Privacy Policy

Effective date: May 14, 2026 · Last updated: May 14, 2026

Voca-Voca ("we", "our", or "the extension") is a vocabulary-learning browser extension and companion iOS app that lets you look up word definitions while reading online, save words to a personal collection, and practice with spaced repetition. This Privacy Policy explains what data we collect, why we collect it, how we store and protect it, and what rights you have over it.

By installing or using Voca-Voca you agree to this Privacy Policy. If you do not agree, please uninstall the extension and discontinue use.

1. Data We Collect

We collect only what is necessary to provide the core vocabulary-learning features. We do not collect data for advertising, analytics, or profiling.

Category	Data	Purpose
Account information	Google email address, display name, and unique user ID	Authentication and identifying your account for cloud sync
Vocabulary data	Words you save, their definitions, the sentence (context) in which you found them, and the source page URL	Building and displaying your personal word collection
Learning data	Spaced-repetition state (interval, ease factor, due date), review history, mastery level per word	Scheduling practice sessions and tracking progress
Practice statistics	Total sessions, cards reviewed, time spent, daily streak	Showing your progress and maintaining motivation
Folders	Folder names and colors you create to organize words	Organizing your vocabulary collection
Preferences	Extension settings such as dark mode, practice duration, daily goal	Personalizing your experience

Data we do NOT collect

We do not read, collect, or store the content of web pages you visit.
We do not record your browsing history or navigation behavior.
We do not collect health, financial, or payment card information.
We do not use cookies, pixels, or tracking technologies.
We do not collect device identifiers, IP addresses, or geolocation data.

2. How We Use Your Data

Providing core features — looking up definitions, saving words, running practice sessions, and displaying your progress.
Cloud sync — if you sign in with Google, syncing your vocabulary, progress, and settings across your devices.
Improving the product — we may use aggregated, non-identifiable usage patterns (e.g., average collection size) to improve Voca-Voca. Individual user data is never analyzed for this purpose.

We do not use your data for advertising, marketing, profiling, selling, or any purpose unrelated to the extension's vocabulary-learning functionality.

3. How We Store and Protect Your Data

Local storage

Your data is stored locally in your browser using Chrome's chrome.storage.local API. This data never leaves your device unless you sign in and enable cloud sync.

Cloud storage

If you sign in with Google, your data is synced to Google Firebase Firestore. Firestore data is:

Encrypted in transit (TLS) and at rest (AES-256).
Stored under your unique Firebase user ID, isolated from all other users by Firestore Security Rules that enforce per-user read/write access.
Hosted on Google Cloud infrastructure. For details see Firebase Privacy and Security.

Security measures

Firestore Security Rules prevent any user from accessing another user's data.
Authentication tokens are managed by Firebase Auth and are never stored in plain text.
We do not operate our own servers or databases — all cloud infrastructure is managed by Google Firebase.
We conduct periodic reviews of our security rules and access controls.

4. Third-Party Services

Voca-Voca interacts with the following third-party services. Only the minimum data required is transmitted to each.

Service	Data sent	Purpose	Privacy policy
Free Dictionary API api.dictionaryapi.dev	The looked-up word only	Fetching definitions, phonetics, and examples	dictionaryapi.dev
Datamuse API api.datamuse.com	The looked-up word only	Fetching related words and synonyms	datamuse.com/api
Wiktionary en.wiktionary.org	The looked-up word only	Fetching additional definitions and etymology	Wikimedia Privacy Policy
Google Firebase Auth + Firestore	Google account credentials; your vocabulary and learning data	Authentication and cloud sync	Firebase Privacy
Google Translate translate.google.com	The looked-up word only	Audio pronunciation playback	Google Privacy Policy
Payment processors (e.g., Stripe)	Payment details (collected directly by the processor)	Processing subscription payments	Stripe Privacy Policy

No other third-party services receive your data. We do not embed analytics SDKs, advertising networks, or tracking scripts of any kind.

5. Payments

Voca-Voca may offer paid subscription plans. All payment processing is handled by third-party payment processors (such as Stripe). When you subscribe:

Your payment information (credit card number, billing address) is collected and processed directly by the payment processor — not by Voca-Voca.
Voca-Voca never sees, receives, stores, or has access to your full payment card details.
We receive only a confirmation of your subscription status (active, canceled, or expired) and an account identifier from the payment processor.

