Privacy Policy
Effective date: 19 April 2026
Last updated: 19 April 2026 (v2)
This Privacy Policy explains how Wisebee Unipessoal Lda ("Wisebee", "Lingoodie", "we", "our", or "us") collects, uses, shares, and protects your personal data when you use the Lingoodie platform. It also explains the rights you have over your personal data and how to exercise them.
We have written this Privacy Policy in plain language because we want you to understand it. Where we use a legal term, we explain what it means for you in practice.
1. Who we are
This Privacy Policy applies to the Lingoodie platform, which includes:
- the website lingoodie.com and all sub-pages,
- the Lingoodie mobile application (Android package
com.wisebee.lingoodie, and any future iOS version), and
- any related features, tools, support channels, and communications we operate under the Lingoodie brand (collectively, the "Platform").
The data controller responsible for your personal data is:
Wisebee Unipessoal Lda
Lisbon, Portugal
Email: hello@lingoodie.com
For the purposes of the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and Portuguese Law 58/2019, Wisebee Unipessoal Lda is the controller of your personal data. The competent supervisory authority is the Comissão Nacional de Proteção de Dados (CNPD), https://www.cnpd.pt.
You can contact us about this Privacy Policy or any privacy-related matter at hello@lingoodie.com. Please label any data protection request "Privacy Request" so we can route it quickly.
We have not yet appointed a Data Protection Officer because we are not legally required to do so. If our processing changes such that an appointment becomes mandatory, we will publish the contact details here.
2. Who can use Lingoodie
Lingoodie is intended for users who are 18 years of age or older. The app is rated PEGI 18 on the Google Play Store because it includes real-money earning and payout features.
If you are under 18, please do not create an account, submit any personal data, or otherwise use the Platform. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected personal data from a person under 18, we will delete that data and close any associated account.
In the United States, this means we do not knowingly collect personal information from children under 13 within the meaning of the Children's Online Privacy Protection Act ("COPPA"). In the United Kingdom, we do not knowingly collect personal data from children under 13 within the meaning of the Age Appropriate Design Code. In Brazil, we do not knowingly collect personal data from children or adolescents under 18 within the meaning of the LGPD and the Brazilian Civil Code. Parents or guardians who believe a minor has provided personal data to us can contact hello@lingoodie.com to request deletion.
3. What personal data we collect
We collect the following categories of personal data.
Data you provide directly
- Account identifiers: email address, chosen display name, password hash, and, where you sign in with a third-party provider (Google, Apple, Facebook), the unique ID and basic profile information those providers share with us in line with their own terms.
- Learning preferences: the language you want to learn, level, lesson progress, quiz answers, streaks, and any feedback you submit in-app.
- Support and contact data: the content of any message or request you send to us at hello@lingoodie.com, plus metadata such as the date, time, and email address used.
- Payout details: your Revolut tag, PayPal email address, or other payout account identifier, withdrawal amount, and any identity information needed to make a payout to you. As we add new payout options, we will collect the equivalent identifiers required by those services.
- Referral data: your referral code (for example SARIKA), the referral codes you use, and the account-to-account link we create when you invite a friend or join through someone else's code.
Data we collect automatically when you use the Platform
- Device and technical data: device model, operating system and version, browser type and version, screen size, language, time zone, mobile carrier, crash logs, and device or advertising identifiers (Android Advertising ID, and on a future iOS version Apple's IDFA where you grant App Tracking Transparency permission).
- Usage data: lessons started and completed, ads viewed, rewards earned, session length, screens visited, buttons tapped, referrer URL, and in-app interactions.
- Connection data: IP address, approximate location derived from your IP (country and region level), and ISP.
- Cookies and similar technologies as described in section 8.
Data generated by our services about you
- Points balance, USD-equivalent earnings, transaction history, and payout history.
- Risk signals we use to detect fraud, self-referral, bot traffic, or other abuse of the rewards mechanic.
We do not intentionally collect special categories of personal data (for example, health, religious beliefs, political opinions, biometric data, or genetic data). Please do not share this type of information with us.
4. How we use your personal data and our legal basis
We only process your personal data where we have a lawful basis under Article 6 GDPR (and, where applicable, equivalent provisions of UK GDPR, LGPD, and other laws). The list below sets out each purpose and the corresponding basis.
