Déjà Lu

Privacy Policy

Last updated: December 2025

Introduction

At Déjà Lu, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our language learning platform. We believe in transparency and have designed our data collection practices to be minimal and purposeful.

By using Déjà Lu, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address (required for account creation and communication)
  • Username (chosen by you for account identification)
  • Password (stored as a secure hash, never in plain text)
  • If you sign in with Google: Google account identifier and profile picture URL

Learning Data

To provide personalized learning experiences, we collect and store:

  • Your progress on vocabulary words (which words you've learned, reviewed, or mastered)
  • Review session data (words reviewed, your responses, time taken)
  • Books you've started learning and your access status (trial or paid)
  • Vocabulary reports you submit (if you flag words as inaccurate or problematic)
  • Account creation date and last login timestamp

Analytics and Usage Data

We use PostHog, a privacy-focused analytics platform, to understand how users interact with our service. PostHog collects the following information:

  • Page views and navigation patterns
  • Button clicks and user interactions (e.g., "Start Learning" button clicks)
  • Device information (browser type, operating system, device type)
  • Browser language and timezone
  • Screen dimensions and viewport size
  • IP address (may be anonymized for privacy compliance)
  • Session identifiers and device identifiers
  • Error logs and JavaScript exceptions (to help us fix bugs)
  • Email domain (e.g., "gmail.com") - not your full email address
  • Internal user ID (linked to your Déjà Lu account for analytics purposes)

Important: We do not track users across different websites or domains. PostHog analytics are limited to your activity within the Déjà Lu platform only.

Local Storage

We use your browser's local storage to:

  • Store your authentication token (to keep you logged in)
  • Remember your last selected book (for convenience)

How We Use Your Information

Service Delivery: We use your account and learning data to provide personalized vocabulary learning experiences, track your progress, and deliver spaced repetition reviews tailored to your needs.

Service Improvement: Analytics data helps us understand how users interact with Déjà Lu, identify bugs and errors, and improve the user experience. We use this information to make informed decisions about feature development and product improvements.

Communication: We may use your email address to send you important service updates, security notifications, or respond to your inquiries. We do not send marketing emails without your explicit consent.

Security and Fraud Prevention: We use collected information to protect the security of your account, detect and prevent fraud, and ensure the integrity of our service.

Data Sharing and Third Parties

PostHog Analytics: We share analytics data with PostHog, a third-party analytics provider. PostHog processes this data on our behalf to help us understand product usage. PostHog is bound by their own privacy policy and data processing agreements. You can learn more about PostHog's privacy practices at posthog.com/privacy.

Google OAuth: If you choose to sign in with Google, your authentication is handled by Google according to Google's privacy policy. We only receive the information you authorize Google to share (typically your email address and profile picture).

No Sale of Data: We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Legal Requirements: We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes:

  • Password hashing using industry-standard bcrypt encryption
  • Secure authentication tokens (JWT) for session management
  • HTTPS encryption for all data transmission
  • Regular security assessments and updates
  • Limited access to personal data on a need-to-know basis

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

Access: You can request access to the personal information we hold about you by contacting us or accessing your account dashboard.

Correction: You can update your account information (email, username) directly through your account settings.

Deletion: You have the right to request deletion of your account and associated data. To request account deletion, please contact us. We will delete your account and personal data, except where we are required to retain certain information for legal or legitimate business purposes.

Data Portability: You can request a copy of your learning data in a machine-readable format.

Opt-Out of Analytics: You can opt out of PostHog analytics by disabling JavaScript or using browser extensions that block analytics. Note that this may affect some features of the service.

Withdraw Consent: If you have provided consent for specific data processing activities, you can withdraw that consent at any time by contacting us.

To exercise any of these rights, please contact us using the information provided in the Contact section below. We will respond to your request within a reasonable timeframe and in accordance with applicable data protection laws.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. If you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for:

  • Compliance with legal obligations
  • Resolution of disputes
  • Enforcement of our agreements
  • Legitimate business interests (e.g., aggregated analytics that cannot identify you)

Analytics data collected by PostHog may be retained according to PostHog's data retention policies. We do not control PostHog's data retention practices, but you can request deletion of your analytics data through us.

Children's Privacy

Déjà Lu is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can delete such information.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using Déjà Lu, you consent to the transfer of your information to these countries. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy.

PostHog, our analytics provider, processes data in the United States and other jurisdictions. PostHog maintains appropriate safeguards for international data transfers as described in their privacy policy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

During the beta period, we may update this Privacy Policy more frequently as we refine our data practices. Your continued use of Déjà Lu after changes become effective constitutes your acceptance of the revised Privacy Policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through the contact information provided on our website or through your account dashboard.

For requests related to your privacy rights (access, deletion, portability, etc.), please include your account email address and a clear description of your request so we can process it efficiently.

← Back to Déjà Lu