Privacy Policy
Last updated: 23 June 2026
This Privacy Policy explains how your personal data is collected, used, and protected when you use the Natter mobile application and related services (together, the “Service”). We are committed to processing your data lawfully and transparently in accordance with the EU General Data Protection Regulation (GDPR) and applicable Hungarian data protection law.
The Service is operated by Pál Gábor, an individual based in Hungary (the “Operator”, “we”, “us”). You can contact us at any time at palgabor94@gmail.com.
1. Who is responsible for your data
The data controller for the personal data processed through the Service is the Operator identified above. For any privacy-related question or to exercise your rights, contact palgabor94@gmail.com.
2. What data we collect
Account data
When you start using Natter, an account is created for you (by default via anonymous sign-in). This involves a unique account identifier. If you choose to provide them, we may also store an email address and display name.
Learning & profile data
- Your estimated proficiency level (CEFR), learning goals, and interests.
- Session history, including questions asked, your spoken responses (as text transcripts), AI feedback and corrections, and summaries.
- Progress data such as completed sessions, minutes practised, streaks, daily goals, reminder time, time zone, and language preferences.
Voice & conversation data
To power spoken practice, Natter accesses your device microphone only during an active session. Your audio is streamed in real time to our AI processing provider (OpenAI) to transcribe your speech and generate conversational responses and feedback. The resulting transcripts and AI feedback are stored in your account so you can review your progress.
Technical & device data
- A push notification token (only if you enable notifications).
- Basic technical information required for the app to function and for security and abuse prevention.
Subscription & purchase data
If you purchase a subscription, the payment itself is handled by the Apple App Store or Google Play. We (via our subscription provider, Adapty) receive your subscription status and related identifiers — never your full payment card details.
3. Why we use your data and our legal basis
- To provide the Service — running sessions, transcription, feedback, and tracking progress. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
- Microphone access for speaking practice. Legal basis: your consent (Art. 6(1)(a) GDPR), which you grant through the device permission and can withdraw at any time in your device settings.
- To send reminders/notifications you have enabled. Legal basis: your consent.
- To maintain security, prevent abuse, and improve the Service. Legal basis: our legitimate interests (Art. 6(1)(f) GDPR).
- To manage subscriptions and comply with legal/accounting obligations. Legal basis: contract and legal obligation (Art. 6(1)(b) and (c) GDPR).
4. Who we share data with
We do not sell your personal data. We share data only with service providers (processors) who help us run the Service, under appropriate data processing agreements:
- Google Firebase (Authentication, Cloud Firestore, Cloud Functions, Cloud Messaging, Hosting) — app infrastructure and data storage.
- OpenAI — real-time speech transcription and AI conversation/feedback.
- Adapty — subscription management and entitlements.
- Apple / Google — app distribution and payment processing.
5. International data transfers
Some of our providers (including OpenAI and Google) process data on servers located outside the European Economic Area, including in the United States. Where this happens, the transfer is safeguarded by appropriate measures such as the European Commission’s Standard Contractual Clauses and/or adequacy mechanisms.
6. How long we keep your data
We keep your account, learning, and session data for as long as your account exists, so you can track your progress over time. If you delete your account or ask us to erase your data, we will delete it within a reasonable period, except where we are required to retain certain records (e.g. for accounting purposes) by law. Live audio is processed transiently to produce transcripts and is not retained as raw audio by us.
7. Your rights
Under the GDPR you have the right to:
- access the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased;
- restrict or object to certain processing;
- data portability;
- withdraw consent at any time (e.g. revoke microphone or notification permissions);
- lodge a complaint with a supervisory authority.
To exercise any of these rights, email palgabor94@gmail.com. In Hungary, the supervisory authority is the National Authority for Data Protection and Freedom of Information (NAIH, naih.hu).
8. Children
The Service is not directed to children under 16. If you are under 16, please do not use Natter without the consent of a parent or guardian. If we learn that we have collected data from a child without appropriate consent, we will delete it.
9. Security
We use industry-standard measures to protect your data, including authenticated access, encrypted connections, and access rules that restrict your data to your own account. No method of transmission or storage is completely secure, but we work to protect your information.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you in the app.
11. Contact
Questions about this policy or your data? Email us at palgabor94@gmail.com.
Natter