Privacy Policy
Effective date: 15.10.2025
We at "Parlai" take the protection of your personal data very seriously. We process your data in strict compliance with the applicable legal provisions on data protection, data security, and the responsible handling of personal information.
In this privacy policy, we inform you about which personal data we collect and process, the extent of that processing, and the purposes for which the data processing is carried out.
1. Who we are (Data Controller)
Parlai FlexCo ("Parlai")
Wohllebengasse 7/16, 1040 Vienna, Austria
Commercial Register: FN 640088 g (Commercial Court Vienna)
VAT ID: ATU81353606
Privacy contact: hi@parlai.app
Support: WhatsApp customer support channel (see in-app menu or type "support")
Minimum age: You must be 16 years or older to use Parlai. We do not provide parental consent flows and do not knowingly process data of users under 16.
Wohllebengasse 7/16, 1040 Vienna, Austria
Commercial Register: FN 640088 g (Commercial Court Vienna)
VAT ID: ATU81353606
Privacy contact: hi@parlai.app
Support: WhatsApp customer support channel (see in-app menu or type "support")
Minimum age: You must be 16 years or older to use Parlai. We do not provide parental consent flows and do not knowingly process data of users under 16.
2. Scope and services covered
This Policy applies to the Parlai language-learning service delivered primarily via WhatsApp (text and voice), and to our public website and backend services. Features include instant corrections, vocabulary practice, mini-games, personalization, and optional real-time practice calls, voice message transcription and text-to-speech replies (via ElevenLabs).
3. What data we collect and from where
We collect the minimum data needed to provide, secure, and improve Parlai. Some data is required to use the service; some is optional and only collected with consent.
A) Identity & contact (WhatsApp, onboarding via WhatsApp)
• WhatsApp display name (collected automatically when you contact us)
• Phone number (required to deliver the service over WhatsApp)
• First name and email (required at onboarding; may be pseudonymous)
B) Tutor settings & preferences (WhatsApp)
• Selected language(s), proficiency level, interests, chosen personas/accents, preferred style
C) Conversation & usage data (WhatsApp)
• Messages you send and receive, corrections, mini-game events
• Message metadata (IDs, timestamps)
• WhatsApp voice notes may be processed to provide transcriptions and generate spoken replies. We do not record or store call audio ourselves. Audio content and minimal session metadata are sent to ElevenLabs for speech-to-text (STT) and text-to-speech (TTS). Transcripts and generated audio are used to deliver the service.
D) Website analytics & device data (Website — only after consent)
• IP address and derived country/city, device/OS, browser/UA, referrer/UTM, cookies/local storage IDs
• A/B testing events (consent-gated)
E) Voice calls (optional feature)
• Real-time audio is relayed for transcription/LLM inference; we do not record or store call audio. Minimal call metadata (e.g., call IDs, numbers involved) may be processed to set up the session.
F) Payments (if you subscribe)
• Processed by Stripe: payment method details, billing email/phone as needed for receipts/2FA.
G) Special-category data
• We do not ask for sensitive data. If you voluntarily share sensitive information in chats, it may be stored in our database as part of your conversation history because it is technically inseparable from the message stream.
H) Inference & segmentation
• We may derive high-level engagement segments to understand our audience and plan advertising strategy. We do not conduct automated decision-making producing legal or similarly significant effects.
A) Identity & contact (WhatsApp, onboarding via WhatsApp)
• WhatsApp display name (collected automatically when you contact us)
• Phone number (required to deliver the service over WhatsApp)
• First name and email (required at onboarding; may be pseudonymous)
B) Tutor settings & preferences (WhatsApp)
• Selected language(s), proficiency level, interests, chosen personas/accents, preferred style
C) Conversation & usage data (WhatsApp)
• Messages you send and receive, corrections, mini-game events
• Message metadata (IDs, timestamps)
• WhatsApp voice notes may be processed to provide transcriptions and generate spoken replies. We do not record or store call audio ourselves. Audio content and minimal session metadata are sent to ElevenLabs for speech-to-text (STT) and text-to-speech (TTS). Transcripts and generated audio are used to deliver the service.
