Taric

Last updated · 2026-05-29

Privacy Policy

Who we are

Taric (the “Service”) is operated by Taric Ltd, a company registered in England and Wales (company number 17208682) and the controller of the personal data described here. Contact us at hello@taric.co.uk.

What we collect

With an account, we store:

  • your email and password (the password only as a secure hash, never in plain text), or, with Google sign-in, your Google account identifier and email;
  • your saved vocabulary and spaced-repetition review state;
  • word-click events used to build your “seen” list;
  • reading sessions (book, duration, characters read) for streaks and statistics;
  • an optional skill level and onboarding state;
  • any text you save to your content library, and metadata of EPUBs you upload (the original file is not retained);
  • if you subscribe to a paid plan, your subscription status and renewal dates — never your card details.

Used without an account, none of this is stored on our servers; your settings, local library, bookmarks, and progress remain in your browser.

How we use it

We use this data to operate the Service and synchronise it across your devices, to keep it secure and prevent abuse, and to send transactional email such as password resets. With your consent, we also use optional analytics. We do not sell your data, show advertising, or use it for profiling.

Analytics

We use PostHog (hosted in the EU) for product analytics, loaded only if you opt in. It receives anonymous page views and a small set of feature events so we can see which parts of the product get used. We never send your account ID, email, IP, or any of your words, text, or book titles. You can turn it off at any time in Settings → Analytics.

Third parties

We use a small number of providers to run the Service, each processing only what is needed for its function:

  • Google Cloud Text-to-Speech — synthesises audio for words you tap (text and pinyin are sent; audio is cached).
  • Google — authenticates you if you choose Google sign-in.
  • Resend — sends transactional email only.
  • Sentry — crash and error reporting; your IP and email are stripped before events are sent.
  • PostHog (EU) — opt-in, anonymous analytics, as above.
  • Cloudflare — hosts and serves the website, processing connection metadata (IP, browser, requested URLs) to deliver pages.
  • Stripe — card payments are handled directly by Stripe; we receive only your subscription status, never your card number.

jsDelivr (character stroke data) and Wikimedia Commons (pinyin audio) are fetched directly by your browser, so they receive your IP as part of serving the file. No account data is sent to them.

International transfers

Some providers operate outside the UK (for example Google, Resend, and Cloudflare in the United States; Stripe). Where data is transferred outside the UK, we rely on appropriate safeguards such as standard contractual clauses. Analytics, and where configured error monitoring, are hosted in the EU.

Cookies

We do not use cookies by default; sign-in uses a token in your browser's local storage, which is strictly necessary for the Service. If you opt in to analytics, PostHog stores a first-party cookie holding an anonymous device id; if you decline, none is set, and turning analytics off clears it.

Retention

We keep account data for as long as your account exists. Deletion is immediate and irreversible, and backups roll off within 30 days. Expired security tokens are purged automatically, and analytics events are kept for up to 12 months.

Your choices

If you are in the UK or EU, you can:

  • export your data — Settings → “Export my data” (your vocabulary is also exportable as CSV);
  • correct your email or password from Settings, or email us for anything else;
  • delete your account and everything tied to it — Settings → Delete account;
  • turn analytics off — Settings → Analytics;
  • ask us to restrict certain processing by emailing us.

We respond to requests within one month. We may extend these options to users elsewhere but make no guarantee.

Children

The Service is not directed at children under 13, and we do not knowingly collect their data.

Changes

We may update this policy. The date above reflects the current version, and material changes will be noted on the site.

Contact

Taric Ltd · hello@taric.co.uk