- Providing the Platform and your account: creating and securing your account, saving progress, delivering lessons, calculating rewards, and showing you your balance. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
- Processing payouts: passing the minimum necessary data (name, Revolut tag, PayPal email, or other payout identifier, and amount) to Revolut, PayPal, and our banking partners so you can withdraw your earnings, and keeping a record of the transaction for accounting and audit. Legal basis: performance of a contract (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c)).
- Operating the referral program: linking referrer and referee accounts, calculating the lifetime share of referee earnings paid to the referrer, and crediting the referrer. Legal basis: performance of a contract (Art. 6(1)(b)).
- Showing rewarded advertising: serving the in-app rewarded video ads that fund the rewards you earn. Legal basis: your consent where required for personalised ads (Art. 6(1)(a)) and our legitimate interest in operating a free, ad-funded service (Art. 6(1)(f)). You can manage personalised advertising in your device settings (Google "Reset advertising ID" or "Opt out of ads personalisation") and through the in-app consent prompt where it is shown.
- Analytics, performance, and crash reporting: understanding how users move through lessons, measuring retention, and diagnosing crashes so we can fix bugs. Legal basis: legitimate interest (Art. 6(1)(f)) and, where required, your consent for non-essential cookies and SDKs (Art. 6(1)(a)).
- Session recording and heatmaps on lingoodie.com: Microsoft Clarity records pseudonymised interactions such as clicks, scrolls, and mouse movements so we can improve the website. Clarity masks text content by default. Legal basis: your consent (Art. 6(1)(a)).
- Fraud prevention and platform integrity: detecting self-referral, multiple accounts, bot traffic, and other abuse of the earning mechanic. Legal basis: legitimate interest (Art. 6(1)(f)) and legal obligation where we are required to prevent fraud or money laundering (Art. 6(1)(c)).
- Communications: answering your support requests, sending important service notices, and, where you have opted in, sending you marketing emails about new languages, features, or earning opportunities. Legal basis: performance of a contract (Art. 6(1)(b)) for service communications and your consent (Art. 6(1)(a)) for marketing.
- Legal, regulatory, and safety: complying with court orders, responding to lawful requests from public authorities, enforcing our Terms and Conditions, and protecting the rights, safety, and property of users, third parties, or Lingoodie. Legal basis: legal obligation (Art. 6(1)(c)) and legitimate interest (Art. 6(1)(f)).
- Corporate transactions: in the event of a merger, acquisition, reorganisation, or sale of assets involving Wisebee Unipessoal Lda. Legal basis: legitimate interest (Art. 6(1)(f)), subject to the continued protection of your data.
We do not use your personal data to make solely automated decisions that produce legal or similarly significant effects on you. Our fraud-prevention checks may use automated scoring, but a human reviews any decision before we restrict, suspend, or close your account or withhold a payout, and you can ask us to review such a decision by contacting hello@lingoodie.com.
5. Third-party service providers and recipients
We use the following providers, who act as processors on our behalf or as independent controllers for specific, limited purposes. Each one is bound by a data processing agreement or equivalent safeguards.
Infrastructure and backend
- Supabase (database, authentication, and file storage for account and progress data).
- Lovable (hosting and deployment of lingoodie.com).
- Hetzner Online GmbH (virtual server hosting for supporting tools, EU region).
Analytics, measurement, and diagnostics
- Microsoft Clarity (session recordings and heatmaps on lingoodie.com). Clarity collects data about your interactions with the site, including mouse movements, clicks, scrolls, and page visits. Text inputs are masked by default. See Microsoft's privacy documentation at https://privacy.microsoft.com/privacystatement.
- Google Analytics 4 (GA4) by Google Ireland Limited (website and app analytics).
- Firebase and Firebase Crashlytics by Google Ireland Limited (mobile analytics, crash diagnostics, and app messaging for
com.wisebee.lingoodie).
- Google Play Services and Firebase Test Lab (app distribution, integrity checks, and automated testing).