D) Website analytics & device data (Website — only after consent)
• IP address and derived country/city, device/OS, browser/UA, referrer/UTM, cookies/local storage IDs
• A/B testing events (consent-gated)
E) Voice calls (optional feature)
• Real-time audio is relayed for transcription/LLM inference; we do not record or store call audio. Minimal call metadata (e.g., call IDs, numbers involved) may be processed to set up the session.
F) Payments (if you subscribe)
• Processed by Stripe: payment method details, billing email/phone as needed for receipts/2FA.
G) Special-category data
• We do not ask for sensitive data. If you voluntarily share sensitive information in chats, it may be stored in our database as part of your conversation history because it is technically inseparable from the message stream.
H) Inference & segmentation
• We may derive high-level engagement segments to understand our audience and plan advertising strategy. We do not conduct automated decision-making producing legal or similarly significant effects.
4. Why we use your data and our legal bases
We map each purpose to its legal basis under GDPR/UK GDPR/Swiss FADP and note typical data used.
Advertising & measurement (website and off-site): When you consent to Marketing cookies, we send marketing events and limited identifiers to Google Ads and Meta (Pixel and, where enabled, Conversions API) to measure campaign performance, prevent fraud, build/measure audiences, and improve advertising strategy. Legal basis: Consent (Art. 6(1)(a)). Data examples: page and campaign parameters (UTM), event type (e.g., signup), pseudonymous IDs, IP/UA, and—only when you provide it and we have consent—hashed contact info for matching (e.g., email/phone). Opt-out: Use the cookie banner (Reject all or manage Marketing), or contact support to withdraw consent. We do not sell personal information or share it for cross-context behavioral advertising without consent. For US visitors, you may opt out of "sharing" via the footer link.
WhatsApp analytics: We rely on contract necessity/legitimate interests for essential service telemetry (e.g., message delivery and stability). Behavioral analytics on WhatsApp can be opted out of at any time: send a WhatsApp message to our support number saying "opt out of analytics" (or similar). We will confirm the opt-out in the same channel.
LLMs & prompts: To provide responses and feedback, we send recent conversation context, a summary of facts, and system prompts to Large Language Model (LLM) providers. We exclude phone numbers, emails, payment references, and Stripe IDs from the LLM context. We do not permit model training on Parlai data. Providers may temporarily retain prompts/outputs per their policies to operate the service; we use configuration and contractual controls to minimize retention.
Speech providers: For voice features we send audio to ElevenLabs for STT and TTS; no extra information other than the user's voice message is sent to the provider.
| Purpose | Legal basis | Data used (examples) |
|---|---|---|
| Provide the core service (chat, corrections, personalization; transport over WhatsApp; practice calls; speech processing via ElevenLabs) | Contract necessity (Art. 6(1)(b)) | Phone number, WhatsApp name, messages, tutor settings, message metadata |
| Essential telemetry to run and protect the service (availability, latency, abuse prevention, debugging) | Legitimate interests (Art. 6(1)(f)) | Message metadata, limited technical logs; minimal WhatsApp analytics necessary for stability |
| Improve features and product decisions (non-essential analytics on website) | Consent (Art. 6(1)(a)) | Event analytics via GA4/Mixpanel (after consent only) |
| Advertising measurement/personalization (website) | Consent (Art. 6(1)(a)) | Marketing tags (Google/Meta) triggered only when Marketing consent is granted |
| Communications about the service (support, transactional messages over WhatsApp/email) | Contract necessity | Phone number, email, message history as needed for support |
| Payments, invoicing, fraud prevention | Contract necessity and legal obligation | Billing identifiers with Stripe |
| Compliance with law, requests from authorities | Legal obligation | Any data needed to comply |
Advertising & measurement (website and off-site): When you consent to Marketing cookies, we send marketing events and limited identifiers to Google Ads and Meta (Pixel and, where enabled, Conversions API) to measure campaign performance, prevent fraud, build/measure audiences, and improve advertising strategy. Legal basis: Consent (Art. 6(1)(a)). Data examples: page and campaign parameters (UTM), event type (e.g., signup), pseudonymous IDs, IP/UA, and—only when you provide it and we have consent—hashed contact info for matching (e.g., email/phone). Opt-out: Use the cookie banner (Reject all or manage Marketing), or contact support to withdraw consent. We do not sell personal information or share it for cross-context behavioral advertising without consent. For US visitors, you may opt out of "sharing" via the footer link.
