Privacy Policy

Inqui.ai (“we”, “us”, or “our”) operates the inqui.ai platform, including the web application, mobile application, and associated API services (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy.

Account Information

When you register, we collect your email address, display name, and password (stored as a one-way hash). Institutional users may also provide organisation name and billing details.

Usage Data

We collect data about how you interact with the Service, including conversation sessions, session duration, vocabulary items saved, and feature usage. This data is used to improve your experience and the platform.

Conversation Data

Conversation turns (text and, where applicable, transcribed speech) are stored to provide session history, analytics, and personalised learning feedback. Audio recordings are transcribed and then discarded — we do not store raw audio files.

Technical Data

We collect standard server logs including IP address, browser type, and device information for security and diagnostic purposes. This data is retained for a maximum of 90 days.

• To provide and maintain the Service
• To personalise your learning experience (adaptive CEFR level, vocabulary suggestions)
• To send transactional emails (OTP codes, password resets, organisation invites)
• To generate anonymised, aggregated analytics for instructors and institution administrators
• To improve our AI models and platform features using anonymised interaction data
• To detect and prevent fraud, abuse, or security incidents

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

Inqui uses large language model (LLM) APIs (including OpenAI and Perplexity) to power conversation features. Your conversation content may be sent to these third-party providers subject to their data processing agreements. We use API access under data processing agreements that prohibit training on your data unless you explicitly opt in.

Speech-to-text transcription is performed via third-party ASR services. Raw audio is not retained after transcription.

We share data with the following categories of third parties:

• Infrastructure providers — cloud hosting and database services (EU/EEA-based where possible)
• AI API providers — OpenAI, Perplexity (subject to their privacy policies and data processing agreements)
• Email service providers — for transactional emails only
• Your institution — if you are enrolled through an institution, your instructor or administrator may view your session statistics and progress

We retain your account data for as long as your account is active. Conversation session data is retained for up to 2 years and may be anonymised thereafter. You may request deletion of your account and all associated data at any time by contacting us.

If you are located in the European Economic Area, you have the following rights:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your personal data (“right to be forgotten”)
• Portability — receive your data in a machine-readable format
• Objection — object to processing based on legitimate interests
• Restriction — request restriction of processing in certain circumstances

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

We use strictly necessary cookies for authentication (session tokens) and user preference storage (e.g., language preference). We do not use tracking or advertising cookies.

We implement industry-standard security measures including encryption in transit (TLS), encrypted passwords (bcrypt), and access controls. No method of transmission over the Internet is 100% secure; we cannot guarantee absolute security.

The Service is not directed at children under 13. We do not knowingly collect personal data from children under 13. Institutional deployments targeting younger learners must ensure appropriate parental consent under applicable law.

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the “last updated” date. Continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, contact us at:
[email protected]