Spokn LogoSpokn

Privacy Policy

Effective Date: DECEMBER 22, 2025

Last Updated: DECEMBER 22, 2025

1. Introduction

Welcome to Spokn. This Privacy Policy explains how 3M DIGITAL LTD ("we," "us," "our," or "Spokn") collects, uses, shares, and protects your personal information when you use our mobile application and related services (collectively, the "Service").

Private Beta Notice: Spokn is currently in Private Beta testing. During this phase, we may make changes to our data practices and this Privacy Policy. We will notify you of any material changes with at least 3 months' advance notice via email and in-app notifications. Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.

By using Spokn, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Data Controller Information

Company Name: 3M DIGITAL LTD
Company Registration Number: 11681453
Registered Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, England
Website: spokn.co
Contact Email: support@spokn.co

3M DIGITAL LTD is the data controller responsible for your personal information collected through the Service. We are subject to UK data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

3. Information We Collect

3.1 Information You Provide

Account Information:

  • Email address (for account creation and authentication)
  • Name (if you sign in with Google)
  • Profile picture (if you sign in with Google, optional)

Authentication Methods:

  • Magic link authentication via email
  • Google Sign-In (collecting name, email, and avatar)

Communications:

  • Feedback, questions, and other messages you send us through our support channels or in-app feedback forms
  • Responses to surveys or beta testing questionnaires

3.2 Information Collected Automatically

Usage Data:

  • App opening events
  • Lesson interactions (opening lessons, playing audio)
  • Lesson completion status
  • Lessons added to practice lists
  • Time spent practicing
  • Practice history and patterns
  • Subscription status and transaction history (managed by Apple/Google)

Device and Technical Information:

  • Device type and model
  • Operating system and version
  • Device identifiers
  • IP address
  • App version
  • Error logs and crash reports (via Sentry)

Note: We do NOT record your voice. While our app allows you to practice speaking English, no audio recordings of your speech are captured or stored.

3.3 Information We Do Not Collect

We do not collect:

  • Voice recordings
  • Precise geolocation data
  • Biometric data
  • Payment card information (handled directly by Apple/Google)
  • Social media activity or content
  • Browsing history outside the app

4. How We Use Your Information

We use your personal information for the following purposes under the following legal bases:

4.1 Contract Performance

To provide and maintain the Service, including:

  • Creating and managing your account
  • Authenticating your identity via magic link or Google Sign-In
  • Delivering audio stories and learning content
  • Processing your subscription through Apple/Google payment systems
  • Tracking your learning progress and practice history
  • Providing customer support

4.2 Legitimate Interests

To improve and develop our Service:

  • Analyzing usage patterns to enhance user experience
  • Identifying and fixing technical issues
  • Developing new features and content
  • Conducting research and analysis for product improvement

4.3 Legal Compliance

To comply with legal obligations:

  • Responding to legal requests and preventing fraud
  • Enforcing our Terms of Service
  • Protecting our rights and property

4.4 Consent

Where required by law, with your consent:

  • Sending marketing communications about new features and updates (opt-in required)
  • Sending you push notifications for practice reminders (you can disable in device settings)
  • Collecting feedback during the Private Beta phase

Beta Testing Communications: As a Private Beta participant, you will automatically receive:

  • Product update emails (once per quarter for major updates)
  • Feedback requests and surveys
  • Technical updates and bug fix notifications
  • Weekly progress emails summarizing your learning activity

You may opt out of non-essential communications while remaining in the beta program.

5. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5.1 Service Providers

We share your information with trusted third-party service providers who process data on our behalf:

Supabase (Database and Authentication)

  • Purpose: Database hosting, user authentication, and backend infrastructure
  • Data shared: Email, name, profile picture, usage data, practice history
  • Location: London, UK
  • Website: supabase.com

Resend (Email Service)

  • Purpose: Sending magic link authentication emails and transactional communications
  • Data shared: Email address, name
  • Website: resend.com

RevenueCat (Subscription Management)

  • Purpose: Managing in-app subscriptions and coordinating with Apple/Google payment systems
  • Data shared: User ID, subscription status, transaction events
  • Note: Payment details are handled exclusively by Apple/Google, not RevenueCat or us
  • Website: revenuecat.com

Sentry (Error Tracking)

  • Purpose: Crash reporting and error monitoring
  • Data shared: Device information, app version, error logs, IP address
  • Website: sentry.io

Apple App Store / Google Play Store

  • Purpose: Payment processing and subscription management
  • Data shared: Transaction data, subscription status
  • Note: Apple and Google independently collect payment information according to their own privacy policies

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal processes (court orders, subpoenas)
  • Government or regulatory requests
  • Protection of our rights, property, or safety
  • Investigation of fraud or security issues

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and in-app notification before your information is transferred and becomes subject to a different privacy policy.

6. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy.

Retention Periods:

  • Active accounts: Data retained while your account is active
  • Inactive accounts: Data deleted 1 year after your last interaction with the app
  • Deleted accounts: Most data deleted immediately upon account deletion; some data may be retained for up to 30 days for backup purposes or up to 1 year for legal compliance
  • Cancelled subscriptions: Practice history and learning data retained unless you delete your account
  • Error logs: Retained for up to 90 days via Sentry

After these periods, we will delete or anonymize your personal information unless we are required to retain it for legal, regulatory, or security purposes.

7. Data Storage and Security

7.1 Data Location

Your personal data is primarily stored in London, UK, through our service provider Supabase. Some service providers (such as Sentry and RevenueCat) may process data outside the UK/EU with appropriate safeguards in place.

7.2 International Transfers

Where data is transferred outside the UK/EU, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by UK/EU authorities
  • Adequacy decisions recognized by the UK government
  • Vendor commitments to comply with UK GDPR principles

7.3 Security Measures

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption in transit: All data transmitted between your device and our servers uses HTTPS/TLS encryption
  • Encryption at rest: Data stored in our databases is encrypted
  • Access controls: Database-level policies ensure users can only access their own data
  • Authentication security: Supabase SDK handles secure authentication with industry-standard protocols
  • Regular monitoring: Sentry monitors for security issues and application errors
  • Vendor security: We select service providers with strong security practices and compliance certifications

Despite our safeguards, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

8. Your Rights Under UK GDPR

As a UK data subject, you have the following rights regarding your personal information:

8.1 Right of Access

You have the right to request a copy of the personal information we hold about you.

8.2 Right to Rectification

You can request correction of inaccurate or incomplete personal information.

8.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal information. This can be done directly through the in-app account deletion feature in your profile settings, or by contacting us at support@spokn.co.

8.4 Right to Restriction

You can request that we limit how we use your personal information in certain circumstances.

8.5 Right to Data Portability

You can request a copy of your personal information in a structured, commonly used, and machine-readable format.

8.6 Right to Object

You can object to our processing of your personal information based on legitimate interests.

8.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time. This will not affect the lawfulness of processing before withdrawal.

8.8 How to Exercise Your Rights

To exercise any of these rights:

  1. In-app: Use the account deletion feature in your profile settings (for erasure requests)
  2. Email us: support@spokn.co
  3. Response time: We will respond within 48 hours and fulfill valid requests within 30 days (may be extended by 2 months for complex requests)

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Telephone: 0303 123 1113

9. Children's Privacy

Spokn is designed for users aged 16 and over. While our content is appropriate for younger audiences, we do not knowingly collect personal information from children under 16 without verifiable parental consent.

If you are under 16, please do not use Spokn or provide any personal information without your parent or guardian's permission. If we learn we have collected personal information from a child under 16 without parental consent, we will delete that information promptly.

If you believe we may have information from or about a child under 16, please contact us at support@spokn.co.

10. Marketing Communications and Notifications

10.1 Types of Communications

Transactional Communications (cannot opt out):

  • Magic link authentication emails
  • Account security notifications
  • Subscription confirmations and renewals
  • Critical service updates

Marketing Communications (opt-in/opt-out available):

  • Weekly progress summary emails
  • Quarterly update emails about new features
  • Product announcements and improvements
  • Beta testing requests and surveys

Push Notifications:

  • Practice reminders (up to 2 times per week)
  • Learning streak notifications
  • New content announcements

10.2 Managing Your Preferences

Opt-out of marketing emails:

  1. Click the "Unsubscribe" link at the bottom of any marketing email, OR
  2. Update your communication preferences in the Profile section of the mobile app

Disable push notifications:

  1. Go to your device Settings
  2. Select Spokn
  3. Turn off Notifications

Note: Even if you opt out of marketing communications, you will still receive essential transactional emails related to your account and subscription.