WhatsApp analytics: We rely on contract necessity/legitimate interests for essential service telemetry (e.g., message delivery and stability). Behavioral analytics on WhatsApp can be opted out of at any time: send a WhatsApp message to our support number saying "opt out of analytics" (or similar). We will confirm the opt-out in the same channel.
LLMs & prompts: To provide responses and feedback, we send recent conversation context, a summary of facts, and system prompts to Large Language Model (LLM) providers. We exclude phone numbers, emails, payment references, and Stripe IDs from the LLM context. We do not permit model training on Parlai data. Providers may temporarily retain prompts/outputs per their policies to operate the service; we use configuration and contractual controls to minimize retention.
Speech providers: For voice features we send audio to ElevenLabs for STT and TTS; no extra information other than the user's voice message is sent to the provider.
5. WhatsApp
We use the WhatsApp instant messaging service as part of our product. The service provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (a subsidiary of Meta Platforms Inc., USA).
Using WhatsApp can involve various types of data, including personal data, being processed. This includes account information such as your telephone number, profile picture, username, or other information that you provide to WhatsApp when creating and managing your WhatsApp account. Naturally, WhatsApp also processes the contents of your messages (text messages, photos, videos, voice messages) that you send via the service. Metadata is also generated, e.g. the date and time a message was sent or received. WhatsApp also records the phone numbers of the parties involved and technical information (such as device type, operating system, or possibly location data).
If you use our service via WhatsApp, different parties are responsible for data processing:
• Parlai is the controller for all personal data that you provide to us in the context of WhatsApp communication (e.g. telephone number, profile name, chat content, voice messages). We process this data exclusively to provide and improve our language learning service.
• WhatsApp Ireland Limited is an independent controller for the data that is collected when using the WhatsApp service itself. This includes in particular metadata (e.g. timestamps of communications, involved phone numbers), technical information about your device (e.g. operating system, app version), as well as data that WhatsApp processes for its own purposes. We have no influence over this processing. The privacy provisions of WhatsApp, which you can find here: WhatsApp Privacy Policy, are authoritative in this regard.
Please note that WhatsApp may also process your data in the USA. WhatsApp is an active participant in the EU–US Data Privacy Framework, which is intended to ensure an adequate level of data protection for the transfer of personal data of EU citizens to the USA. Additionally, WhatsApp relies on so-called Standard Contractual Clauses (SCCs pursuant to Art. 46(2) and (3) GDPR) for international data transfers. You can find more details about the data processed by WhatsApp in WhatsApp's own Privacy Policy at: https://www.whatsapp.com/privacy.
Using WhatsApp can involve various types of data, including personal data, being processed. This includes account information such as your telephone number, profile picture, username, or other information that you provide to WhatsApp when creating and managing your WhatsApp account. Naturally, WhatsApp also processes the contents of your messages (text messages, photos, videos, voice messages) that you send via the service. Metadata is also generated, e.g. the date and time a message was sent or received. WhatsApp also records the phone numbers of the parties involved and technical information (such as device type, operating system, or possibly location data).
If you use our service via WhatsApp, different parties are responsible for data processing:
• Parlai is the controller for all personal data that you provide to us in the context of WhatsApp communication (e.g. telephone number, profile name, chat content, voice messages). We process this data exclusively to provide and improve our language learning service.