6. Google API Services User Data Policy

Voca-Voca uses Google Sign-In (via the chrome.identity API) to authenticate your account. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

We only use Google user data (email, display name, user ID) to provide and improve the user-facing features of Voca-Voca — namely, sign-in and cloud sync.
We do not transfer Google user data to third parties except as necessary to provide the extension's features, with your consent, for security purposes, or to comply with applicable law.
We do not use Google user data for advertising or marketing purposes.
We do not allow humans to read your Google user data unless you provide explicit consent, it is necessary for security purposes, or it is required by law.

7. Data Sharing

We do not sell, rent, lease, or trade your personal data to any third party.
We do not share your data with third parties for their marketing or advertising purposes.
We may disclose your data only if required to do so by law, regulation, or valid legal process (e.g., a court order or subpoena).

8. Data Retention

Local data is retained on your device for as long as the extension is installed. Uninstalling the extension removes all local data.
Cloud data is retained for as long as your account is active. You can delete individual words, your entire collection, or all cloud data at any time (see Section 9).
Soft-deleted items (words you delete) are marked as deleted and removed from all devices within 30 days.
If you do not use Voca-Voca for 24 months, we may delete your cloud data after sending a notification to your registered email address.

9. Your Rights and Choices

Regardless of where you live, you have the following rights over your personal data (account information such as your email and display name):

Access — You can view your personal data directly within the extension.
Correction — You can update your personal information at any time.
Deletion — You can request deletion of your personal data and account by contacting us.
Withdraw consent — You can sign out of cloud sync at any time and use the extension in local-only mode.

Vocabulary content and service data. Your vocabulary collection — including definitions, learning progress, and practice statistics — is content generated through and managed by the Voca-Voca service. Access to this content, including any export or portability features, is governed by your service plan and our Terms of Service. Certain features, such as bulk export, cloud sync, and advanced practice modes, may be available only to subscribers.

For users in the European Economic Area (GDPR)

If you are located in the EEA, our legal basis for processing your personal data is:

Consent — You choose to sign in and enable cloud sync. You may withdraw consent at any time by signing out.
Legitimate interest — Providing and improving the core vocabulary-learning features you expect from the extension.
Contract — Performing the service you signed up for (storing and syncing your vocabulary).

Under GDPR Article 20, you have the right to receive the personal data you provided to us (such as your email and display name) in a portable format. Vocabulary content enriched or generated by the service (definitions, spaced-repetition state, practice statistics) is derived data produced through the service's functionality and is not subject to data portability obligations. Access to service-generated content is governed by your service plan and our Terms of Service.

You also have the right to lodge a complaint with your local data protection authority. To exercise any of these rights, contact us at support@voca-voca.app.

For users in California (CCPA)

If you are a California resident, you have the right to:

Know what personal information we collect and how we use it (described in this policy).
Request deletion of your personal information.
Not be discriminated against for exercising your privacy rights.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. To submit a request, contact support@voca-voca.app.

10. Browser Permissions

Voca-Voca requests the following browser permissions. Each is used solely for the purpose described:

Permission	Why it's needed
`activeTab`	To read the word you select (highlight) on the current page so we can look up its definition. We do not access any other page content.
`storage`	To save your vocabulary, learning progress, and preferences locally in the browser.
`sidePanel`	To display the extension's interface (definitions, collection, practice) in Chrome's side panel.
`contextMenus`	To add a "Look up word" option when you right-click on selected text.
`identity`	To enable Google Sign-In for cloud sync across devices.
Content script (`<all_urls>`)	To detect when you select text on any webpage and show a small lookup button. The script only reads the selected text — no other page content is collected, stored, or transmitted.

11. Children's Privacy

Voca-Voca is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@voca-voca.app and we will promptly delete it.

12. International Data Transfers

If you use Voca-Voca outside the United States, your data may be transferred to and processed in the United States or other countries where Google operates its Firebase infrastructure. Google maintains appropriate safeguards for international data transfers as described in their Data Processing and Security Terms.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the "Last updated" date at the top of this page.
Notify you through the extension (e.g., a notification or in-app message).

Your continued use of Voca-Voca after changes are posted constitutes your acceptance of the updated policy.

14. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:

Email: support@voca-voca.app

We aim to respond to all requests within 30 days.