Privacy Policy

This Privacy Policy explains how Shevchuk Maksym, a sole proprietor registered in Ukraine (“Readigo”, “we”, “us” or “our”) collects, uses, and shares personal information in connection with the Readigo iOS application (the “App”) and the marketing websites at readigo.app and readbuddy.app (together with the App, the “Service”).

For the purposes of the EU General Data Protection Regulation (Regulation (EU) 2016/679, the “GDPR”) and the UK GDPR, Readigo is the controller of the personal data described in this Policy.

The fastest way to reach us with a privacy question, exercise a right, or report a concern is support@readigo.app. We aim to acknowledge requests within 5 business days and resolve them within the statutory periods (one month under GDPR/UK GDPR; 45 days under CCPA/CPRA).

• No ads. No data sold. The whole business model is subscriptions.
• Voice recordings don’t get kept.When your child reads, the audio goes over an encrypted connection to be transcribed, scored, and dropped. Usually within 10 seconds. We don’t build a voice profile.
• Reading progress stays on the device. Books read, scores, streaks, and achievements live locally on the iPhone or iPad.
• One adult Account per family.A parent or guardian creates the Account through Sign in with Apple or Google. The child doesn’t have their own login.
• You can delete everything from inside the app. Settings → Delete account. That removes your Account and the data we hold within 30 days.

We minimise the personal data we collect. The categories below cover every type of personal information processed by the Service.

Under GDPR/UK GDPR we must identify a lawful basis for every processing purpose. Where you are in the EEA, the UK, or Switzerland, the table below sets out the purpose and the corresponding basis.

• Providing the App and the reading-practice features. Legal basis: performance of the contract between you and us (Article 6(1)(b) GDPR).
• Personalising Reading Feedback for your Child. Legal basis: performance of the contract (Article 6(1)(b)); where data relating to a child under the applicable age is involved, we additionally rely on your consent given as the holder of parental responsibility (Article 8(1) GDPR).
• Processing subscription purchases and renewals. Legal basis: performance of the contract (Article 6(1)(b)) and our compliance with tax and accounting obligations (Article 6(1)(c)).
• Maintaining the security and integrity of the Service. Legal basis: our legitimate interest in protecting users and our systems against fraud and abuse (Article 6(1)(f)).
• Analytics and product improvement. Legal basis: our legitimate interest in understanding aggregate usage to make the Service better (Article 6(1)(f)); we apply privacy-by-default choices — pseudonymisation, on-device aggregation where possible, no tracking of Child users for behavioural advertising.
• Compliance with legal obligations and responding to lawful requests. Legal basis: legal obligation (Article 6(1)(c)).
• Direct communications with you in response to a support request. Legal basis: performance of the contract (Article 6(1)(b)) and our legitimate interest in providing customer service (Article 6(1)(f)).

We do not process special-category personal data under Article 9 GDPR. The Child’s voice is captured solely to produce a text transcript for educational scoring; it is not used to identify a natural person and therefore does not constitute biometric data under Article 4(14) GDPR.

We share personal data only with the service providers that operate the Service on our behalf and only to the extent each provider needs to perform its function. Each provider acts as a processor under a written data-processing agreement that requires confidentiality, security, and assistance with data-subject rights.

We do not sell or rent personal data to third parties for their own marketing. We do not share data with advertising networks or data brokers. We do not engage in any “sale” or “share for cross-context behavioural advertising” within the meaning of the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA).

We may disclose personal data to law-enforcement authorities or other public bodies where we are legally obliged to do so, where it is necessary to protect our rights, your safety, or the safety of others, or in connection with a merger, acquisition, or similar corporate transaction (in which case we will require the recipient to honour the commitments in this Policy).

Some of our service providers are established in countries outside the EEA, the UK, and Ukraine. Where we transfer personal data to such countries, we rely on one or more of the following safeguards as required by Chapter V GDPR (and the equivalent UK GDPR rules):

• an adequacy decision adopted by the European Commission (or the UK equivalent) for the country concerned;
• the Standard Contractual Clauses set out in Commission Implementing Decision (EU) 2021/914 and, for transfers from the UK, the UK International Data Transfer Addendum;
• our processor’s certification under the EU–US, UK Extension, and Swiss–US Data Privacy Framework, where applicable.

A copy of the relevant safeguard is available on request at support@readigo.app.

• Audio recordings: retained only for the seconds required to produce the transcript. Discarded immediately after scoring; no archival copy.
• Account information: retained for the lifetime of the Account and deleted within 30 days of the Account being deleted (subject to backups, which are overwritten on a rolling cycle of no more than 90 days).
• Subscription receipts: retained for the period required by applicable tax and accounting law (currently up to 7 years), then deleted or fully anonymised.
• Reading-progress data: stored on the device for as long as the App is installed; removed when the App is uninstalled or the Account is deleted.
• Support correspondence: retained for up to 24 months from the date of the last message to assist with related follow-up requests.
• Web logs: retained for up to 30 days for security and abuse-prevention purposes.