• WhatsApp Ireland Limited is an independent controller for the data that is collected when using the WhatsApp service itself. This includes in particular metadata (e.g. timestamps of communications, involved phone numbers), technical information about your device (e.g. operating system, app version), as well as data that WhatsApp processes for its own purposes. We have no influence over this processing. The privacy provisions of WhatsApp, which you can find here: WhatsApp Privacy Policy, are authoritative in this regard.
Please note that WhatsApp may also process your data in the USA. WhatsApp is an active participant in the EU–US Data Privacy Framework, which is intended to ensure an adequate level of data protection for the transfer of personal data of EU citizens to the USA. Additionally, WhatsApp relies on so-called Standard Contractual Clauses (SCCs pursuant to Art. 46(2) and (3) GDPR) for international data transfers. You can find more details about the data processed by WhatsApp in WhatsApp's own Privacy Policy at: https://www.whatsapp.com/privacy.
6. Where we store and process data (providers)
We rely on infrastructure and service providers. The table below summarizes purposes, typical data shared, and processing locations. Providers' processing and retention are also governed by their own terms and data protection addenda.
We do not authorize providers to use Parlai data for model training. Where a provider offers controls for training/retention, we disable training and use the provider's lowest feasible retention.
| Provider | Purpose | Data categories shared | Region(s) noted |
|---|---|---|---|
| Xata | Primary database | Account identifiers; tutor settings; chat content incl. facts; message IDs/timestamps | EU (Frankfurt, eu-central-1) |
| OpenAI APIs | LLM inference | Recent chat context; facts summary; system prompts (excludes phone, email, payment refs) | US processing |
| Anthropic APIs | LLM inference | Same as above | US processing |
| Google Vertex AI | LLM inference | Same as above | EU (Belgium, europe-west1) |
| Meta / WhatsApp Business API | Message transport/delivery | Message content for delivery; message IDs; delivery metadata | Global processing per Meta policies |
| Twilio Media Streams | Real-time audio relay for calls | Ephemeral audio stream; call/session metadata | IE1 (Ireland) routing |
| Vercel | Hosting/CDN/serverless | IP addresses in logs; request metadata | EU (Paris, Dublin, Frankfurt) |
| Vercel Analytics | Privacy-friendly web analytics (consent-gated) | Aggregated pageview/session metrics; request metadata (e.g., IP processed transiently), URL/UTM, device/UA | Processing may include the US |
| Mixpanel (EU project) | Product analytics (website; consent-gated) | Device/UA, IP-derived geo, user/device IDs, usage events (plus all chat usage) | EU data residency |
| Google Analytics 4 | Web analytics (consent-gated) | Event data and device/UA; ad features when consented | Processing may include the US; retention 14 months; reset on new activity enabled |
| Google Ads | Ad measurement & personalization (consent-gated) | Marketing events, pseudonymous IDs, IP/UA; optional hashed email/phone for Customer Match/Enhanced Conversions when provided | Processing may include the US; transfers safeguarded per Section 7 |
| Meta (Pixel / Conversions API) | Ad measurement & personalization (consent-gated) | Marketing events, pseudonymous IDs, IP/UA; optional hashed email/phone for Custom Audiences when provided | Global processing per Meta policies; transfers safeguarded per Section 7 |
| Sentry (EU) | Error monitoring | Technical logs that may incidentally include identifiers | EU servers |
| Stripe | Payments | Billing identifiers, payment method details, receipts/2FA | Global per Stripe policies |
| ElevenLabs | STT (transcribe voice messages) and TTS (generate audio replies) | User voice audio; transcripts; reply text/audio; minimal session metadata | US processing; provider default retention up to 2 years (enterprise zero-retention mode available) |
We do not authorize providers to use Parlai data for model training. Where a provider offers controls for training/retention, we disable training and use the provider's lowest feasible retention.
7. International data transfers
Your data may be processed in countries outside your own, including the United States. We use appropriate safeguards for such transfers, including Standard Contractual Clauses (SCCs) and, where applicable, the UK IDTA/Addendum. For eligible vendors, we rely on their participation in the EU–US Data Privacy Framework (DPF). You can request more information about these safeguards at hi@parlai.app.
