Privacy Policy

Hello TOEIC ("we", "our", "us") operates the website www.hellotoeic.com, an AI-powered TOEIC test preparation platform for Vietnamese learners. This Privacy Policy explains how we collect, use, store, and share your personal information — including any Google user data we receive when you sign in with Google — when you use our service.

1. Information We Collect

Account Information

• Email address (required for account creation)
• Full name (optional, for profile personalization)
• Authentication data via Google Sign-In or email/password

Google Sign-In Data

When you choose "Sign in with Google", Google's Identity Services share the following data with us, scoped to the standard openid, email, and profile scopes:

• Your Google account email address
• Your full name and (optionally) profile picture URL
• Your Google account ID (the OpenID Connect sub claim)

We use this Google user data only to:

• Authenticate you and create or sign you into your Hello TOEIC account
• Display your name and avatar inside the app
• Send you transactional emails you have requested (e.g., study reminders, receipts)

We do notsell or transfer Google user data to third parties, use it for advertising, use it to train AI/ML models, or allow humans to read it except (a) with your explicit consent, (b) for security purposes (e.g., investigating abuse), or (c) to comply with applicable law. See section 11 ("Limited Use") below for our compliance statement under Google's API Services User Data Policy.

Usage Data

• Exercise answers, scores, and completion status
• Study streaks, XP points, and daily progress
• Mock test results and performance analytics
• AI coach conversation history

Payment Information

• Payment details are processed directly by Stripe. We do not store credit card numbers, CVVs, or full card details on our servers.
• We store your Stripe customer ID and subscription status.

Technical Data

• Browser type, device type, operating system
• IP address (anonymized for analytics)
• Pages visited and time spent

2. How We Use Your Information

• Provide and improve the TOEIC learning experience
• Track your study progress, streaks, and goals
• Generate AI-powered explanations tailored to your answers
• Process subscription payments and manage your account
• Send optional study reminders and weekly progress summaries (you can opt out)
• Analyze aggregate usage patterns to improve the platform

3. Data Sharing

We do not sell your personal data. We share data only with:

• Google — Google Identity Services for Sign-In; Google Generative Language API (Gemini) when an exercise question is sent for AI explanation (see section 9)
• Supabase — database hosting and authentication
• Stripe — payment processing
• OpenAI — AI explanations via gpt-4o-mini, used as an alternative provider to Gemini (see section 9)
• Vercel — website hosting
• AWS Simple Email Service (us-east-1) — transactional emails (reminders, receipts, payment confirmations)

4. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days. Anonymized, aggregated analytics data may be retained indefinitely.

5. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and associated data
• Export your study data
• Opt out of marketing emails

To exercise these rights, contact us at privacy@hellotoeic.com.

6. Cookies

We use essential cookies for authentication and session management. We use analytics cookies (anonymized) to understand usage patterns. No third-party advertising cookies are used.

7. Children's Privacy

Hello TOEIC is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us.

8. Security

We use industry-standard security measures including HTTPS encryption, secure authentication via Supabase Auth, Row Level Security (RLS) on all database tables, and encrypted payment processing via Stripe.

9. AI Coach (Gemini / OpenAI Processing)

We use Google's Gemini API (currently gemini-2.5-flash) and, as an alternative provider, OpenAI's gpt-4o-minito generate detailed Vietnamese explanations on demand when you tap the "Hỏi AI sâu hơn" button under an exercise. Which provider is used depends on a server-side admin setting; both are treated identically for privacy purposes.

• What is sent to the AI provider: the exercise question text, the answer options, the correct answer, and your selected answer. No personally identifiable information (no email, name, user ID, Google account ID, or device data) is included in prompts.
• Model training: we use the paid Gemini and OpenAI APIs whose terms state that content sent via the API is not used to train the underlying AI models.
• Caching:generated explanations are stored in our database keyed by question and answer choice so we don't re-call the AI provider for the same scenario. This reduces cost and latency.
• Quotas: free users get 5 AI explanations per day (resets at midnight, Asia/Ho Chi Minh time). Pro subscribers have unlimited access.
• Opt-out:AI Coach is opt-in per request — simply don't tap the button. Static Vietnamese explanations remain available for every exercise without involving any AI provider.

10. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Google API Services User Data Policy (Limited Use)

Hello TOEIC's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we affirm that Google user data received via Google Sign-In or any Google API is:

• Used only to provide and improve user-facing features of Hello TOEIC that are prominent in the application's user interface
• Not transferred to third parties except as necessary to provide or improve those user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with prior user notice
• Not used or transferred for serving advertisements, including retargeted, personalized, or interest-based advertising
• Not used to train, fine-tune, or otherwise improve generalized or non-personalized AI/ML models
• Not read by humans unless we have obtained your affirmative consent for specific messages, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or for internal operations where the data has been de-identified or aggregated

12. Contact

For privacy-related questions or requests, contact:

• Email: privacy@hellotoeic.com
• Phone: 080-2566-2538