Privacy Policy

Version 5 · Effective from June 1, 2026

This Privacy Policy explains what personal data the 12levels mobile application (the "Service") collects and how it is processed.

1. Data Controller

The data controller is Iuvenalii Khlopkov (PE), an individual entrepreneur registered in the Republic of Armenia, tax identification number 20279853, registered office: 26A Movses Khorenatsi str., apt. 201, Yerevan 0010, Armenia.

Contact for data protection inquiries:
Email: [email protected]
Website: https://12levels.app

2. Categories of Data Processed

2.1 Identification data

• Email address — for registration and account recovery (only if you choose email sign-in)
• Name — for interface personalization (only if you sign in with Apple/Google or provide it during email registration)
• Internal user identifier (User ID) — to link progress to your account
• Anonymous device identifier (UUID) — a random UUID generated on first app launch and stored in your device's Keychain. Used as your stable identity for purchases and progress recovery before you sign in with Apple/Google/Email. See Section 2.5 for details.

2.2 Learning data

• Word learning progress — which words are being learned and their current learning stage
• Answer results — correct/incorrect answers used to schedule review intervals via a spaced-repetition algorithm
• Reading sessions — which learning texts you have opened, your position within them, and your overall progress
• Free-text answers — phrases you type during knowledge-check exercises
• Calibration results — your detected language level (CEFR scale) and identified gaps

2.3 Technical data

• Crash reports — crash data via Apple MetricKit (anonymous, aggregated) and via Sentry. Sentry crash reports are linked to your internal User ID (UUID) for debugging; they never include your email or name.
• Performance metrics — performance data (launch time, memory, slow operations) via Apple MetricKit and Sentry, the latter linked to your internal User ID (UUID).
• Diagnostic breadcrumbs — a short trail of recent in-app actions before a crash (taps, screen navigation, network requests without their contents), collected by Sentry to reproduce bugs.
• App and iOS version — for compatibility

2.4 Payment and subscription data

The Service does not receive credit card numbers, bank details, or any other payment instrument data. All payments for the "12levels Pro" subscription and Lifetime purchase are processed by Apple through the App Store In-App Purchase system.

For purchases made inside the Service, we process the following purchase-related data:

• Signed Apple transaction receipt (JWS) — cryptographically signed by Apple, contains the transaction identifier, product identifier (Monthly / Yearly / Lifetime), purchase date, expiration date (for subscriptions), and Apple's environment (sandbox or production). Verified server-side using Apple's public certificate chain to confirm the purchase is genuine and untampered.
• App Account Token (appAccountToken) — a UUID that matches your internal User ID (see Section 2.1). The token is sent to Apple at purchase time so that subsequent Apple-to-server notifications (renewals, refunds, cancellations) can be matched back to your account. Before you sign in with Apple/Google/Email, this UUID is the anonymous device identifier described in Section 2.5 and contains no link to your real identity beyond what Apple already processes as the payment processor (your Apple ID). After sign-in, the same UUID is associated with your authenticated account so that purchases made before and after sign-in remain on the same record.
• Entitlement status — derived state on our servers: which "Pro" plan is active for your account, when it expires, whether auto-renewal is enabled, whether a refund/revocation occurred. Used to gate Pro features and to display correct subscription status in the app.
• Subscription lifecycle events from Apple — received via Apple App Store Server Notifications V2 (a server-to-server webhook from Apple to the Service). Includes events such as SUBSCRIBED, DID_RENEW, EXPIRED, REFUND, REVOKE, DID_CHANGE_RENEWAL_PREF. Used solely to keep your entitlement status accurate; logged in an audit table for compliance and debugging.

We do not collect, see, or have any access to your Apple ID password, your Apple ID email address (we see only the anonymous appAccountToken), your billing address, or your country of residence beyond what Apple may disclose to us indirectly through the regional pricing tier of the purchased product.

2.5 Anonymous account creation after purchase

When you make a purchase in 12levels (subscription or one-time), the Service automatically creates an anonymous server-side record so that we can:

• Link your subscription to a stable identifier across app reinstalls
• Save your learning progress to enable recovery on device transfer or reinstall
• Send you to the correct account when you later sign in with Apple, Google, or email

This anonymous record contains:

• A unique device identifier (the UUID described in Section 2.1, generated on first launch and stored in your iOS Keychain)
• Your subscription state (linked via Apple's appAccountToken)
• Your learning progress (vocabulary, streaks, library, reading sessions) — only items you actively created after purchase

This anonymous record does not contain:

• Your email, name, Apple ID, or any directly identifying information
• Any data we did not collect through your active use of the app

Until you sign in with Apple, Google, or email, the anonymous record is identified only by a randomly generated UUID and cannot be linked to you personally by us or third parties. When you later sign in, the same record is upgraded in place (the UUID is retained as the primary key) and your chosen sign-in identity (Apple ID, Google account, or email) is attached. You can permanently delete this record at any time via Profile → Delete Account.

