Privacy Policy

Effective date: February 22, 2026

This Privacy Policy explains how MH Works Limited ("PhraseJar", "we", "us", "our") collects, uses, and shares personal data when you use PhraseJar's website, applications, and related services.

Contact: [email protected]

1. Scope

This policy applies to personal data processed through PhraseJar, including:

• phrasejar.com and related subdomains
• PhraseJar web application and APIs
• customer support and account operations

2. Data We Collect

Depending on how you use the service, we may collect:

2.1 Account and identity data

• authentication identifiers from Firebase Authentication (for example, Firebase UID)
• email address (when provided by your sign-in method)
• basic account metadata (created date, last login date)

2.2 Profile and learning settings

• UI language, native language, target language selections, and practice weighting settings

2.3 User content

• phrases you add
• folder names and organization data
• translation overrides you submit
• practice activity (for example, correct/wrong/pass results, session activity, and confidence signals)

2.4 Generated content

• machine-generated translations and linguistic notes
• generated text-to-speech audio and timing metadata

2.5 Billing and usage data

• trial/subscription status, start/end dates, and usage counters
• metering and API usage logs used for billing and service controls
• payment-related subscription events from payment/billing providers (we do not store full payment card numbers)

2.6 Technical and diagnostics data

• request metadata and operational logs needed to run and secure the service
• client error reports you send through the app (which may include URL, message, stack trace, and metadata)

2.7 Local browser data

• limited local storage data used for app preferences (for example, language selection)

3. How We Use Data

We use personal data to:

• provide, operate, and maintain PhraseJar
• authenticate users and secure accounts
• process phrases, translations, and generated audio
• run practice features and learning progression logic
• provide billing, trial, and subscription functionality
• detect abuse, enforce limits, and protect service integrity
• diagnose errors and improve reliability
• communicate service updates and support responses
• comply with legal obligations

4. Legal Bases (UK/EU Users)

Where UK GDPR/EU GDPR applies, we process personal data under one or more of:

• contract performance (to provide the service you request)
• legitimate interests (service security, fraud prevention, product reliability)
• legal obligations (compliance and recordkeeping)
• consent (where required by law)

5. How We Share Data

We do not sell personal data. We may share data with service providers that process data on our behalf, including:

• Google Firebase (authentication)
• Mistral (translation/LLM processing)
• ElevenLabs (text-to-speech processing)
• Cloudflare (hosting/CDN/storage infrastructure including R2 delivery)
• Hetzner (infrastructure hosting)
• RevenueCat and Stripe (billing and payments)

We may also disclose data:

• if required by law, court order, or regulatory process
• to enforce our terms, prevent fraud, or protect rights and safety
• in connection with a merger, acquisition, or asset transfer

6. International Transfers

Your data may be processed in countries outside your home jurisdiction. Where required, we use appropriate safeguards for international transfers.

7. Data Retention

We retain data for as long as needed to provide the service and meet legal, accounting, and security obligations.

Current operational behavior includes:

• most account and content data is retained until account deletion or business need ends
• client error logs are currently retained for about 90 days
• some billing/usage and compliance records may be retained longer where legally required

8. Account Deletion

You can request deletion of your account and associated data from within the app or by contacting us.

When deletion is requested, the account is marked deleted first and remaining data is removed in asynchronous cleanup steps.

9. Your Privacy Rights

Depending on your location, you may have rights to:

• access personal data
• correct inaccurate data
• delete personal data
• restrict or object to certain processing
• data portability
• withdraw consent (where consent is used)
• lodge a complaint with a regulator

To exercise rights, email: [email protected]

California Notice

If you are a California resident, you may have rights under California privacy laws, including rights to know, delete, and correct certain personal information, and to non-discrimination for exercising applicable rights.

10. Children's Privacy

PhraseJar is not intended for children under 13. If you believe a child under 13 has provided personal data, contact us and we will take appropriate action.

11. Security

We use reasonable technical and organizational measures to protect personal data. No method of transmission or storage is completely secure.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version with a revised effective date.

13. Contact

MH Works Limited
Email: [email protected]

This document's initial structure was informed by the open-source tos generator (ISC license) and then substantially customized for PhraseJar's actual architecture and data flows.