LingoMesh
LingoMesh (“the Service”) takes the privacy of its users seriously. This policy explains what information the Service collects, how it is used and shared, how long it is kept, and the rights you have. The Service is offered by an individual developer based in the Republic of Korea and operates under Korean law where applicable.
1. Who provides the Service
The Service is operated by LingoMesh (individual developer). All privacy-related inquiries should be directed to:
- Data protection contact: LingoMesh operator
- Email: contact@lingomesh.app
2. Information we collect
a. Account information
Through Firebase Authentication, we collect:
- Email address, display name, and profile photo URL — values supplied by your identity provider when you sign in with Google or Apple, or values you enter for email/password sign-up.
- Firebase UID and authentication tokens.
- A bcrypt hash of your password if you create an email/password account. We never store the password itself.
- Email verification status, account creation date, and last sign-in time.
b. Usage metadata
To monitor service quality and bill usage we store per-call metadata:
- LLM call records: provider (Gemini / Cloudflare Workers AI), model name, source and target languages, input and output token counts, latency, HTTP status.
- Session information: session kind (local, group, chat, TTS), room ID, utterance ID, speaker display name.
- Device information: platform (iOS, Android, Web), app version.
- Country code estimated from IP geolocation.
c. Billing and subscription
- Subscription tier, transaction identifiers, trial dates, billing period.
- Remaining entitlement (interpretation seconds) and point ledger.
- Subscription events forwarded by the App Store, Google Play, or RevenueCat (raw JSON payloads).
- Note: card numbers and real names used at checkout are handled by Apple or Google. The Service does not receive or store payment instruments.
d. Information accessed via device permissions (transient)
- Microphone input (only while you are interpreting): your speech is transcribed on the device and only the resulting text is sent to our server. Raw audio is never stored on our server.
- Camera input (only when scanning a group room QR code): the image is decoded on-device and discarded immediately.
3. What we do not collect
- Raw audio. Speech-to-text streaming runs from your device to Deepgram over WebSocket without passing through our servers, and the audio is not retained.
- Conversation history and translated text. Per-user history lives only in the local database on your device and is not synced to our servers (MVP).
- Location (GPS), contacts, photo or media library, calendar, and health/fitness data are not collected.
4. How we use information
- To provide real-time interpretation and synchronize group rooms.
- To identify and authenticate users and prevent abuse.
- To process subscription billing and refunds.
- To monitor quality, generate aggregated statistics, and diagnose failures.
- To comply with legal obligations and resolve disputes.
5. Sharing and processors
We engage the following processors solely to operate the Service. They are contractually limited to the purposes below and may not use your data for their own marketing.
| Processor | Purpose | Location |
|---|---|---|
| Google LLC (Firebase Authentication) | User authentication and session management | United States |
| Deepgram, Inc. | Real-time speech-to-text | United States |
| Google LLC (Gemini API) | Translation inference (LLM) | United States |
| Cloudflare, Inc. (Workers AI) | Translation inference (LLM, fallback) | Global edge |
| RevenueCat, Inc. | Subscription state and billing events | United States |
| Cartesia AI, Inc. | Text-to-speech (optional feature) | United States |
| Apple Inc. / Google LLC | In-app purchase processing | United States |
6. International transfers
Most of the processors above operate from the United States or global edge infrastructure, so using the Service necessarily transfers personal data outside the Republic of Korea. We apply TLS encryption in transit and least-privilege access controls to safeguard data during these transfers.
7. Retention and deletion
When you delete your account, we apply the following policy.
| Category | Retention | Basis |
|---|---|---|
| Account, profile, authentication identifiers, on-device history | Deleted immediately | User right |
| Records of contracts, subscription, or withdrawal | 5 years | Korean Act on Consumer Protection in Electronic Commerce, Art. 6 |
| Records of payment and supply | 5 years | Korean Act on Consumer Protection in Electronic Commerce, Art. 6 |
| Records of consumer complaints or dispute resolution | 3 years | Korean Act on Consumer Protection in Electronic Commerce, Art. 6 |
| Records of advertising and labeling | 6 months | Korean Act on Consumer Protection in Electronic Commerce, Art. 6 |
| Anonymized aggregate statistics | Indefinite | No longer identifiable |
Electronic records are erased in a non-recoverable manner; any printed records are shredded or incinerated.
8. Your rights
You may exercise the following rights over your personal data, and we will act on requests without undue delay:
- Access to your data
- Correction or deletion of inaccurate data
- Restriction of processing
- Withdrawal of consent and account deletion — see the account deletion request page.
Send requests to contact@lingomesh.app.
9. Security
- TLS 1.2 or higher for data in transit.
- Passwords stored only as bcrypt one-way hashes.
- Authentication token rotation and bulk revocation on password change.
- Least-privilege operational access and access logging.
- Pre-engagement security review of third-party processors.
10. Children
The Service is not intended for children under 14. If we learn that we have collected personal information from a child under 14 without verifiable parental consent, we will delete it promptly.
11. Trackers and ad identifiers
The Service does not embed analytics or advertising SDKs and does not collect advertising identifiers (IDFA/AAID). Only minimal technical identifiers (app version, platform) are recorded on a per-call basis for reliability monitoring.
12. Changes to this policy
We will announce changes on this page and in the app at least 7 days before they take effect. For changes that materially affect your rights, we will give 30 days’ notice and, where required, request renewed consent.
13. Contact
Please send privacy questions or complaints to:
- Email: contact@lingomesh.app
- Response time: within 7 business days
You may also contact the Korea Internet & Security Agency Privacy Infringement Report Center at privacy.kisa.or.kr (118 within Korea).