11. Cookies and Tracking Technologies

Mobile App: Our mobile application does not use cookies or similar tracking technologies for advertising or third-party tracking purposes. We use only essential local storage mechanisms to maintain your session and app preferences.

Website (spokn.co): Our website does not currently use cookies or tracking technologies. If this changes, we will update this Privacy Policy and obtain your consent where required.

We do not use:

  • Advertising cookies or pixels
  • Social media tracking
  • Cross-site tracking
  • Third-party analytics cookies

12. Private Beta Specific Terms

12.1 Beta Testing Nature

Spokn is currently in Private Beta. During this phase:

  • Features and functionality may change without prior notice
  • Data collection practices may evolve as we develop the product
  • You may be asked to provide feedback through surveys, forms, or in-app messaging
  • We may conduct additional analysis of usage patterns to improve the Service

12.2 Feedback and Communications

As a beta participant, you automatically agree to:

  • Receive beta-related communications (feedback requests, update notifications)
  • Provide voluntary feedback about your experience
  • Participate in beta testing activities

Your feedback may be used to improve Spokn and may be shared internally or with service providers assisting with product development. We will not publicly attribute feedback to you without your permission.

12.3 Changes During Beta

We reserve the right to make changes to our data practices during the Private Beta phase. For material changes:

  • We will provide at least 3 months' advance notice via email and in-app notification
  • You will have the opportunity to review changes before they take effect
  • Continued use after the notice period constitutes acceptance of the changes
  • You may delete your account at any time if you disagree with changes

12.4 Transition to Public Launch

When Spokn transitions from Private Beta to public release:

  • We will notify you via email
  • This Privacy Policy will be updated to remove beta-specific provisions
  • Your data will continue to be protected under UK GDPR
  • You will have the option to review and accept the updated terms

13. Third-Party Links and Services

The Service may contain links to third-party websites, services, or content not operated by us (for example, links in learning materials or support documentation). We are not responsible for the privacy practices of these third parties.

We encourage you to review the privacy policies of any third-party services you access. This Privacy Policy applies only to information collected by Spokn.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

14.1 Notification of Changes

When we make changes, we will:

  1. Update the "Last Updated" date at the top of this policy
  2. Notify you via email to the address associated with your account
  3. Display an in-app notification when you next open the app
  4. For material changes during Private Beta: provide at least 3 months' advance notice

14.2 Material Changes

Material changes include:

  • Changes to the types of personal information we collect
  • Changes to how we use or share your information
  • Changes to your rights or how to exercise them
  • Changes to data retention periods
  • Changes to our data security practices

14.3 Your Choices

If you disagree with changes to this Privacy Policy:

  • You may delete your account before the changes take effect
  • Contact us at support@spokn.co to discuss your concerns
  • Exercise your right to object to processing under UK GDPR

Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.

15. Data Protection Impact Assessment

As Spokn is currently in Private Beta with limited users and processes low-risk personal data (no sensitive categories, no automated decision-making, no large-scale profiling), we have not yet conducted a formal Data Protection Impact Assessment (DPIA).

We continuously monitor our data processing activities and will conduct a DPIA if:

  • We introduce high-risk processing activities
  • We significantly increase the scale of data collection
  • We implement automated decision-making or profiling
  • We are required to do so under UK GDPR

16. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms:

  • We will notify the UK Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach
  • We will notify affected users without undue delay via email and in-app notification
  • Our notification will include the nature of the breach, likely consequences, and measures taken to address it

If you suspect a security issue with your account, please contact us immediately at support@spokn.co.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@spokn.co
Website: spokn.co
Postal Address:
3M DIGITAL LTD
71-75 Shelton Street
Covent Garden
London, WC2H 9JQ
England

Response Time: We aim to respond to all inquiries within 48 hours.

18. Supervisory Authority

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe we have not handled your personal information appropriately:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom

Website: ico.org.uk
Telephone: 0303 123 1113
Email: casework@ico.org.uk

By using Spokn, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

This Privacy Policy is effective as of DECEMBER 22, 2025 and was last updated on DECEMBER 22, 2025.