Go to content
0
Eklektika - szkoła językowa dla firm
Book a trial lesson Find out more
 Eklektika > LEXI AI Privacy Policy

LEXI AI Privacy Policy

Privacy Policy – applies to the Lexi – Virtual AI Language Tutor service

Eklektika Sp. z o.o. places great importance on keeping your information private. This document explains the principles and methods of collecting, processing, and using information about users of the Eklektika Lexi application available at www.lexi.eklektika.pl. Please read this document carefully to understand our privacy policy and how your personal data is used.

By starting to use the Lexi application, you accept our Privacy Policy.

1. What is personal data

Personal data refers to information about an identified or identifiable natural person. When using LEXI, this may include: email address, IP address, data entered during conversations with the virtual tutor (AI), voice data, password, device information, user account data.

2. Who is the data controller

The personal data controller is Eklektika Sp. z o.o., ul. Opaczewska 15/31, 02-368 Warsaw, KRS: 0000493181, NIP: 7010408522.

Contact with the Controller:
e-mail: biuro[at]eklektika.pl
form: https://eklektika.pl/kontakt/
phone: +48 22 622 86 69
mailing address: as above.

3. Legal basis for data processing

We process personal data in accordance with the GDPR, based on:

  • Art. 6(1)(b) – performance of a contract for the provision of electronic services (use of LEXI),
  • Art. 6(1)(a) – user consent (e.g. for cookies),
  • Art. 6(1)(f) – legitimate interest of the controller (e.g. security, application performance analysis),
  • Art. 6(1)(c) – fulfillment of legal obligations.

4. Purposes of data processing

We process personal data to:

  • enable use of LEXI application features,
  • provide technical support, login and assistance,
  • store conversations with the virtual tutor for review by the user or a tutor,
  • enable real-time voice processing,
  • analyze and optimize application performance,
  • pursue or defend against potential claims,
  • comply with legal obligations of the controller.

5. Scope of collected data

While using LEXI, we may collect:

  • User conversations – stored to improve the educational experience and for reviewing conversation history,
  • Voice recordings – sent to speech processing service providers (e.g. Microsoft),
  • Text data – processed by AI (OpenAI, Anthropic, Groq),
  • Email and password – stored by Auth0 in the EU,
  • Cookies – for login and analytics,
  • Login and technical data – IP, browser, device, system logs,
  • User settings, such as language preferences, use of LEXI features, avatar selection, or default voice mode – stored to ensure a personalized application experience.
  • Organizational data in case of business accounts, such as:
    • organization name and contact details,
    • admin account data (e.g. login, email address),
    • information on user license assignments and application usage statistics,
    • billing data for organizational accounts (e.g. invoice details, payment history).

Administrator access

The administrator at Eklektika, as well as the administrator on the client side (typically an employer), may access usage statistics and user progress data. These are used to monitor engagement and learning effectiveness.

Administrators do not have access to the content of conversations between users and the AI unless this feature is enabled in organization settings. In such cases, the organization is obliged to inform users of this possibility.

Data export and storage

Organizations may request export of user progress data. When a user is removed from Lexi, their data may be stored for a limited time before permanent deletion.

6. Cookies

LEXI uses cookies for the following purposes:

  • user authentication (session cookies),
  • application performance analytics (Mixpanel, Microsoft Clarity, Sentry),
  • interface personalization.

Cookies may come from Eklektika or from technology partners. They can be managed in browser settings. Disabling cookies may affect the functionality of LEXI.

7. Data recipients

User data may be shared only with trusted entities supporting the operation of LEXI, including:

  • Aidia ApS – provider of the Talkio AI solution,
  • Microsoft Azure, Hetzner – cloud infrastructure (EU),
  • OpenAI, Anthropic, Groq – AI model providers (some based in the USA),
  • Auth0 – authentication (EU),
  • Sentry, Mixpanel, Microsoft Clarity, Cloudflare – security, analytics, CDN.

Contact addresses:

  1. Microsoft Azure North Europe, Takeda Ireland Ltd (Grange Castle) New Nangor Road, Grange Dublin 22, Co. Dublin Ireland.
  2. Microsoft Azure, West Europe, Evert van de Beekstraat 354, 1118 CZ Luchthaven Schiphol, Noord-Holland, Netherlands.
  3. OpenAI Ireland Ltd. 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland.
  4. Anthropic Ireland Limited, 6th Floor South Bank House, Barrow Street, Dublin 4, Ireland.
  5. Groq, Inc. 301 Castro St., Suite 200 Mountain View, CA 94041, USA.
  6. Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, Web hosting.
  7. Auth0, Frankfurt, Germany, Authentication.
  8. Sentry, Frankfurt, Germany, Error logging.
  9. Mixpanel, Eemshaven, Netherlands, Usage tracking.
  10. Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 München, Germany. CDN, DNS, security services.

Data may be transferred outside the EEA (e.g. to the USA), but only in accordance with the GDPR – using standard contractual clauses.

8. Data retention

AI conversation data is stored temporarily – no longer than 30 minutes (in RAM). After this time, they are permanently deleted, unless the data from Lexi is integrated into a course taught by a teacher, in which case it is deleted after the course taught by the teacher has ended.
Account and login data – until the account is deleted or as long as necessary to fulfill legitimate interests pursued by EKLEKTIKA.
Cookies – according to their expiration period.
System logs – for the time necessary to ensure security and perform technical analysis.

9. User consent

By using LEXI, the user:

  • consents to the processing of text and voice data for application functionality,
  • confirms not to share sensitive data (e.g. health, finances, information about children) in conversations with the AI,
  • accepts the transfer of data to technology partners processing data in compliance with the GDPR.

10. User rights

Each data subject has the right to:

  • access their data,
  • rectify it,
  • erase it (“right to be forgotten”),
  • restrict processing,
  • data portability,
  • object to processing,
  • withdraw consent at any time,
  • lodge a complaint with the President of the Personal Data Protection Office (UODO).

To exercise the right to erasure, please send an email to biuro[at]eklektika.pl with the subject “Right to be forgotten.” Data will be deleted within 30 days in accordance with the GDPR.

11. System logs

LEXI records technical information, including:

  • IP address,
  • browser type and operating system,
  • connection time,
  • HTTP requests and errors.

This data is used solely for technical and security purposes – it is not profiled or linked to specific users unless there is a justified need (e.g. suspected abuse).

12. Changes to the Privacy Policy

The Controller reserves the right to update this Policy. Updates will be published on the LEXI website. Continued use of the application after updates constitutes acceptance of the changes.

13. Contact

For matters related to personal data protection:
Eklektika Sp. z o.o.
ul. Opaczewska 15/31, 02-368 Warsaw
e-mail: biuro[at]eklektika.pl
phone: +48 22 622 86 69