Privacy Policy

Last Updated: 9 August 2025

Hemy Hebrew ("Hemy Hebrew", "we", "our", "us") provides an online platform for booking and managing Hebrew lessons. We respect your privacy and are committed to protecting it. This Privacy Policy explains what information we collect, why we collect it, how we use it, and the choices you have.

1. Contact

Questions or requests: office@hemy-hebrew.com

2. Information We Collect

• Account Data: name, email, profile image, role (student / teacher / admin).
• Scheduling Data: lesson bookings (date/time/duration/status), teacher preferences, timezone.
• Payment Metadata: purchased credit / AI packs, balances (we do NOT store full card data).
• Google Calendar Data (only if you connect – see section 4).
• Technical Data: approximate usage logs (timestamps, error diagnostics) and security events (auth, access control decisions).

3. Legal Bases (EEA/UK where applicable)

• Performance of a contract: providing lesson scheduling and credit management.
• Legitimate interests: service improvement, fraud prevention, security monitoring.
• Consent: Google Calendar connection and related event creation.
• Legal obligations: tax / accounting retention (invoices, transaction records).

4. Google Calendar Data Use

If you choose to connect your Google account, we request the minimal scope https://www.googleapis.com/auth/calendar.events in order to create, update, and delete only lesson events that you schedule through Hemy Hebrew. We do NOT read unrelated events from your calendar.

• Data accessed: event IDs and conference (Google Meet) link we create.
• Stored: refresh token (encrypted at rest by infrastructure), our created event IDs and links.
• Not stored: your other calendar event contents, attendee lists of unrelated events.
• Revocation: disconnect in the app (Student Settings) or via Google Account Permissions.

Limited Use Compliance: Use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, profiling, or resale.

5. How We Use Information

• Provide and operate lesson booking, credits/AI features, reminders, calendar sync.
• Create Google Calendar events (with Meet links) for booked lessons.
• Send transactional communications (confirmations, changes, cancellations).
• Maintain platform security and prevent abuse.
• Improve reliability, performance, and user experience.

6. Sharing

We do not sell personal data. We share data only with service providers performing services on our behalf (e.g., Firebase / Google Cloud Platform, payment integration infrastructure) under contractual or platform terms requiring confidentiality and appropriate safeguards. We may disclose data if required by law or to protect safety, rights, or integrity of the service.

7. Data Retention

• Account & scheduling records: retained while the account is active.
• Google OAuth tokens: deleted immediately when you disconnect or delete your account.
• Backups / logs: rotated and purged normally within 90 days unless required for security investigations.
• Financial records (invoices/transactions): retained up to 7 years where required by law.

8. Security

• Transport encryption (HTTPS) for data in transit.
• Firestore security rules & role-based access logic limit data exposure.
• Principle of least privilege for service accounts.
• Audit logging of sensitive operations.

9. Your Rights & Controls

• Access / Correction: contact us to obtain or rectify your data.
• Deletion: see Data Deletion Instructions.
• Revoke Google access: in-app disconnect or Google permissions page.
• Export: request a machine-readable export (JSON/CSV) via email.
• Objection / Restriction (where applicable): contact us for requests.

10. Children

The service is not directed to children under 13. If we learn we collected data from a child under 13, we will delete it promptly.

11. International Transfers

Data may be processed in the European Union and/or United States on Google Cloud infrastructure with appropriate safeguards.

12. Changes

We may update this Policy. Material changes will be indicated by updating the "Last Updated" date. Continued use after changes constitutes acceptance.

13. Contact / Data Protection Queries

Email: office@hemy-hebrew.com