Privacy Policy

1. Who We Are

This Privacy Policy describes how Func Main Ltd ("we", "us", or "our") handles personal data for the BlaBlaAHA! app and related services.

Company record: Company number 10480912.

Contact: [email protected].

2. Minimum Age

BlaBlaAHA! is not intended for children under 13. If you believe a child under 13 has provided personal data, contact us at [email protected].

3. Data We Collect

• Account and identity data, such as anonymous account IDs, Apple Sign-In identifiers, email (if provided), and authentication tokens.
• Profile and social data, such as username, display name, account privacy setting, profile picture, locale/timezone, and follow relationships.
• Learning content data, such as lesson text, generated audio data, transcripts, and related metadata.
• Usage and analytics data, such as listening events, session identifiers, timestamps, and completion metrics.
• Diagnostics and performance data from the iOS app, such as crash reports, error details, stack traces, device and OS information, app version, and performance trace data.
• Notification data, such as device push tokens, device/app metadata, and notification preferences.
• Subscription and transaction metadata, such as product identifiers, transaction IDs, subscription status, and billing webhook payload data.

4. How We Use Data and Legal Bases

Under UK GDPR, we process your personal data on the following legal bases:

• Contract: To operate, maintain, and secure the service; to authenticate users and manage accounts; to create and deliver learning content and personalization features; to process and reconcile subscriptions and purchases.
• Legitimate interest: To provide social features based on your privacy settings; to analyze usage, diagnose crashes, monitor app performance, and improve product quality; to send service notifications and account-related messages.
• Legal obligation: To comply with legal obligations and enforce our terms.

5. Social Visibility

Your profile and lesson visibility depends on your account and content settings. Public or follower-visible content may be visible to other users according to those settings.

6. Communications

We send service communications such as account, security, transactional, and product operation notifications. We do not currently send promotional or marketing messages.

7. Cookies and Tracking

We currently use essential session/authentication and security-related technologies for the web service. In the iOS app, we also use SDK-based analytics and diagnostics tools, including Amplitude for product analytics and Sentry for crash, error, and performance monitoring. These tools may collect device identifiers, app interaction events, session data, and diagnostic information to help us operate and improve the app.

8. Sharing and Processors

We share data with service providers that process data on our behalf to run the app, including cloud storage, AI/service APIs, subscription infrastructure, push delivery, and operational monitoring providers. This includes Sentry, which we use for crash/error and performance monitoring, and Amplitude, which we use for product analytics in the iOS app.

9. International Processing

Data may be processed and stored in the United States and other countries where we or our service providers operate. Where data is transferred outside the UK or EEA, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions to ensure your data remains protected.

10. Retention

We retain personal data for as long as necessary to provide the service and for legitimate business and legal purposes. When data is no longer needed, we delete or anonymize it where feasible.

11. Your Rights

Subject to applicable law, you may have rights to request access, correction, deletion, portability, and objection or restriction of certain processing. To exercise any of these rights, contact us at [email protected]. We will respond to your request within one month.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

12. Account Deletion Requests

You can request deletion of your account and associated personal data by contacting [email protected]. We will process your request within one month. We may retain limited data where required for legal, security, or fraud-prevention reasons.

13. Security

We use reasonable technical and organizational safeguards to protect personal data. However, no method of transmission or storage is completely secure.

14. Changes to This Policy

We may update this policy from time to time. Material changes will be reflected by updating the effective date and publishing the revised policy at this page.