Privacy Policy

1. Introduction

LëtzPass is a product operating under UnchartedEdge LLC, a Luxembourg-based company. This Privacy Policy explains what personal data we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR). This policy applies to all users of the LëtzPass web application and is effective as of March 30, 2026.

2. What We Collect

• Email address (provided at registration or via Google Sign-In)
• Display name (via Google Sign-In, if available)
• Authentication provider used (Google, email/password, or guest)
• Practice session recordings (audio)
• Practice scores and session history
• Stripe transaction references (we never store card numbers)
• Cookie consent preference

3. How We Use Your Data

When you record an answer, the audio is sent to the LuxASR speech recognition service operated by the University of Luxembourg for transcription, then to OpenAI for scoring and feedback. The audio recording is deleted immediately after scoring is complete — it is never stored on our servers. Your scores and progress history are retained so you can track your improvement over time. We do not sell or share your personal data with third parties for marketing purposes.

4. Legal Basis for Processing

Under Article 6 of the GDPR, we process your data on the following legal bases:

• Contract performance (Art. 6(1)(b)) — account creation, audio processing and scoring, payment processing, and delivering the practice service you signed up for.
• Consent (Art. 6(1)(a)) — analytics cookies, if enabled in a future update. You can withdraw this consent at any time via Settings > Cookie preferences.
• Legitimate interest (Art. 6(1)(f)) — essential session cookies required for authentication and security, and service improvement based on aggregated, non-identifying usage patterns.

5. Audio Recordings

Audio recordings are processed in real-time during your practice session. Once the AI has transcribed and scored your response, the audio file is deleted immediately. We never store, replay, or share your audio recordings. No audio data is retained on our servers or with any third-party service after processing.

6. Third-Party Services

We use the following third-party services to operate LëtzPass. Each processes data according to their own privacy policy:

• Firebase — authentication and data storage (Firestore data hosted in the EU region europe-west1)
• OpenAI — AI scoring and feedback
• LuxASR (University of Luxembourg) — Luxembourgish speech recognition
• Stripe — payment processing

7. Payment Processing

All payment processing is handled by Stripe. We never receive, store, or have access to your credit card numbers or bank details. We only store a Stripe transaction reference to associate your payment with your account. For details on how Stripe handles your payment data, see Stripe's Privacy Policy.

8. Cookies

• Essential cookies: An authentication session cookie is required for the service to function. This cookie cannot be disabled.
• Analytics cookies: If analytics are enabled in a future update, they will only load after you accept the cookie consent banner. You can change your preference at any time by clearing your browser storage.
• No advertising cookies: We do not use any advertising or third-party tracking cookies.

9. Data Retention

• Audio recordings: processed and deleted immediately after scoring.
• Account data: retained while your account is active.
• Practice history: retained for 12 months.

10. Your Rights (GDPR)

Under the GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request deletion of your data
• Export your data in a portable format (data portability)
• Withdraw consent at any time (where processing is based on consent)
• Object to processing of your data
• Restrict processing in certain circumstances
• Lodge a complaint with the CNPD (Commission Nationale pour la Protection des Données), Luxembourg's data protection authority

To exercise any of these rights, contact contact@letzpass.com. We will respond to your request within 30 days, as required by GDPR Article 12. You can also export or delete your data directly from Settings > Your Data.

11. International Transfers

Some of our third-party service providers (OpenAI and Stripe) process data in the United States. These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring your data receives an adequate level of protection outside the European Economic Area. Firebase data is stored in the EU (europe-west1). LuxASR is operated by the University of Luxembourg within the EU.

12. Contact

UnchartedEdge
contact@letzpass.com