Transfers to Google Ads and Meta occur only after Marketing consent and are protected using SCCs and/or vendor participation in recognized transfer frameworks (see each provider's terms).
Transfers to Google Ads and Meta occur only after Marketing consent and are protected using SCCs and/or vendor participation in recognized transfer frameworks (see each provider's terms).
8. Cookies and tracking (website)
We use a minimal consent banner with Accept all, Reject all, and Manage preferences. No scripts load before consent.
• Analytics (consent-gated): GA4, Mixpanel, Vercel Analytics (cookieless; no client cookies)
• Marketing (consent-gated): Google Ads tags, Meta Pixel/Conversions API (hashed identifiers only)
• A/B testing is consent-gated because it relies on analytics events.
• Technically necessary cookies: These cookies are required for our website and service to function properly (e.g. for display, session IDs, or to save your cookie settings). The legal basis is our legitimate interest under Art. 6(1)(f) GDPR in conjunction with § 165(3) TKG. You cannot disable these cookies, as otherwise our website would not be usable.
Signals & frameworks: We honor your consent choices from the banner. Where supported, we also respect platform-level signals (e.g., browser/global privacy controls).
Static cookie table (indicative)
Names and durations are typical defaults and may vary by provider.
You can change your choices any time via the banner (Manage preferences at the footer). If you click Reject all, no analytics or marketing tags fire.
• Analytics (consent-gated): GA4, Mixpanel, Vercel Analytics (cookieless; no client cookies)
• Marketing (consent-gated): Google Ads tags, Meta Pixel/Conversions API (hashed identifiers only)
• A/B testing is consent-gated because it relies on analytics events.
• Technically necessary cookies: These cookies are required for our website and service to function properly (e.g. for display, session IDs, or to save your cookie settings). The legal basis is our legitimate interest under Art. 6(1)(f) GDPR in conjunction with § 165(3) TKG. You cannot disable these cookies, as otherwise our website would not be usable.
Signals & frameworks: We honor your consent choices from the banner. Where supported, we also respect platform-level signals (e.g., browser/global privacy controls).
Static cookie table (indicative)
Names and durations are typical defaults and may vary by provider.
| Category | Provider | Cookie name (examples) | Typical duration | Purpose |
|---|---|---|---|---|
| Analytics | Google Analytics 4 | _ga, _ga_* | up to 2 years | Visitor metrics, session and campaign data (fires only after consent) |
| Analytics | Mixpanel | mp_* | up to 1 year | Product analytics (fires only after consent) |
| Analytics | Vercel | Cookieless | aggregated | Privacy-friendly pageview/session metrics |
| Marketing | Google Ads | _gcl_au | ~3 months | Ad measurement/attribution (marketing consent only) |
| Marketing | Meta | _fbp | ~3 months | Ad measurement/remarketing (marketing consent only) |
You can change your choices any time via the banner (Manage preferences at the footer). If you click Reject all, no analytics or marketing tags fire.
9. Retention
We aim to keep personal data only for as long as needed to provide Parlai and as required by law. Depending on the type of data and purpose, different periods and criteria apply:
Core account & conversation data (Xata): Stored for the life of the account. When you issue a "stop" command or request deletion via support, we begin a 14-day pending deletion window. After the window, we permanently delete from systems under our control (e.g., Xata, Mixpanel).
LLM prompts/context: Used transiently to produce responses; subsequent retention is per provider defaults (we select minimal retention where configurable).
Website analytics (GA4, Mixpanel): User-level and event-level data retained 14 months; Reset on new activity is enabled so the period refreshes when a user returns. Deletions occur on Google's rolling schedule after data ages out.
Payments (Stripe): Retained as required for financial record-keeping and compliance.
Error logs (Sentry) and hosting logs (Vercel): Retention per provider defaults.
Deletion requests by you: If you exercise your right to deletion and ask us to remove your data, we will delete your personal information from our active systems. After your deletion request, we will retain the affected data for a short transitional period of 14 days in our database to give you the opportunity to revoke an accidental deletion request. After this period, the data will be permanently deleted.
