1. Introduction
At Phoniq, we take your privacy seriously. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information.
2. Data We Collect
Account Data
Collected at registration: full name, email address, and phone number. If you sign in with Google or Apple, we use the basic profile information from that provider. Your email address and phone number are verified with one-time codes.
Service Data
- Selected topics, call plans, and preferences
- Transcripts of conversations with the AI coach
- Conversation analysis scores (grammar, vocabulary, fluency, pronunciation)
- English proficiency level and progress history
Voice Recordings
Call recordings are stored on our AI voice infrastructure provider's servers for 30 days and automatically deleted thereafter. Transcripts and derived analysis are retained until you close your account, or for up to 24 months after account inactivity, whichever comes first, after which they are deleted or irreversibly anonymised for aggregate research.
Payment Data
Package purchases, subscription charges, and refund records are stored. Credit card details are processed directly by our PCI-compliant payment service provider; purchases made inside the iOS app are processed by Apple. Phoniq does not store card information.
Technical Data
IP address, browser type, device information, and session data are collected for security and performance purposes.
Mobile App Tracking
We do not track you across other apps or websites. We do not use Apple's Identifier for Advertisers (IDFA) or any cross-app advertising identifier, and the Phoniq mobile app does not request App Tracking Transparency (ATT) permission. We do not share identifying data with data brokers.
3. SMS / Text Messaging
We send SMS text messages to phone numbers that you provide and verify at registration. Messages fall into two categories:
- Account verification and login authentication — one-time passcodes (OTP) when you sign up, sign in, change your phone number, or reset your password.
- Lesson reminders — short notifications when you have a missed scheduled lesson that can still be completed in the app.
How you opt in. By submitting your phone number on the Phoniq registration form (web at https://phoniq.ai/en/register, or in the iOS / Android mobile app) and tapping "Send verification code" / "Verify", you consent to receive SMS from Phoniq for the purposes above.
Frequency. Typically 2 to 10 messages per month per user. Frequency varies based on your account activity.
Cost. Message and data rates may apply, charged by your mobile carrier.
Opt-out. Reply STOP to any SMS to unsubscribe from non-essential SMS. Reply HELP to receive help. You can also email hello@phoniq.ai to disable SMS reminders. Verification SMS required for account security cannot be disabled while your account remains active.
No SMS marketing. Phoniq does not use SMS for marketing or promotional content.
Third-party sharing. Mobile phone numbers and SMS opt-in consent are not shared with third parties or affiliates for marketing or promotional purposes. Phone numbers are processed only by our verification-message providers — Twilio (SMS) and WhatsApp (Meta) — for the sole purpose of sending the messages described above.
4. How We Use Your Data
- Account creation, email and phone verification, and authentication
- Sending one-time verification codes by SMS, WhatsApp, and email
- Conducting AI-powered English conversation sessions
- Generating personalized language analysis and progress reports
- Processing balance and payment transactions
- Sending service notifications and lesson reminders (push, email, SMS)
- Customer support and troubleshooting
- Protecting the service against fraud and automated abuse
- Improving service quality
- Fulfilling legal obligations
5. Who We Share Your Data With
We do not sell your data. We share it only with the following service providers, solely for the purpose of delivering our service:
| Provider | Purpose |
|---|---|
| VAPI | AI calling infrastructure and conversation analysis |
| Twilio | Voice telephony and SMS verification |
| WhatsApp (Meta) | Phone number verification via WhatsApp |
| Stripe | Payment processing (web and Android) |
| Apple & Google | Sign-in and in-app purchases |
| Resend | Transactional email and email verification |
| Google reCAPTCHA | Protection against automated abuse |
| Expo | Push notifications |
| Google Cloud (Cloud SQL) | Database hosting |
All providers are bound by a Data Processing Agreement (DPA).
6. Data Retention
- Account information: Until account closure + 2 years
- Voice recordings: 30 days (on AI voice infrastructure)
- Transcripts and analysis: Until account closure, or up to 24 months after account inactivity, whichever comes first
- Payment records: 10 years (legal requirement)
7. Security
Your data is transmitted with SSL/TLS encryption and hosted in secure data centers. JWT-based authentication and httpOnly cookies are used. Passwords are stored as bcrypt hashes.
8. Cookies
Phoniq uses only essential session cookies, plus Google reCAPTCHA for security. See our Cookie Policy for details.
9. Your Rights
- Right to access your data
- Right to correct inaccurate data
- Right to request deletion of your data
- Right to object to processing
- Right to data portability
For users in Turkey, additional rights under KVKK (Turkish Data Protection Law) are covered within this policy.
10. Contact
For any privacy-related questions or requests: hello@phoniq.ai
11. Policy Changes
Material changes to this policy will be notified by email. The current version is always available on this page.