1. Data Controller
Responsible for data processing:
SCAFA INVESTMENTS LLC
9830 Bahama Dr
Cutler Bay, FL 33189-1568
United States
Developer contact: j.scafarti@scafa.de
Email: info@scafa-investments.com
Phone: +49 170 322 0161
2. Core Principle: Privacy by Design
DopaSpeak follows a strict privacy-by-design approach:
- All AI processing (Google Gemma) runs locally on your device, no data leaves your phone.
- There is no cloud connection for language processing or pronunciation analysis.
- Optional sign-in is handled via Web3Auth, DopaSpeak never stores your password.
- There is no tracking, no analytics, no cookies in the app.
- Your learning progress is stored exclusively on your device.
3. Data Processing in the App
3.1 Local Processing
All processing in DopaSpeak happens exclusively on your device:
- Word-by-word decoding: The AI model runs locally. Texts are never sent to external servers.
- Pronunciation training: When you use the pronunciation feature, the app accesses your microphone. Audio data is processed exclusively on your device by the AI model and is never recorded, stored, or transmitted.
- Learning progress: Vocabulary status, review intervals, and statistics are stored only on your device.
- Imported content: Your own texts, song lyrics, and other content remain on your device.
3.2 Internet Connection
DopaSpeak requires an internet connection exclusively for:
- One-time download of the AI model (approx. 5 GB) during initial setup.
- Fetching song lyrics via external lyrics APIs when you submit a song for decoding.
- App updates through the Google Play Store.
No personal data is transmitted during these connections. No IP-based analysis or profiling is performed.
3.3 Payment Data
Subscriptions ($1.99/month or $11.99/year) are processed through the Google Play Store (and in the future through the Apple App Store). DopaSpeak has no access to your payment data. Processing is handled exclusively by Google or Apple under their respective privacy policies.
3.4 User Account (Web3Auth)
DopaSpeak offers optional sign-in through the authentication service Web3Auth (Torus Labs Pte. Ltd.). Here is how it works:
- You can sign in with an existing account (e.g., Google, Apple), DopaSpeak never receives your password.
- Web3Auth transmits only an anonymized identifier (token ID) to DopaSpeak to associate your account.
- DopaSpeak does not store personal profile data (no name, no email address) on its own servers.
- Web3Auth processes technically necessary data (e.g., IP address, OAuth token) as part of the authentication process. For more information, see the Web3Auth Privacy Policy.
Using an account is voluntary. The app can be used without signing in.
3.5 Microphone Permission
DopaSpeak may access your device's microphone to let the AI assistant evaluate your pronunciation. This permission is optional, you will be asked for permission before first use and can revoke it at any time in your device settings.
Audio data is:
- Processed exclusively on your device (on-device AI)
- Never recorded or permanently stored
- Never transmitted to any server, neither to DopaSpeak nor to third parties
4. Data Processing on the Website
4.1 Hosting
When you visit dopaspeak.com, the hosting provider automatically collects standard server log data transmitted by your browser (anonymized IP address, date/time, page visited, browser type, operating system). This data is used solely for technical delivery of the website and is not merged with other data sources.
4.2 Cookies
The website dopaspeak.com uses no cookies and deploys no tracking tools (no Google Analytics, no Meta Pixel, no Hotjar, etc.).
4.3 Google Fonts
The website uses Google Fonts for consistent typography. When loading the page, your browser connects to Google servers. Your IP address may be transmitted to Google LLC (USA). More information: Google Privacy Policy.
5. Third-Party Data Sharing
DopaSpeak does not share any personal data with third parties for advertising or marketing purposes. There are no advertising partners, no analytics services, no social media integrations, and no data brokers.
The only third-party data transfers occur through optional sign-in via Web3Auth (see Section 3.4) and payment processing through the Google Play Store (see Section 3.3).
6. Your Rights
For EU/EEA Residents (GDPR)
You have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. Since DopaSpeak does not collect personal data, there is practically no data to access, delete, or transfer. For inquiries: info@scafa-investments.com
For California Residents (CCPA)
Under the CCPA, you have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. DopaSpeak does not sell personal information and does not collect personal data beyond what is described in this policy.
7. Data Deletion
All locally stored data (learning progress, vocabulary) can be deleted at any time by uninstalling the app or clearing the app data through your device settings.
If you created an account via Web3Auth, you can request deletion of your account and the associated anonymized identifier at any time by emailing info@scafa-investments.com.
8. Children's Privacy
DopaSpeak does not knowingly collect data from children under 13 (or under 16 in the EU). Since the app does not collect personal data at all, this applies by design.
9. Changes to This Policy
We may update this privacy policy to reflect changes in our practices or legal requirements. The current version is always available at this URL.
Last updated: April 2026