Privacy Policy
Last updated: July 17, 2026
Questo documento è disponibile solo in inglese, indipendentemente dalla lingua selezionata.
1. Data controller
The data controller for Manabit.ai is Giobbi Francesco, registered at Località Cesari 44, 57016 Rosignano Marittimo (LI), Italy. For any privacy-related question or request, contact info@manabit.ai.
2. Data we collect
We collect the following categories of personal data:
- Account data: your email address (used for sign-in via magic link), optional display name, and account timestamps.
- Study data: your onboarding answers (motivation, learning goals), level assessment, session and word-progress history, quiz and help-request events, and streak/progress statistics — everything needed to run the spaced-repetition and personalization features of the Service.
- Technical data: IP address, device/browser information, and timestamps, collected automatically through normal web server and hosting logs.
- Billing data: if you subscribe, our payment provider Paddle collects and processes your payment details directly. We do not receive or store your card details — we only receive limited transaction information from Paddle (e.g. subscription status, plan, renewal date) needed to grant you access to paid features.
3. Cookies
We currently use only strictly necessary / functional cookies: a session cookie to keep you signed in, and a cookie to remember your interface preferences (language, theme). We do not use analytics, advertising, or profiling cookies today. If this changes in the future (for example, if we add anonymised traffic analytics), we will update this policy and the cookie banner shown on the site accordingly.
4. Purposes and legal basis
- Performance of a contract (Art. 6(1)(b) GDPR): to create your account, run the study features you request, and manage your subscription.
- Legal obligation (Art. 6(1)(c) GDPR): to keep billing and tax records as required by applicable law.
- Legitimate interest (Art. 6(1)(f) GDPR): to keep the Service secure and to detect and prevent abuse (for example, multi-account trial abuse, see our Terms & Conditions).
5. Who we share data with
We use a small number of third-party service providers (processors) to run the Service, each acting under our instructions:
- Vercel Inc. — application hosting;
- Neon Inc. — database hosting;
- Resend — transactional email delivery (magic-link sign-in emails);
- Anthropic PBC — AI model (Claude) used to generate reading texts. Prompts sent to the model include the vocabulary words and parameters for your session, not your account identity;
- Paddle.com Market Limited — payment processing and billing, acting as Merchant of Record for subscription purchases.
Some of these providers are located outside the European Economic Area (for example, in the United States). Where this is the case, transfers are covered by appropriate safeguards such as Standard Contractual Clauses, as required by GDPR. We do not sell your personal data.
6. Data retention
We keep your account and study data for as long as your account is active, and for a reasonable period afterwards in case you wish to reactivate it or as needed to resolve disputes. If you ask us to delete your account, we will delete or anonymise your personal data, except where we are legally required to keep billing records for tax purposes (typically several years, as required by applicable law).
7. Your rights
If you are located in the EU/EEA (or another jurisdiction with similar protections), you have the right to access, correct, delete, or export your personal data, to object to or restrict certain processing, and to lodge a complaint with your local data protection authority (in Italy, the Garante per la protezione dei dati personali). To exercise any of these rights, contact us at info@manabit.ai. We do not currently offer self-service account deletion in the app; we will action your request manually within a reasonable time.
8. International data transfers
As described in Section 5, some of our processors operate outside the EU/EEA. We rely on Standard Contractual Clauses or equivalent safeguards recognised under GDPR for any such transfer.
9. Children's privacy
The Service is not directed at children under 16, and we do not knowingly collect personal data from them (see also our Terms & Conditions, Section 3).
10. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be reflected by an updated “Last updated” date on this page.