Note on provider systems: We cannot retroactively delete data already processed by telecom/LLM providers beyond the options they expose in their platforms.
Core account & conversation data (Xata): Stored for the life of the account. When you issue a "stop" command or request deletion via support, we begin a 14-day pending deletion window. After the window, we permanently delete from systems under our control (e.g., Xata, Mixpanel).
LLM prompts/context: Used transiently to produce responses; subsequent retention is per provider defaults (we select minimal retention where configurable).
Website analytics (GA4, Mixpanel): User-level and event-level data retained 14 months; Reset on new activity is enabled so the period refreshes when a user returns. Deletions occur on Google's rolling schedule after data ages out.
Payments (Stripe): Retained as required for financial record-keeping and compliance.
Error logs (Sentry) and hosting logs (Vercel): Retention per provider defaults.
Deletion requests by you: If you exercise your right to deletion and ask us to remove your data, we will delete your personal information from our active systems. After your deletion request, we will retain the affected data for a short transitional period of 14 days in our database to give you the opportunity to revoke an accidental deletion request. After this period, the data will be permanently deleted.
Note on provider systems: We cannot retroactively delete data already processed by telecom/LLM providers beyond the options they expose in their platforms.
10. Your rights
Subject to law, you can request:
Right of access: You have the right to learn whether we are processing personal data about you. If so, you can request information about this data and additional details of the data processing (Art. 15 GDPR).
Right to rectification: You have the right to request without delay the correction of inaccurate personal data concerning you, or the completion of incomplete personal data we have on file (Art. 16 GDPR).
Right to erasure: You can, under certain conditions, request the deletion of the personal data we have stored about you (the "right to be forgotten", Art. 17 GDPR). This applies, for example, if the purpose of processing no longer applies or if you withdraw a consent you had given.
Right to restriction of processing: You have the right to request that we restrict the processing of your data in certain cases (Art. 18 GDPR), such as a temporary blocking of use. For example, you can request a temporary suspension of the use of your data if you contest the accuracy of the data and we are verifying it.
Right to object: You may object at any time, on grounds relating to your particular situation, to the processing of your personal data, if we are processing your data on the basis of legitimate interests or if you have given your consent and later withdraw it. You can object to processing for direct marketing purposes at any time without giving any reason.
Right to data portability: You have the right to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format (Art. 20 GDPR). Upon request, and where technically feasible, we will transfer this data directly to another provider.
Right to withdraw consent: If we process data based on your consent, you can withdraw any consent at any time with effect for the future (Art. 7(3) GDPR). The withdrawal does not affect the lawfulness of processing up to the point of withdrawal.
To exercise any of your rights, you can contact us at any time by email at hi@parlai.app. Please, if possible, indicate which right you wish to exercise and to which data your request relates. We will promptly review your request and respond in accordance with the legal requirements.
How to exercise: Email hi@parlai.app or contact us via our WhatsApp support channel. We will acknowledge your request within 5 business days and respond within one month of receipt (extendable by up to two months for complex or numerous requests, as permitted by law). We verify your identity using the phone number that contacted us on WhatsApp or the billing email on your Stripe account.
Self-serve commands:
• "stop" — starts the 14-day deletion process.
• To opt out of behavioral analytics on WhatsApp, send a message to our support number requesting an opt-out from analytics; we'll confirm in-channel.
Right of access: You have the right to learn whether we are processing personal data about you. If so, you can request information about this data and additional details of the data processing (Art. 15 GDPR).
Right to rectification: You have the right to request without delay the correction of inaccurate personal data concerning you, or the completion of incomplete personal data we have on file (Art. 16 GDPR).
Right to erasure: You can, under certain conditions, request the deletion of the personal data we have stored about you (the "right to be forgotten", Art. 17 GDPR). This applies, for example, if the purpose of processing no longer applies or if you withdraw a consent you had given.
Right to restriction of processing: You have the right to request that we restrict the processing of your data in certain cases (Art. 18 GDPR), such as a temporary blocking of use. For example, you can request a temporary suspension of the use of your data if you contest the accuracy of the data and we are verifying it.