Advertising
- Google AdMob by Google Ireland Limited is our primary rewarded video advertising network and is integrated through the Google Mobile Ads SDK inside the Lingoodie Android app. To serve and measure ads, AdMob may receive your advertising identifier (Android Advertising ID, or IDFA on a future iOS version where you allow it), IP address, coarse location derived from IP, device and operating-system information, and limited data about the ads you have seen and interacted with. Where you are in the EEA, the United Kingdom, or another jurisdiction that requires consent for personalised advertising, we ask for your consent through a Google-certified consent management prompt before AdMob serves personalised ads. You can withdraw your consent at any time from the in-app privacy settings, and you can reset or limit your advertising identifier from your device settings. For more information see https://policies.google.com/technologies/ads and https://support.google.com/admob/answer/6128543.
- We may also work with other certified advertising partners that are integrated through the Google Mobile Ads SDK as ad mediation networks. These partners receive the same categories of data described above and are listed in the in-app privacy settings.
Payouts and finance
- Revolut Bank UAB / Revolut Ltd. (processing of withdrawals of the cash you have earned to your Revolut account).
- PayPal (Europe) S.à r.l. et Cie, S.C.A. (processing of withdrawals of the cash you have earned to your PayPal account).
- Banking, accounting, and tax advisors used by Wisebee Unipessoal Lda in Portugal.
Communications and marketing
- Brevo (transactional and marketing email, where you have opted in).
- Social sign-in providers (Google, Apple, Facebook) only when you choose to sign in through them.
Other recipients
- Professional advisors (lawyers, auditors) under confidentiality obligations.
- Public authorities, courts, and law enforcement where we are legally required to share information, or where we reasonably believe disclosure is necessary to protect our rights, the rights of our users, or the safety of any person.
We do not sell your personal data, and we do not share it with third parties for their own independent marketing purposes. For the specific meaning of "sell" and "share" under California law, see section 9.3.
6. International transfers
Wisebee Unipessoal Lda is based in the European Union. Some of our service providers (for example Microsoft, Google, and certain advertising partners) may process your data outside the European Economic Area, including in the United Kingdom and the United States. If you live in the United Kingdom, Brazil, Australia, or another country outside the EEA, your data may also be transferred to and processed in the EEA where Wisebee operates, and onward to the providers listed above.
Whenever we transfer personal data across borders, we rely on one or more of the following safeguards:
- an adequacy decision by the European Commission, the United Kingdom government, or another competent authority,
- the EU-US Data Privacy Framework and the UK Extension to it where the recipient is certified,
- the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, supplemented where appropriate by additional technical and organisational measures,
- the ANPD's standard contractual clauses or specific authorisation under Article 33 LGPD for transfers from Brazil, and
- contractual terms equivalent to Australian Privacy Principle 8 for transfers involving Australian personal information.
You can request a copy of the relevant safeguards by writing to hello@lingoodie.com.
7. How long we keep your personal data
We keep your personal data only for as long as we need it for the purposes described in this policy, or as long as the law requires.
- Account data: for as long as your Lingoodie account is active. If you delete your account, we delete or anonymise your account data within 90 days, except for data we must keep for legal or accounting reasons.
- Transaction and payout records: for 10 years, in line with Portuguese accounting and tax retention requirements.
- Support communications: up to 3 years after the last interaction, so we can handle follow-up questions and complaints.
- Marketing data: until you withdraw your consent, and in any case no longer than 2 years after your last interaction with us.
- Analytics data: up to 14 months in GA4 and the default retention periods of each provider; aggregated and anonymised analytics may be kept indefinitely.
- Session recordings (Microsoft Clarity): retained by Microsoft for up to 13 months.
- Fraud and abuse signals: up to 5 years, where needed to protect the integrity of the rewards system and to defend legal claims.
When we no longer need your personal data, we delete it or anonymise it so it can no longer be linked to you.
8. Cookies and similar technologies
On lingoodie.com we use strictly necessary cookies to run the site, plus optional cookies and similar technologies for analytics, session recording (Microsoft Clarity), and marketing. We ask for your consent for non-essential cookies through a cookie banner the first time you visit, and you can change your choices at any time from the cookie settings link in the footer.
Inside the Lingoodie app we use equivalent technologies such as local storage, advertising identifiers, and SDK-level trackers for analytics, rewarded ads, and crash reporting. You can control advertising identifiers in your device settings, and you can opt out of non-essential analytics through the in-app privacy settings.
