transmitted to Microsoft Azure Speech Services for real-time analysis and are not permanently stored by NuanceLab as raw audio. The assessment results — accuracy scores and mispronounced word lists — are saved to your account to power your progress tracking.

Vocabulary and learning data

Words you save to your personal vocabulary list, practice toggle settings, per-word miss counts and correct-streak counters, XP points, and daily and overall practice streaks.

AI coaching conversations

Messages you send to the Nuance Coach are transmitted to Anthropic for response generation in the same session. NuanceLab does not permanently store the content of these conversations.

Billing data

Payment method details and transaction history are handled directly by Stripe; NuanceLab never receives or stores your full card number. We store only your Stripe customer ID, subscription status, current plan identifier, and billing period end date.

Usage data

Standard server and application logs, including your IP address, browser type, operating system, pages visited, and timestamps. This data is used for security monitoring and service reliability.

3. Legal Basis for Processing

We rely on the following legal bases under GDPR Article 6:

  • Performance of a contract (Article 6(1)(b)): processing necessary to provide the service you subscribed to, including account management, pronunciation assessment, and billing.
  • Legitimate interests (Article 6(1)(f)): service improvement, security monitoring, fraud prevention, and aggregated analytics. We apply a balancing test to confirm these interests are not overridden by your rights.
  • Legal obligation (Article 6(1)(c)): retaining financial transaction records as required by Danish accounting law.

4. Third-Party Services

We work with the following processors to deliver NuanceLab. Each is bound by a data processing agreement with us.

Anthropic (United States)

Provides the Claude AI model used to generate Danish practice texts, grade writing exercises, and power the Nuance Coach. Text content from your sessions is transmitted to Anthropic servers. Data is transferred under Standard Contractual Clauses (SCCs).

Microsoft Azure (EU / Global)

Provides speech-to-text pronunciation assessment and text-to-speech audio synthesis. Audio data is processed by Azure's Cognitive Services. Microsoft holds EU-US Data Privacy Framework certification and offers GDPR-compliant data processing terms.

Stripe (United States)

Handles all payment processing and subscription management. Stripe is GDPR-compliant and certified under the EU-US Data Privacy Framework. Your payment data is subject to Stripe's own privacy policy.

Clerk (United States)

Manages user authentication and identity. Your email address and session data are processed by Clerk under Standard Contractual Clauses.

Neon / Vercel (United States)

Your learning data is stored in a PostgreSQL database hosted by Neon, and the application is served via Vercel's edge network. Both operate under Standard Contractual Clauses.

5. How We Use Your Data

  • Authenticating your account and maintaining your session.
  • Delivering pronunciation assessment results and personalized feedback.
  • Tracking your learning progress, streaks, and XP across sessions.
  • Generating practice texts tailored to your vocabulary list.
  • Processing subscription payments and managing your billing plan.
  • Sending transactional emails, such as trial-end reminders and subscription receipts.
  • Monitoring service security and investigating potential abuse.
  • Complying with applicable laws and legal obligations.

6. Data Retention

We retain your personal data for as long as your account is active. If you request account deletion, we will permanently erase your data within 30 days, except where we are required by law to retain specific records (for example, financial transaction records required under Danish accounting law, which are retained for five years).

Aggregated and anonymised usage statistics that cannot be linked back to you may be retained indefinitely.

7. User Data Deletion

You have the right to request complete deletion of your NuanceLab account and all associated personal data, including:

  • Your account profile and login credentials
  • All audio recording sessions and pronunciation assessment results
  • Your saved vocabulary list and personal word-tracking data
  • Your XP history, streaks, and progress data
  • Your subscription record (note: Stripe transaction history may be retained separately as required by law)

To submit a deletion request, send an email to hello@nuancelab.app with the subject line “Data Deletion Request” and the email address associated with your account. We will confirm receipt within 5 business days and complete the deletion within 30 days.

If you have an active paid subscription, cancelling your subscription through the Billing portal before requesting deletion will prevent any further charges.

8. Your Rights Under the GDPR

As a data subject in the European Economic Area, you have the following rights:

  • Right of access: obtain a copy of the personal data we hold about you.
  • Right to rectification: correct inaccurate or incomplete data.
  • Right to erasure ('right to be forgotten'): request deletion as described in Section 7.
  • Right to data portability: receive your data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interests.
  • Right to restriction: request that we limit how we process your data in certain circumstances.
  • Right to withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at hello@nuancelab.app. You also have the right to lodge a complaint with the Danish supervisory authority, Datatilsynet.

9. Cookies and Tracking

NuanceLab uses only essential cookies required to maintain your authenticated session (set by Clerk). We do not use advertising cookies, third-party tracking pixels, or cross-site analytics tools. No consent banner is shown because we do not place non-essential cookies.

10. Data Security

All data is transmitted over encrypted HTTPS/TLS connections. Your data at rest is stored in encrypted PostgreSQL databases. We conduct periodic reviews of our security posture and access controls. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by GDPR Article 33.

11. Children's Privacy

NuanceLab is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child under 16, please contact us at hello@nuancelab.app and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email at least 14 days before the changes take effect. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of NuanceLab after the effective date constitutes acceptance of the updated policy.

13. Contact

For any questions about this Privacy Policy or our data practices, contact us at: hello@nuancelab.app