Right to object: You may object at any time, on grounds relating to your particular situation, to the processing of your personal data, if we are processing your data on the basis of legitimate interests or if you have given your consent and later withdraw it. You can object to processing for direct marketing purposes at any time without giving any reason.
Right to data portability: You have the right to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format (Art. 20 GDPR). Upon request, and where technically feasible, we will transfer this data directly to another provider.
Right to withdraw consent: If we process data based on your consent, you can withdraw any consent at any time with effect for the future (Art. 7(3) GDPR). The withdrawal does not affect the lawfulness of processing up to the point of withdrawal.
To exercise any of your rights, you can contact us at any time by email at hi@parlai.app. Please, if possible, indicate which right you wish to exercise and to which data your request relates. We will promptly review your request and respond in accordance with the legal requirements.
How to exercise: Email hi@parlai.app or contact us via our WhatsApp support channel. We will acknowledge your request within 5 business days and respond within one month of receipt (extendable by up to two months for complex or numerous requests, as permitted by law). We verify your identity using the phone number that contacted us on WhatsApp or the billing email on your Stripe account.
Self-serve commands:
• "stop" — starts the 14-day deletion process.
• To opt out of behavioral analytics on WhatsApp, send a message to our support number requesting an opt-out from analytics; we'll confirm in-channel.
11. Disclosures
We share data with the providers listed in Section 6 for the purposes described. We may also share information with professional advisers (legal, accounting) and public authorities when required by law.
We disclose marketing event data to Google Ads and Meta as independent controllers for advertising measurement and personalization only when you have given Marketing consent. Each provider uses the data according to its own privacy policy. You can withdraw consent at any time via the banner or by contacting support. We do not sell your personal information or share it for cross-context behavioral advertising.
We disclose marketing event data to Google Ads and Meta as independent controllers for advertising measurement and personalization only when you have given Marketing consent. Each provider uses the data according to its own privacy policy. You can withdraw consent at any time via the banner or by contacting support. We do not sell your personal information or share it for cross-context behavioral advertising.
12. International users & complaints
Despite all precautions, a data protection incident (data breach) cannot be completely ruled out. If we become aware of a data breach that is likely to pose a risk to your rights and freedoms, we will inform the competent data protection supervisory authority without delay, and at the latest within 72 hours of discovering the incident. If you are also affected by the incident, we will notify you as well, provided the legal requirements for such notification are met. In doing so, we adhere to the requirements of Art. 33 and 34 GDPR and will take appropriate measures to minimize any possible negative effects.
If you believe that we are processing your data unlawfully or violating your data protection rights, you can lodge a complaint with a data protection supervisory authority at any time. You have the right to contact the supervisory authority in the EU member state of your residence, your workplace, or the place of the alleged infringement.
Parlai is established in Austria. If you have concerns, you can contact the Austrian Data Protection Authority (Österreichische Datenschutzbehörde):
Österreichische Datenschutzbehörde
Barichgasse 40–42, 1030 Vienna, Austria
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
We invite you to contact us first so we can try to resolve your concern.
If you believe that we are processing your data unlawfully or violating your data protection rights, you can lodge a complaint with a data protection supervisory authority at any time. You have the right to contact the supervisory authority in the EU member state of your residence, your workplace, or the place of the alleged infringement.
Parlai is established in Austria. If you have concerns, you can contact the Austrian Data Protection Authority (Österreichische Datenschutzbehörde):
Österreichische Datenschutzbehörde
Barichgasse 40–42, 1030 Vienna, Austria
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
We invite you to contact us first so we can try to resolve your concern.
13. Changes to this Policy
We may update this Policy to reflect changes to our practices. We will post the updated version with a new effective date. Your continued use of Parlai after the update constitutes acceptance.
Parlai FlexCo
Wohllebengasse 7/16, 1040 Vienna, Austria
Email: hi@parlai.app
Support: WhatsApp customer support channel (in-app menu / type "support")