misspoke.

Mispoke — Privacy Policy

Effective date: June 13, 2026

1. Who we are

The Mispoke mobile application ("Mispoke", the "App") is operated by Show Your Score Prosta Spółka Akcyjna with its registered office in Warsaw at Aleja Jana Pawła II 27, 00-867 Warsaw, Poland, entered into the National Court Register kept by the District Court for the City of Warsaw in Warsaw under KRS number 0001010337, VAT number PL 5273034354, share capital: PLN 25,000 ("we", "us", the "Controller").

Contact for privacy matters: contact@mispoke.app

2. What Mispoke does with your data — in plain words

You record yourself speaking in the language you are learning. We transcribe the recording, analyze it with AI to find language mistakes, and turn those mistakes into flashcards. If you give us your explicit consent, we also create a private synthetic copy of your voice (a "voice clone") so that your flashcards are read back to you in your own voice.

3. Data we process

Category	Examples	Source
Account data	Anonymous user identifier (Firebase UID)	Created automatically on first launch
Voice recordings	Audio of your practice sessions	You, when you record
Transcripts & analysis results	Text of what you said, detected mistakes, corrections, explanations, estimated language level, flashcards	Generated from your recordings
Voice clone	A synthetic voice model derived from your recording	Created only with your explicit consent
Onboarding answers	Learning goal, self-assessed level, daily time goal, main difficulty, how you heard about us	You, during onboarding
Settings	Native and target language, reminder preferences	You
Purchase data	Subscription status, transaction identifiers (no card numbers — payments are processed by Apple)	Apple App Store / RevenueCat
Usage data	In-app events (e.g. recording completed, flashcard reviewed), device type, system version, app version	Generated automatically
Advertising attribution data	Signals used to measure ad campaign effectiveness (SKAdNetwork, Meta SDK events); the device advertising identifier (IDFA) only if you allow tracking via the App Tracking Transparency prompt	Generated automatically

Your recordings are stored on your device. They are transmitted to our processing partners (see section 6) transiently, for transcription, analysis and — with your consent — voice cloning, and are not retained by us on our own servers. Transcripts, analysis results and flashcards are backed up to our cloud database linked to your anonymous account — encrypted end-to-end: the content of these fields is encrypted on your device with a key stored exclusively in your iCloud Keychain. Neither we nor our database provider can read it.

4. Voice clone — biometric data

A synthetic copy of your voice may constitute biometric data within the meaning of Art. 9 GDPR. Therefore:

• the clone is created only after you tick the explicit consent checkbox in the App;
• it is used solely to read your own flashcards back to you;
• you can delete it at any time in Settings → My voice (this also withdraws your consent); deletion removes the voice model from our voice-technology provider (ElevenLabs);
• declining or withdrawing consent does not block the App — flashcards are then read by a standard system voice.

5. Purposes and legal bases (GDPR)

Purpose	Legal basis
Providing the App: transcription, mistake analysis, flashcards, reviews, cloud backup	Art. 6(1)(b) GDPR — performance of a contract
Creating and using your voice clone	Art. 9(2)(a) and Art. 6(1)(a) GDPR — explicit consent
Managing subscriptions and trials	Art. 6(1)(b) GDPR
Analytics and product improvement	Art. 6(1)(f) GDPR — our legitimate interest
Measuring advertising effectiveness (aggregate, privacy-preserving — SKAdNetwork, app events without the advertising identifier)	Art. 6(1)(f) GDPR — our legitimate interest
Cross-app/website advertising measurement using the advertising identifier (IDFA)	Art. 6(1)(a) GDPR — your consent, given through the App Tracking Transparency prompt; you can withdraw it anytime in iOS Settings
Local practice reminders (notifications)	Your permission granted in iOS; you can disable them anytime
Preventing abuse and securing the service	Art. 6(1)(f) GDPR
Compliance with legal obligations (e.g. tax, accounting)	Art. 6(1)(c) GDPR

6. Who we share data with (processors and recipients)

We use the following service providers, acting on our instructions:

• ElevenLabs Inc. (USA) — speech-to-text transcription, text-to-speech generation and, with your consent, voice cloning;
• Anthropic PBC (USA) — AI analysis of your transcripts (mistake detection, explanations, level estimation);
• Google Ireland Ltd. / Google LLC — Firebase — anonymous authentication and cloud database (transcripts, results, flashcards, learning progress);
• Mixpanel Inc. — product analytics; our Mixpanel project is configured with EU data residency;
• RevenueCat Inc. (USA) — subscription management;
• Apple Inc. — payment processing and app distribution (Apple acts as an independent controller for payments);
• Meta Platforms Ireland Ltd. — measurement of advertising campaigns (app events). We ask for your permission through the App Tracking Transparency prompt: if you allow tracking, the device advertising identifier (IDFA) is used to better match your activity to our ad campaigns; if you decline (or don't answer), no advertising identifier is collected and measurement relies on Apple's SKAdNetwork and aggregate, non-identifying signals. You can change this anytime in iOS Settings → Privacy & Security → Tracking.

We do not sell your personal data.

7. International transfers

Some providers process data in the United States. Transfers are based on the EU–US Data Privacy Framework (where the provider is certified) and/or Standard Contractual Clauses approved by the European Commission, with supplementary measures where required.

8. Retention

• Recordings: stored on your device until you delete the session or the App; transmitted to processors only transiently;
• Voice clone: until you delete it or withdraw consent;
• Transcripts, results, flashcards, progress: as long as your account exists;
• Analytics data: per our analytics configuration, no longer than necessary for the purposes above;
• Purchase records: as required by tax and accounting law.

Deleting the App from your device deletes local data. To request deletion of cloud data linked to your anonymous account, contact us at the address above (include your request from within the device used with the App, as the account is anonymous).

9. Your rights

Under the GDPR you have the right to: access your data, rectify it, erase it, restrict processing, data portability, object to processing based on legitimate interest, and withdraw consent at any time (without affecting the lawfulness of processing before withdrawal). You also have the right to lodge a complaint with a supervisory authority — in Poland: Prezes Urzędu Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warsaw, www.uodo.gov.pl.

To exercise your rights, contact us at contact@mispoke.app.

10. Children

The App is not directed at children under 16. We do not knowingly process personal data of children under 16. If you believe a child has provided us personal data, please contact us.

11. Security

We apply technical and organizational measures appropriate to the risk, including: end-to-end encryption of content stored in the cloud (transcripts, analysis results and flashcard texts are encrypted on your device with an AES-256 key held only in your iCloud Keychain — we have no access to it), encryption in transit, access controls scoped to your anonymous account, and minimization (recordings are not retained on our servers; the advertising identifier is collected only if you grant App Tracking Transparency permission, and never otherwise). Note: if iCloud Keychain is disabled on all your devices and you lose the device, the encrypted cloud content cannot be recovered.

12. Changes

We may update this Policy. Material changes will be announced in the App. The current version is always available at the address where you are reading this document.

---

← Back to home