If you never make a purchase, no server-side record about you is created. Free-tier usage stays entirely on your device.

We retain anonymous records as long as the linked subscription is active. After subscription expiry (and absent any further activity), the anonymous record is automatically purged within 365 days.

3. Purposes of Processing

1. Providing learning functionality — adaptive learning algorithms and personalized content selection based on your level and progress
2. Saving progress across devices — backend synchronization
3. Subscription management — verifying payment status with Apple, gating Pro features, processing renewal/refund/cancellation events
4. Account recovery — via email if device is lost
5. Service improvement — anonymous analytics for bug fixing and UX improvement
6. Legal compliance — tax reporting, retention of subscription records, responding to lawful requests

4. Legal Bases (GDPR Article 6)

• Consent — for processing learning data and personalization
• Contract performance — to provide the subscription service, including verifying purchases and granting Pro entitlements
• Legitimate interest — for security (preventing fraud, abuse), and for keeping subscription state consistent via Apple webhook processing
• Legal obligation — for tax and other regulatory reporting

5. Sharing With Third Parties

5.1 Infrastructure and hosting

• Cloudflare — DNS, CDN, WAF, backend hosting (Containers + Workers), object storage (R2)
• Supabase — managed PostgreSQL database
• Apple Inc. (USA) — App Store, In-App Purchase (payment processor), push notifications, App Store Server Notifications V2 (webhook source for subscription lifecycle events), and Sign in with Apple (if you choose it)
• Google LLC (USA) — Sign in with Google identity provider, only if you choose to sign in with Google; processes your Google account email and name solely to authenticate you
• Resend — transactional email delivery (account recovery, important notifications)

5.2 AI content generation (international data transfer)

For features powered by external AI providers, anonymized learning context may be transmitted to:

• OpenAI, L.L.C. (USA) — text generation
• Anthropic, PBC (USA) — text generation

Before transmission, data is anonymized: email, name, and User ID are stripped from the payload. Only the anonymized learning context required for generation is sent.

We take steps to minimize personal data transferred to AI providers and rely on their Data Processing Agreements and applicable contractual safeguards (including their commitments not to use API-submitted data for model training).

5.3 Diagnostics and crash reporting

• Apple MetricKit — anonymous, aggregated diagnostic data, processed by Apple
• Sentry (Functional Software, Inc., USA) — crash reporting, performance monitoring, and diagnostic breadcrumbs. Linked to your internal User ID (UUID) for debugging; no email, name, or payment data is sent to Sentry. Performance traces are sampled (about 10% in production).

6. Data Retention

• Account data — while your account exists. Deleted within 30 days after account deletion
• Backups — kept for 90 days after deletion, then destroyed
• Subscription transaction records and Apple webhook events — 5 years per tax law and to enable refund / dispute handling
• Anonymous metrics — indefinite (not linked to identity)

7. Your Rights

Under applicable law, you have the right to:

1. Access your personal data and receive a copy
2. Request correction or erasure of your data
3. Withdraw consent (which may limit functionality)
4. Restrict or object to processing
5. Data portability (receive your data in a machine-readable format)
6. Lodge a complaint with a supervisory authority
7. Delete your account directly in the app: Profile → Delete Account

Deleting your account removes your learning progress and personal data within 30 days. It does not automatically cancel your active Apple subscription — you must cancel it separately through Apple's subscription management (Settings → [your name] → Subscriptions). Records of past subscription transactions are retained for tax compliance as described in Section 6.

To exercise your rights, send a request to [email protected]. We respond within 30 days.

8. Security

• TLS 1.3 encryption in transit
• Tokens stored in device Keychain
• Password hashing (bcrypt)
• Apple JWS receipts cryptographically verified server-side against Apple Root CA before any entitlement is granted
• Idempotent processing of Apple webhooks via unique notificationUUID deduplication
• Regular dependency updates and vulnerability scanning
• Data minimization (we collect only what is necessary)
• Anonymization before AI service transmission

9. Children

The Service is not intended for children under 13. App Store age rating is 4+ (no objectionable content), but an Apple ID is required (Apple requires parental management via Family Sharing for children under 13). If we learn that a user under 13 has created an account without parental consent, we will delete it. We do not knowingly sell paid subscriptions to children under 13.

10. Changes to This Policy

We may update this Policy. Material changes (expanded data categories, new purposes or recipients) will be notified in the app and may require renewed consent. The version and effective date are shown at the top.

11. Governing Law

For users in the European Union or the EEA, Regulation (EU) 2016/679 (GDPR) applies.

For all other users, the laws of the Republic of Armenia apply (the country of the Controller's registration), without prejudice to mandatory consumer protection provisions of the user's country of residence.

12. Contact

For all data protection inquiries:
Email: [email protected]
Website: https://12levels.app