PhonemeLab

Privacy Policy (GDPR & COPPA Compliant)

Privacy Policy

Effective Date: January 1, 2026 β€’ Last Updated: December 15, 2025

1) Who We Are

PhonemeLab (operated by Chamberlin Innovations SASU)
Registered in France β€’ SIREN: 993 523 836
Registered Address: 870 Rue des Thermes, 65130 Capvern, France
Email: support@phonemelab.com

We operate phonemelab.com and related services, including the PhonemeLab pronunciation practice app, teacher/student dashboards, and waitlist/email updates. We are the data controller under the GDPR.

2) What Personal Data We Collect

You Provide

  • Name and email
  • School or workspace inputs (class size, goals, languages, etc.)
  • Responses to practice questions or forms
  • Communication preferences

Collected Automatically

  • Browser user-agent and device type
  • IP address (temp in access logs for security)
  • Referrer (if available)

AI-Generated Data

When using PhonemeLab, we generate AI feedback, scores, and pronunciation guidance tied to your practice record.

No Advertising Cookies

We do not use advertising or behavioral tracking cookies. Only functional cookies (if any) required for the site to operate.

2.1) Student & Children's Data (COPPA & FERPA)

πŸ›‘οΈ Children's Privacy (COPPA)

PhonemeLab is an education tool intended for use by schools and teachers. We do not knowingly collect personal information directly from children under 13 without school/parental consent.

School Authorization

When a school or teacher utilizes PhonemeLab, they acknowledge that they have the authority to consent to the collection of student data on behalf of parents, as permitted by COPPA (in the US) and GDPR (in the EU).

Data Minimization

We only collect the minimal data necessary for the educational function: Student ID (pseudonymized recommended), audio recordings for pronunciation analysis, and performance scores. We do not build student profiles for commercial purposes.

2.2) Voice Data & AI Processing

🎀 How We Process Audio

When a student submits a recording, the audio file is securely transmitted to our AI processors (Speechace and OpenAI) solely for the purpose of generating feedback (scores, phoneme analysis, transcripts).

βœ… No Training on Student Data

We have strict agreements with our AI providers ensuring that your student voice data is NOT used to train their public AI models. Your audio remains your property.

Audio Retention

Audio is stored to allow teachers to review student work (for up to 36 months). Teachers may delete recordings at any time via the dashboard.

3) How We Use Your Data

  • Generate and deliver practice feedback, reports, and dashboards
  • Contact you about your submission (optional)
  • Improve our tools, user experience, and content
  • Manage business operations and security
  • Comply with legal obligations

We do not sell your data or use it for advertising.

4) Legal Basis

Consent

When you submit the planner form or join the email list.

Legitimate Interest

Delivering your requested output, securing/maintaining services, and improving accuracy/experience without overriding your rights.

Legal Obligation

Accounting, audit, or compliance with French/EU law.

5) Storage & Transfers

  • Supabase (EU region) β€” database and hosting
  • MailerLite (EU/EEA) β€” optional email communications
  • No transfers outside the EU unless protected by GDPR safeguards (e.g., SCCs).

5.1) Authorized Sub-Processors (GDPR Art. 28)

To provide our service, we share strictly necessary data with the following compliant providers:

ProviderLocationPurposeTraining
SupabaseEUDatabase, Auth, StorageN/A
SpeechaceUS/EUPronunciation analysis engine❌ No model training
OpenAIUSTranscription & feedback (Enterprise API)❌ No model training
Lemon SqueezyUS/GlobalMerchant of Record, payments, taxN/A
MailerLiteEUTransactional emails for teachersN/A
CloudflareGlobalSecurity, CDN, DDoS protectionN/A

6) Retention

  • Practice submissions and recordings: up to 36 months (delivery, improvement, support, fraud prevention)
  • Email communications: until you unsubscribe
  • Server logs: 30–60 days for security, then deleted

You can request deletion at any time.

7) Your GDPR Rights

  • Access, correct, or delete your data
  • Object to or restrict processing
  • Withdraw consent
  • Data portability
  • File a complaint with CNIL (France)

To exercise your rights, email privacy@phonemelab.com.

8) Sharing Your Data

We only share data with service providers needed to operate the site (see Section 5.1 for full list). All providers are GDPR-compliant. We do not sell your data or share it with advertisers.

9) Security

  • HTTPS encryption (TLS 1.3)
  • Encryption at rest for all stored data
  • Access controls and least-privilege
  • Server-side processing and encrypted storage
  • 72-hour breach notification (GDPR compliant)

No system is 100% secure, but we apply industry-standard protections.

10) Contact

Email: support@phonemelab.com
Privacy inquiries: privacy@phonemelab.com
Supervisory Authority: CNIL (France) β€” https://www.cnil.fr/