Privacy Policy

Privacy Policy

Last updated: April 2, 2026

This Privacy Policy explains how Fluent Up processes personal data in accordance with the General Data Protection Regulation (GDPR / DSGVO) and the German Federal Data Protection Act (BDSG).

1. Controller and Contact

Controller: Camilo Andres Verdugo Gunther

Address: Roonstrasse 23a, 76137 Karlsruhe, Germany

Email: contact@fluent-up.com

Platform: Fluent Up

Primary hosting region: Frankfurt, Germany (EU)

2. Categories of Personal Data

We process the following categories of personal data depending on your interaction with Fluent Up:

A) Pre-launch and early-access data (landing form):

• Email address
• Selected plan/tier (for example Solopreneurs, Growing Educators, Professional Entrepreneurs)
• Consent selections (for example Privacy Policy acceptance and optional newsletter consent)
• Timestamp and technical metadata required to document consent and prevent abuse

B) Account and service data (after onboarding):

• Account identifiers (such as email and internal user ID)
• Learning and pedagogical configuration (for example language preferences and exercise settings)
• Learning activity and progress data (for example completed drills and progress status)

C) Contact and support data:

• Information you provide in contact forms, support requests, feedback, or bug reports
• Message content and communication history needed to resolve your request

D) Technical and usage data:

• Essential session/authentication data required to operate the service
• Device/browser metadata and log data (for security, reliability, and troubleshooting)
• Analytics data where consent is provided

E) AI feature interaction data:

• Prompts, inputs, and interaction context required to generate AI-assisted educational outputs
• Limited learning context needed to personalize generated language-practice content

3. Purposes of Processing and Legal Bases

We process personal data only for specified purposes and legal bases under Article 6 GDPR:

A) Pre-launch list management and founder cohort onboarding
Purpose: Process your early-access request, manage waiting lists, and send operational updates about launch waves and onboarding steps.
Legal basis: Article 6(1)(b) GDPR (pre-contractual steps requested by the data subject).

B) Service delivery and account management
Purpose: Provide the platform, maintain accounts, deliver learning tools, and fulfill core service obligations.
Legal basis: Article 6(1)(b) GDPR (performance of a contract).

C) Optional newsletter and growth tips communications
Purpose: Send the “Teacherpreneur Scale” newsletter or similar marketing content.
Legal basis: Article 6(1)(a) GDPR (consent).
Important: Newsletter consent is optional, separate from platform terms, and can be withdrawn at any time with future effect.

D) Support, customer communication, and issue handling
Purpose: Respond to inquiries, process support tickets, and resolve reported problems.
Legal basis: Article 6(1)(b) GDPR (service-related communication) and/or Article 6(1)(f) GDPR (legitimate interest in reliable support operations).

E) Security, abuse prevention, and service reliability
Purpose: Protect the platform from misuse, maintain system integrity, and investigate incidents.
Legal basis: Article 6(1)(f) GDPR (legitimate interests in secure operations).

F) Analytics and product improvement (where applicable)
Purpose: Understand usage patterns and improve platform quality and usability.
Legal basis: Article 6(1)(a) GDPR for analytics cookies/trackers requiring consent; Article 6(1)(f) GDPR for strictly necessary aggregate operational metrics that do not require consent under applicable law.

G) AI-assisted educational features
Purpose: Generate and deliver AI-supported language-learning exercises and coaching outputs requested by users.
Legal basis: Article 6(1)(b) GDPR (service provision) and Article 6(1)(f) GDPR (service quality and feature improvement, where applicable).

4. Recipients, Processors, and International Transfers

We do not sell personal data. We share data only where necessary for service operation.

Hosting infrastructure:
Amazon Web Services (AWS), with primary hosting in Frankfurt, Germany (EU).

AI processing provider:
Google Gemini AI (Google LLC / affiliated Google entities) for AI-powered educational content generation.

Form and communication tooling:
Google Forms (Google LLC), where used to collect contact or intake submissions.

Analytics provider:
Google Analytics, where enabled with required user consent.

Some providers may process limited data outside the EU/EEA (for example in the United States). In such cases, transfers are based on valid GDPR mechanisms, such as Standard Contractual Clauses (SCCs), and supplementary safeguards where required.

Third-party services process data according to their own privacy terms in addition to our contractual controls:

• Google Privacy Policy
• Google Terms

5. Retention Periods

We retain personal data only as long as necessary for the stated purposes and legal obligations:

• Early-access leads (no account created): retained for up to 12 months after last meaningful interaction, then deleted or anonymized, unless a longer period is legally required.
• Newsletter data: retained until consent is withdrawn (unsubscribe) and then restricted/deleted after operational suppression handling.
• Account and learning data: retained while the account is active and for up to 30 days after account deletion for recovery/support purposes, unless legal retention duties apply.
• Support/contact records: retained as needed to resolve the request and demonstrate compliance, generally up to 24 months unless earlier deletion is requested and legally possible.
• Analytics data: retained according to configured analytics retention windows and consent settings.

After expiry of applicable retention periods, data is deleted or irreversibly anonymized.

6. Your Rights Under GDPR/DSGVO

You have the following rights, subject to legal conditions:

• Right of access (Article 15 GDPR)
• Right to rectification (Article 16 GDPR)
• Right to erasure (Article 17 GDPR)
• Right to restriction of processing (Article 18 GDPR)
• Right to data portability (Article 20 GDPR)
• Right to object (Article 21 GDPR), especially to processing based on legitimate interests
• Right to withdraw consent at any time (Article 7(3) GDPR), without affecting prior lawful processing

To exercise your rights, contact contact@fluent-up.com.

You also have the right to lodge a complaint with a competent data protection supervisory authority in Germany or your place of residence in the EU.

7. Cookies and Similar Technologies

We use:

• Essential cookies/technologies: required for authentication, security, and core platform operation.
• Optional analytics cookies/technologies: used only where you have provided required consent.

You can manage cookie settings in your browser and, where available, via consent controls on our site. Disabling essential cookies may impair service functionality.

Google Analytics opt-out information is available at: Google Analytics Opt-out Browser Add-on.

8. AI-Specific Privacy Information

Fluent Up includes AI-supported language-learning features. To provide these features, relevant prompts and context may be processed by AI providers acting as processors/sub-processors.

We limit AI-related data sharing to what is necessary to deliver requested functionality. We do not use your data for unrelated advertising purposes.

Where student data is processed through Fluent Up as part of educator workflows, processing occurs under this policy and the applicable contractual framework. Educators remain responsible for providing required transparency to their own students when acting as separate controllers.

9. Branding, Domains, and Payment-Related Features

Depending on selected plan features (for example white-label domains, brand migration support, or direct merchant integrations), additional technical/account data may be processed to configure those services.

Where payment services are integrated (for example PayPal Business integrations), payment providers process payment data under their own privacy terms and as independent controllers for payment operations. Fluent Up receives only the data necessary to manage subscriptions, billing status, and service access.

10. Security Measures

We apply appropriate technical and organizational measures, including:

• Encryption in transit (TLS)
• Access controls and least-privilege principles
• Logging and monitoring for security events
• Secure infrastructure and patch management practices

11. Changes to This Policy

We may update this Privacy Policy to reflect legal, technical, or business changes. Material changes will be communicated appropriately (for example via website notice, account notice, or email where required).

The “Last updated” date indicates the latest revision.