Privacy Policy

Last updated: July 10, 2026

The controller responsible for the processing described in this Privacy Policy is Tim Freuler, operating speakinghumans.com as a sole proprietorship under Swiss law, registered at Langgruetstr. 88A, 8047 Zurich, Switzerland ("speakinghumans.com", "we", "our", or "the Platform"). This Privacy Policy explains how we collect, use, share, retain, and protect personal data when you use speakinghumans.com.

1. Information We Collect

1.1 Account and Authentication Information

  • Name, email address, role, account status, and timestamps.
  • Password authentication data for student accounts. Passwords are stored as hashes, not as plain text.
  • Google account identifiers, email address, profile image, and authentication-related data where teachers sign in or connect services through Google.
  • Session, verification, password reset, and security-related tokens needed to operate account access.

1.2 Profile and Onboarding Information

  • Student profile information such as display name, country of origin, native language, languages spoken, learning language, proficiency level, learning goals, timezone, and age confirmation.
  • Teacher profile information such as display name, country of residence, languages, subjects taught, teaching experience, headline, introduction, teaching methodology, profile photo URL, video URL, thumbnail URL, lesson pricing, timezone, booking settings, and age or eligibility confirmations.
  • Teacher service approval and moderation status, including manual review decisions, reviewer identifiers, timestamps, and review notes.

1.3 Booking, Lesson, and Review Information

  • Booking records, lesson dates and times, student and teacher timezones, lesson price, currency, booking status, and booking notes.
  • Google Calendar event identifiers and Google Meet links where lesson events are created through connected teacher calendar features.
  • Reviews, ratings, saved-teacher records, lesson reminders, cancellation records, refund requests, and lesson issue or dispute records.

1.4 Payment, PayPal, and Transaction Information

  • PayPal multiparty payment data, including payment tokens, order IDs, capture IDs, refund IDs, payment status, payment method type, amounts, currency, platform fees, estimated PayPal fees, and PayPal support trace identifiers.
  • Teacher PayPal seller onboarding and account-status data, including tracking IDs, encrypted merchant identifiers, PayPal email, permissions, account capability checks, eligibility checks, onboarding URLs, and connection status.
  • Refund, reversal, chargeback, and PayPal dispute records, including provider dispute IDs, status, reason, disputed amount, lifecycle stage, timestamps, and outcome information.

1.5 Tax, Legal, and Compliance Information

  • Teacher tax, identity, residence, and verification information where required for legal, regulatory, tax, or platform-compliance purposes.
  • This may include country of residence, date of birth, seller type, legal name, tax identification number, address, VAT number, DAC7 status, verification timestamps, and verification notes.

1.6 Google Calendar and Scheduling Data

  • Calendar connection data, encrypted Google refresh tokens, calendar identifiers, sync status, and related scheduling information where teachers enable Google Calendar features.
  • Free/busy availability information used to prevent students from booking lesson times that conflict with a connected teacher calendar.
  • Lesson-event information used to create, update, and delete lesson-related Google Calendar events, invite participants, add reminders, and generate Google Meet links where supported.

1.7 Reports, Moderation, and Support Communications

  • Reports submitted by students or teachers, including report category, free-text details, reporter, reported user, related teacher profile, status, admin action, reviewer, and admin notes.
  • Support inquiries, account requests, complaint records, dispute communications, and other messages sent to or through the Platform.
  • Email delivery data needed to send transactional notices, including email address, email content, subject, and delivery metadata from our email service provider.

1.8 Technical, Security, and Browser Storage Data

  • IP address, browser type, device information, request metadata, logs, security events, and error information needed for security, troubleshooting, abuse prevention, and reliable operation.
  • Temporary booking-intent data stored in browser local storage, plus session storage used for short-lived interface state such as timezone detection.
  • Analytics-cookie consent choices stored in browser local storage, and Google Analytics usage data where analytics consent is granted.

2. Sources of Personal Data

  • We collect data directly from you when you create an account, complete onboarding, edit a profile, book a lesson, connect PayPal or Google Calendar, submit a report, request support, or otherwise use the Platform.
  • We receive data from Google when teachers use Google Sign-In or authorize Google Calendar features.
  • Where analytics consent is granted, we receive site-usage measurement information through Google Analytics.
  • We receive payment, seller onboarding, transaction, refund, and dispute data from PayPal.
  • We may receive information about you from other users when they book lessons with you, review a lesson, report a concern, or participate in a dispute or support process.