If your browser or device sends a Global Privacy Control (GPC) signal, we treat it as a request to opt out of "sale" and "sharing" of personal information for users in California and other US states that recognise GPC.
Our detailed cookie information, including the name, purpose, provider, and duration of each cookie, forms part of this Privacy Policy and is available from the cookie settings link in the website footer.
9. Your privacy rights
The rights available to you depend on where you live. The sections below describe the main regimes that apply to Lingoodie users today. In every case, you can write to hello@lingoodie.com with the subject line "Privacy Request" and we will route your request to the right team.
9.1 European Economic Area (EU GDPR)
If you are in the European Economic Area, you have the following rights in relation to your personal data:
- Right to be informed about what we do with your data. This policy is our primary way of informing you.
- Right of access to the personal data we hold about you.
- Right to rectification of inaccurate or incomplete data.
- Right to erasure ("right to be forgotten"), subject to legal retention obligations.
- Right to restrict processing in certain circumstances.
- Right to data portability in a structured, commonly used, machine-readable format.
- Right to object to processing based on legitimate interests, including profiling, and an absolute right to object to direct marketing.
- Right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
- Right to lodge a complaint with your local supervisory authority, or with the CNPD in Portugal (https://www.cnpd.pt).
We will respond within one month of receiving your request, and we may extend this by two further months where the request is complex. We may ask you to verify your identity before we act on a request, to protect your data.
9.2 United Kingdom (UK GDPR and Data Protection Act 2018)
If you are in the United Kingdom, you have the same set of rights described in section 9.1, applied under the UK GDPR and the Data Protection Act 2018. You can lodge a complaint with the Information Commissioner's Office (ICO) at https://ico.org.uk or by calling 0303 123 1113.
Wisebee is established in the European Union and offers the Lingoodie service to users in the UK. Where Article 27 of the UK GDPR requires us to appoint a UK representative, we will publish their contact details here. Until that appointment is made, you can exercise all of your UK GDPR rights directly with us at hello@lingoodie.com.
9.3 California (CCPA and CPRA)
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA"), gives you the following rights with respect to the personal information we collect about you.
Categories of personal information we collect. In the last 12 months we have collected the following CCPA categories: identifiers (such as email address, account ID, advertising identifiers), commercial information (your earnings and payout history), internet or other electronic network activity (lessons completed, screens visited, ads viewed), geolocation data (coarse location derived from IP), and inferences drawn from the above (for example fraud risk scores). We collect this information from you, from your device, and from the service providers listed in section 5.
Sensitive personal information. We do not knowingly collect "sensitive personal information" within the meaning of the CCPA, and we do not use any of the data we collect for the purpose of inferring characteristics about you that would qualify as sensitive personal information.
Sale and sharing of personal information. We do not sell your personal information for money. However, when we serve personalised advertising through Google AdMob and other certified ad partners, the disclosure of your advertising identifier and related device data to those partners may be considered "sharing" for cross-context behavioural advertising under the CCPA. You have the right to opt out of this sharing.
Your CCPA rights:
- Right to know what personal information we collect, use, disclose, and share, including the categories, sources, business or commercial purposes, and the categories of recipients.
- Right to delete the personal information we have collected from you, subject to certain exceptions (for example to complete a transaction, detect fraud, or comply with legal obligations).
- Right to correct inaccurate personal information.
- Right to opt out of sale or sharing of your personal information for cross-context behavioural advertising.
- Right to limit use of sensitive personal information (we currently do not use sensitive personal information beyond what is necessary to provide the service).
- Right to non-discrimination for exercising any of these rights. We will not deny you service, charge you a different price, or provide a different level of quality because you exercised a CCPA right.
- Right to designate an authorised agent to make a request on your behalf. We will ask the agent to provide proof of authorisation and may ask you to verify your identity directly.
To exercise these rights, email hello@lingoodie.com with the subject line "California Privacy Request", or use the "Cookie settings" and "Do not sell or share my personal information" links in the website footer. We honour Global Privacy Control (GPC) signals from supporting browsers as an opt-out request for sale and sharing.
We will respond to verifiable consumer requests within 45 days, and we may extend this by another 45 days where reasonably necessary.
