Legal

Privacy Policy

Last updated · 2026-05-23

Summary

Verso stores your email and the progress data you generate by using the app (stories read, scenes watched, words saved, chat conversations). We don't sell your data, we don't show ads, and we don't share your data with advertisers.

Data controller

The data controller responsible for your personal data is:

Danial Moafi
Siena, Italy
Contact: info@get-verso.org

If you have a P.IVA (VAT registration) it should appear here. Until then, the controller is the natural person named above operating as a ditta individuale.

What we collect

Account data: email address (used for sign-in), display name (optional).

Learning state: which stories you've finished, which podcasts you've listened to, which Describe scenes you've viewed, the words you've saved, your SRS card schedule, your CEFR level, daily/weekly minute counters.

Chat conversations: when you use the chat practice feature, the Italian messages you send and the assistant's replies are stored in your account so you can resume conversations and review past sessions. See "Third-party services" below for how messages are processed.

App usage: when you sign in, app version, iOS version. We do not collect device location, advertising identifiers, contacts, or any data unrelated to the learning experience.

Legal basis for processing

Under Article 6(1) GDPR, we process your data on these bases:

Contract performance (Art. 6(1)(b)) — for your account, learning state, and any subscription you purchase. Without this data we cannot provide the service you signed up for.
Legitimate interest (Art. 6(1)(f)) — for security logging, abuse prevention, and aggregate, anonymized service-improvement metrics. You can object to this processing at any time via the contact email below.
Legal obligation (Art. 6(1)(c)) — for any data we are required to retain (e.g., tax records once subscriptions are live).

Where it's stored

Your account data and learning state are hosted on Supabase (PostgreSQL database + object storage) in the European Union (Frankfurt region). Access is restricted by row-level security policies — only you and our automated systems can read your row. Chat messages are also stored in this EU database, but each message you send is transmitted to OpenAI in the United States for processing — see "Third-party services" below for the safeguards that apply to that transfer.

Third-party services

Supabase — database, auth, storage. Privacy policy at supabase.com/privacy.
OpenAI — generates the assistant replies in chat practice. Your chat messages are sent to OpenAI's API (api.openai.com) and the reply is returned to your device and saved to your account. Per OpenAI's API data policy, prompts and completions submitted via the API are not used to train OpenAI's models and are retained for at most 30 days for abuse monitoring. OpenAI processes this data in the United States under the EU Standard Contractual Clauses.
ElevenLabs — generates the native-Italian audio for podcasts and Describe scenes. Audio is rendered server-side ahead of time from our scripts (not from anything you type or do), so no personal data of yours reaches ElevenLabs.
RevenueCat — manages your subscription state. Receives an anonymous app-user ID and your purchase events, no learning content.
Apple / Google Sign-in — only used to verify your identity. The provider sees that you used Verso to sign in but receives no learning data.
Pexels — Describe scene video footage. Pexels does not see who is watching.

We do not currently use third-party analytics, advertising, or attribution services.

How long we keep it

Active accounts: we keep your data for as long as your account exists.
After account deletion: your account row and all linked learning data are removed within 30 days. Backups are retained up to 30 additional days for disaster recovery, then purged.
Anonymized aggregate metrics (no identifiers): may be retained indefinitely for service improvement.
Legal/tax records (when subscriptions are active): retained for the period required by Italian law (typically 10 years for accounting records).

Your rights

Under GDPR Articles 15–22, you have the right to:

Access and export your data: contact us and we'll send your full payload as JSON within 30 days.
Delete your account: tap Profile → Sign out → Delete account in the app. Removal is immediate (subject to the backup window above).
Correct your data: change your display name in Profile, or contact us for other fields.
Object to processing based on legitimate interest, or restrict processing in certain cases.
Portability: receive your data in a structured, machine-readable format (JSON).
Lodge a complaint with the Italian data protection authority: Garante per la protezione dei dati personali — garanteprivacy.it. You can also complain to your local EU supervisory authority.

Children

Verso is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe we have collected such data, contact us and we'll delete it.

Changes to this policy

We'll update this date and the in-app text when we change the policy. Material changes will also be communicated via email.

Contact

Questions or requests: info@get-verso.org.