We apply organisational and technical measures appropriate to the risk and to the nature of the data, including:

• transport-layer encryption (TLS 1.2 or higher) for all data in transit between the App, our websites, and our service providers;
• encryption of data at rest by our infrastructure providers;
• access controls based on the principle of least privilege, with audit logging on production systems;
• secret management through Apple App Store Connect and a password-manager vault — no production credentials in source code;
• vendor due-diligence at onboarding and periodic review of sub-processor certifications and SOC 2 / ISO 27001 reports where available.

No method of transmission or storage is perfectly secure. If we become aware of a personal-data breach that is likely to result in a risk to the rights and freedoms of natural persons, we will notify the competent supervisory authority within 72 hours (Article 33 GDPR), and notify affected users without undue delay where the breach is likely to result in a high risk to their rights and freedoms (Article 34).

If you are in the EEA, the UK, or Switzerland, you have the following rights in respect of your personal data, exercisable free of charge unless your request is manifestly unfounded or excessive:

• Right of access (Article 15): to obtain confirmation that we process your data and a copy of it.
• Right to rectification (Article 16): to have inaccurate data corrected.
• Right to erasure (Article 17): to have your data deleted where one of the listed grounds applies.
• Right to restriction of processing (Article 18).
• Right to data portability (Article 20): to receive your data in a structured, commonly used, machine-readable format and to have it transmitted to another controller.
• Right to object (Article 21): to processing based on our legitimate interests, on grounds relating to your particular situation.
• Rights related to automated decision-making (Article 22): we do not make decisions producing legal or similarly significant effects solely on the basis of automated processing.
• Right to withdraw consent at any time, without affecting the lawfulness of processing carried out beforehand.
• Right to lodge a complaint with your local supervisory authority (a list is published by the European Data Protection Board at edpb.europa.eu; in the UK, the Information Commissioner’s Office at ico.org.uk).

To exercise any of these rights, email support@readigo.app. We may need to verify your identity by asking you to confirm the email address associated with the Account from the same email.

California residents have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

• Right to know what categories of personal information we have collected about you and the Child, the categories of sources, the purposes, and the categories of recipients.
• Right to delete personal information we have collected, subject to the statutory exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of sale or sharing of personal information. We do not sell or share personal information.
• Right to limit the use of sensitive personal information. We do not use sensitive personal information for any purpose beyond what is permitted under Cal. Civ. Code § 1798.121(d).
• Right to non-discrimination for exercising any of these rights.

You may exercise these rights by emailing support@readigo.app. An authorised agent may submit a request on your behalf with written proof of authorisation.

Notice for Californian minors under 16:in accordance with Cal. Bus. & Prof. Code § 22581, an authorised Parent acting on behalf of a Californian Child may request removal of content or information posted by the Child by emailing support@readigo.app.

We design the App to align with the 15 standards of the Children’s Code published by the UK Information Commissioner’s Office, including: high-privacy defaults, minimum data collection, transparency in age-appropriate language, no use of nudge techniques to lower protections, no profiling, no geolocation by default, and parental controls that are easy to find and use.

Цей розділ застосовується до користувачів — суб’єктів персональних даних, які знаходяться в Україні. Володільцем персональних даних є Shevchuk Maksym(Україна). Обробка персональних даних здійснюється відповідно до Закону України «Про захист персональних даних» № 2297-VI. Ви маєте права, передбачені статтею 8 цього Закону, у тому числі право на доступ, виправлення, знищення своїх персональних даних та оскарження дій з обробки до Уповноваженого Верховної Ради України з прав людини. Для реалізації цих прав напишіть на support@readigo.app.

The App does not use cookies. The websites readigo.app and readbuddy.app set:

• Strictly necessary first-party storage — to remember your locale and to assign the first-party visitor identifier described in Section 3.7. No consent is required under Article 5(3) of the ePrivacy Directive because storage is necessary for the service explicitly requested.
• Edge analytics — aggregated, IP-anonymised pageview counters provided by Vercel; no cross-site tracking.

We do not use third-party advertising cookies, retargeting pixels, or social-media trackers.

Reading Feedback is generated by automated speech-to-text transcription and algorithmic scoring (described in our Terms of Service §12). These features assist a Child in reading practice; they do not produce decisions that have a legal effect on you or the Child, and they are not used to make decisions about access to the Service, pricing, or any other significant matter. Article 22 GDPR therefore does not apply.

We may update this Policy from time to time. If a change is material, we will notify you in the App or by email at least 30 days before it takes effect (or such longer period as applicable law requires). The most recent version is always available at readigo.app/en/privacy. The “Last updated” date above tells you when this Policy was last revised.

For any privacy question, request, or complaint, email support@readigo.app. We will acknowledge receipt within 5 business days and respond substantively within the period required by the law applicable to your request.