Privacy Policy

This policy applies to the ThaiFlip mobile app, the ThaiFlip website and web pages, ThaiFlip APIs and backend services, and customer support, issue reporting, and related communications.

We collect the following categories of data, depending on how you use ThaiFlip.

Account and identity data

• Email address, username, and encrypted password
• Account creation and update timestamps
• OAuth provider name, provider user ID, email, name, and avatar URL if you use social sign-in

Device and technical data

• Device token and install ID
• User agent, device type, and device name
• IP address, request path, method, referrer, and session metadata
• App version, platform headers, crash and error-monitoring data
• Network and edge metadata including Cloudflare location headers when available

Learning, usage, and progress data

• Decks you create, review history, and spaced-repetition status
• Study session records, duration, ratings, and review counts
• Reading lesson progress and reading settings
• Sentence attempts, scores, corrections, and explanations
• Purchase, subscription, and entitlement status needed to unlock paid features
• Issue reports and feedback you submit
• Activity events such as dictionary searches, word views, audio plays, and sign-up events

Content you submit

• Dictionary queries and search text
• Issue report text and related metadata
• Images selected from camera or photo library for OCR
• Audio recordings submitted for transcription or pronunciation assessment
• Text you submit for sentence grading

Data stored locally on your device

• Authentication session tokens in secure device storage
• Guest device token and install ID in secure device storage
• Local dictionary search history
• Local grammar and script/game progress
• Cached app configuration, offline cache data, and user settings

We use personal data to:

• Create and manage accounts, authenticate users, and maintain sessions
• Provide dictionary, deck, reading, OCR, transcription, pronunciation, and sentence-grading features
• Sync learning progress across devices where supported
• Process purchases, restore entitlements, and manage access to paid features
• Process issue reports, feedback, and support requests
• Protect the service, detect abuse, enforce rate limits, and investigate misuse
• Monitor errors, stability, and service performance
• Improve content quality and fix product problems

Where UK GDPR applies, we rely on the following legal bases:

• Contract: to provide the services you request and operate core app features
• Legitimate interests: to secure the service, prevent abuse, troubleshoot errors, and improve ThaiFlip
• Consent: where you grant device permissions, allow AI processing, or use social sign-in
• Legal obligation: where we need to keep or disclose information to comply with law

The mobile app may request access to:

• Camera, to capture images for OCR
• Photo library, to choose images for OCR
• Microphone / audio recording, to record speech for transcription and pronunciation features

These permissions are optional, but the related feature will not work without them.

We do not sell your personal data. We may share personal data with service providers that help us operate ThaiFlip, including:

For AI-powered features, we ask for your permission before sending text, audio, or images you choose to submit to our AI processing providers.

• Cloudflare, for API delivery and storage of uploaded files
• Sentry, for crash reporting, error monitoring, and diagnostics
• Amplitude, for product analytics and feature usage measurement
• RevenueCat, for in-app purchase processing, entitlement management, and purchase restoration
• Apple and Google, to verify social sign-in credentials
• OpenAI, Google, and/or Microsoft, to process AI-powered transcription, grading, pronunciation, and related requests
• Hosting, database, and infrastructure providers that support our backend

We may also disclose data if required by law, to enforce our Terms of Service, to protect users from fraud or security threats, or as part of a merger or acquisition.

Some of our providers may process personal data outside the United Kingdom. Where we transfer personal data internationally, we aim to use appropriate safeguards required by applicable law.

We keep personal data only for as long as reasonably necessary for the purposes described in this policy.

• Refresh tokens expire after 30 days unless revoked earlier
• Temporary OCR uploads are cleaned up automatically
• Local app data remains until you clear it or uninstall the app
• Account-linked data may remain until your account is deleted
• Backup copies may persist for a limited period after deletion

We use measures intended to protect personal data, including:

• Encrypted transport over HTTPS
• Hashed passwords
• Token-based authentication with device-linked refresh tokens
• Signed upload tokens and webhook verification for OCR uploads
• Role-based access controls for the admin interface

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Depending on where you live, you may have rights to:

• Request access to personal data we hold about you
• Request correction of inaccurate personal data
• Request deletion of your personal data
• Request restriction of processing
• Object to certain processing
• Request portability of data you provided to us
• Withdraw consent where processing is based on consent

To exercise these rights, contact support@thaiflip.com. If you are in the UK, you also have the right to complain to the Information Commissioner's Office (ICO).

If you want to delete your account or request erasure of your personal data, contact support@thaiflip.com or use any in-app deletion tool we may make available. We may retain limited information where necessary for security, fraud prevention, or legal compliance.

ThaiFlip is not intended for young children. We do not knowingly collect personal data from children in violation of applicable law. If you believe a child has provided personal data to us unlawfully, contact support@thaiflip.com.

ThaiFlip may link to third-party services or rely on third-party identity, storage, and AI providers. Their services are governed by their own terms and privacy notices.

We may update this Privacy Policy from time to time. We will post the updated version with a revised "Last updated" date. If required by law, we will also provide additional notice.