9.4 Brazil (LGPD)
If you are in Brazil, the Lei Geral de Proteção de Dados (Federal Law No. 13,709/2018, "LGPD") gives you the following rights under Article 18 LGPD:
- confirmation that we process your personal data,
- access to your personal data,
- correction of incomplete, inaccurate, or out-of-date data,
- anonymisation, blocking, or deletion of unnecessary or excessive data, or data processed in non-compliance with the LGPD,
- portability of your data to another service provider, subject to commercial and industrial secrecy,
- deletion of personal data processed on the basis of your consent,
- information about the public and private entities with which we have shared your data,
- information about the possibility of refusing consent and the consequences of that refusal,
- revocation of consent at any time, and
- the right to petition the Autoridade Nacional de Proteção de Dados (ANPD) at https://www.gov.br/anpd.
To exercise these rights, write to hello@lingoodie.com with the subject "Solicitação LGPD" or "LGPD Request". You can write to us in Portuguese or English.
Wisebee is the controller (controlador) of your personal data in Brazil. Where Article 23 of the LGPD requires us to appoint a representative (encarregado/representante) in Brazil, we will publish their contact details here. Until that appointment is made, all LGPD requests should be addressed to hello@lingoodie.com.
9.5 Australia (Privacy Act 1988)
If you are in Australia, the Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs") apply to our handling of your personal information.
You have the right to:
- ask us what personal information we hold about you and obtain access to it,
- ask us to correct personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading,
- opt out of receiving direct marketing from us at any time, and
- complain to us about how we handle your personal information.
If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC) at https://www.oaic.gov.au.
When we disclose your personal information to overseas recipients (for example our cloud and analytics providers), we take reasonable steps under APP 8 to ensure those recipients handle your information in line with the APPs.
9.6 How to exercise your rights
For any request under any of the regimes above, write to hello@lingoodie.com with a clear description of what you want us to do and which jurisdiction you are in. We may need to verify your identity before we act, and we will explain why if we cannot fully comply with a request.
You can also delete your account and the personal data attached to it directly from the in-app settings, or by emailing hello@lingoodie.com or using our account deletion page.
10. Security
We apply reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These include encryption in transit (HTTPS/TLS), encryption at rest for our databases, access controls, logging, and regular review of who can access what.
No system is perfectly secure, and we cannot guarantee absolute security. If a personal data breach occurs that is likely to result in a high risk to your rights and freedoms, we will notify you and the competent supervisory authority (the CNPD in Portugal, the ICO in the UK, the ANPD in Brazil, or the OAIC in Australia, as applicable) within the timeframes required by law.
11. Links to other websites and services
The Platform may contain links to third-party websites, apps, or services (for example app stores, payment providers, social networks). We are not responsible for the privacy practices of these third parties, and we encourage you to read their privacy notices before sharing any personal data with them.
12. Corporate transactions
If Wisebee Unipessoal Lda is involved in a merger, acquisition, financing, reorganisation, bankruptcy, or sale of some or all of its assets, your personal data may be transferred to the new owner as part of that transaction. We will give you notice of any such transfer and of your choices regarding your personal data.
13. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes to our practices, our services, or the law. When we make material changes, we will update the "Effective date" at the top of this page and, where appropriate, notify you through the Platform or by email. Your continued use of the Platform after the update takes effect means you accept the revised Privacy Policy. If you do not agree with the changes, please stop using the Platform and contact us to delete your account.
14. How to contact us
If you have questions, concerns, or complaints about this Privacy Policy or our handling of your personal data, please contact:
Wisebee Unipessoal Lda
Lisbon, Portugal
Email: hello@lingoodie.com
Subject lines we use to route requests:
- "Privacy Request" for general data protection matters,
- "California Privacy Request" for CCPA/CPRA requests,
- "Solicitação LGPD" or "LGPD Request" for Brazilian data subject requests.
You also have the right to contact your local data protection authority, including:
- the Comissão Nacional de Proteção de Dados (CNPD) in Portugal, https://www.cnpd.pt,
- the Information Commissioner's Office (ICO) in the United Kingdom, https://ico.org.uk,
- the Autoridade Nacional de Proteção de Dados (ANPD) in Brazil, https://www.gov.br/anpd,
- the Office of the Australian Information Commissioner (OAIC), https://www.oaic.gov.au, or
- the supervisory authority of the EEA country in which you live or work.