Dipplo

Privacy Policy

Last updated: March 27, 2026

At Dipplo, we take your privacy seriously. This policy explains what data we collect, how we use it, and your rights under applicable legislation, including the Brazilian General Data Protection Law (LGPD — Lei 13.709/2018).

1. Data We Collect

We collect the following personal data when you use Dipplo:

  • Account information: email address, name, and password (hashed)
  • Preferences: English proficiency level (CEFR), preferred voice, app language, theme
  • Topics and channels: the subjects and YouTube channels you choose to follow
  • Generated content: summaries, audio files, and podcast conversations created for you
  • Vocabulary progress: words you have learned and flashcard activity
  • Usage data: summary generation counts, plan limits, and feature usage

2. How We Use Your Data

Your data is used exclusively to provide and improve the Dipplo service:

  • To personalize summaries, vocabulary, and audio content to your English level
  • To generate AI-powered learning content based on your chosen topics
  • To track your vocabulary progress and learning activity
  • To maintain your account, preferences, and plan limits
  • To improve the service based on aggregated, anonymized usage patterns

3. AI Data Processing

Dipplo uses third-party AI services to generate your learning content. This is a core part of how the product works:

  • OpenAI (GPT-4o-mini): processes news articles and video transcripts to generate English summaries and vocabulary challenges. Also generates audio versions of summaries and word pronunciations via text-to-speech (TTS-1).
  • Groq (Llama 3.3): processes summary content to generate podcast-style conversation scripts between two hosts.
  • What is sent to these services: article text, video transcripts, your English level, and summary content. Your email, name, or personal identifiers are never sent to AI providers.
  • AI providers may process this data according to their own privacy policies. We use API access (not consumer products), which typically means your data is not used to train their models.

4. Third-Party Services

Dipplo integrates with the following services:

  • Supabase: authentication, database storage, and file storage (audio files). Data is stored in Supabase-hosted PostgreSQL databases.
  • Google News RSS: we fetch publicly available news feeds based on your topics. No personal data is sent to Google.
  • YouTube RSS & Transcripts: we fetch publicly available video metadata and transcripts from channels you follow. No personal data is sent to YouTube.
  • Vercel: application hosting. Requests pass through Vercel's infrastructure.

5. Cookies

Dipplo currently uses only essential cookies required for authentication (Supabase session cookies). These cookies are necessary for the service to function and cannot be disabled. We do not use tracking or advertising cookies. If we introduce analytics cookies in the future, we will request your explicit consent before activating them.

6. Your Rights (LGPD)

Under the Brazilian General Data Protection Law (LGPD), you have the following rights:

  • Access: request a copy of your personal data
  • Correction: request correction of inaccurate data
  • Deletion: request deletion of your data (available via Account Settings > Delete Account)
  • Portability: request your data in a structured format
  • Information: know which third parties have access to your data
  • Revocation: withdraw consent for non-essential data processing at any time

7. Data Retention

Your data is retained for as long as your account is active. When you delete your account, all personal data — including topics, summaries, vocabulary progress, and audio files — is permanently deleted. Anonymized, aggregated data may be retained for service improvement purposes.

8. Data Security

We use industry-standard security measures to protect your data, including encrypted connections (HTTPS), hashed passwords, and secure authentication via Supabase. However, no system is 100% secure, and we cannot guarantee absolute security.

9. Children's Privacy

Dipplo is not intended for children under 16 years of age. We do not knowingly collect data from children under 16.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users of material changes via email. The latest version will always be available at this page.

11. Contact

For privacy-related questions, data requests, or to exercise your LGPD rights, contact us at privacy@dipplo.app.

Back to home