3. How We Use Personal Data

  • To create, authenticate, secure, and manage accounts.
  • To operate teacher and student onboarding, profiles, booking availability, lesson scheduling, reviews, reminders, and account settings.
  • To authenticate teachers with Google Sign-In and display basic account information such as name, email address, and profile image where available.
  • To check a connected teacher's Google Calendar availability and manage lesson-related calendar events and Google Meet links where the teacher has enabled those features.
  • To create, capture, verify, refund, reverse, reconcile, and record PayPal payments and related platform fees.
  • To support PayPal seller onboarding, payment eligibility checks, refund handling, dispute handling, and payment compliance checks.
  • To collect, verify, retain, and report teacher information where required for tax transparency, accounting, audit, or regulatory obligations, including Directive (EU) 2021/514 ("DAC7") where applicable.
  • To review reports, investigate abuse, fraud, safety, privacy, payment, and policy concerns, and apply account or booking restrictions where appropriate.
  • To send transactional emails about accounts, verification, password reset, bookings, reminders, payments, refunds, cancellations, disputes, PayPal connection status, and service approval.
  • To respond to support requests, exercise-of-rights requests, complaints, legal claims, regulator requests, and security incidents.
  • To maintain, troubleshoot, secure, and improve the Platform.
  • Where analytics consent is granted, to measure site usage and understand how visitors interact with the Platform.

4. Legal Bases for Processing

Where the GDPR applies, we process personal data on one or more of the following legal bases:

  • Performance of a contract - to create and manage accounts, provide teacher and student functionality, facilitate bookings, process payments, manage scheduling, and deliver Platform features requested by users.
  • Legal obligations - to comply with tax, accounting, audit, payment, fraud-prevention, regulatory, data-protection, and law-enforcement requirements.
  • Legitimate interests - to keep the Platform secure, prevent fraud and abuse, investigate reports and disputes, enforce terms and policies, support users, maintain reliable booking and payment operations, and protect legal rights.
  • Consent - where required by law, including for optional marketing communications, Google Analytics, non-essential cookies or similar technologies, and user-authorized Google Calendar access.

Where we rely on legitimate interests, we assess those interests against the rights and freedoms of affected users.

5. Sharing Personal Data

We do not sell personal data. We may share personal data as follows:

  • With teachers and students - profile, booking, lesson, review, calendar-invitation, and contact information where necessary to arrange, deliver, manage, or resolve lessons.
  • With PayPal - payment, seller onboarding, transaction, refund, reversal, dispute, and compliance data needed to process bookings, route teacher payments, verify seller eligibility, and handle payment issues.
  • With Google - information needed to authenticate teachers, support connected Google Calendar features, check availability, create or update lesson events, and generate Google Meet links where those features are used.
  • With Google Analytics - site-usage measurement information where analytics consent is granted.
  • With email delivery providers - email address and message content needed to send transactional platform emails.
  • With hosting, database, infrastructure, logging, security, and technical service providers - data needed to host, operate, secure, debug, and maintain the Platform.
  • With authorities, regulators, payment networks, or professional advisers - where required or reasonably necessary for tax reporting, DAC7, regulatory compliance, payment disputes, fraud prevention, legal claims, or enforcement.
  • With administrators and support personnel - where access is necessary for support, safety, moderation, fraud prevention, legal compliance, or platform operations.

Google and PayPal may process personal data in accordance with their own privacy notices and may act as separate controllers for certain processing activities.

6. Google User Data

  • Only teachers can connect Google Calendar to the Platform. Students do not connect Google Calendar as part of the standard student booking flow.
  • When a teacher connects Google Calendar, we request only the Google scopes needed to sign the teacher in, check calendar availability, and create or manage lesson-related calendar events.
  • We use Google Calendar availability data to prevent students from booking lesson times that conflict with the teacher's existing calendar commitments.
  • We use Google Calendar event access to create, update, and delete lesson-related events, invite the teacher and student, add reminders, and generate Google Meet links where supported.
  • We do not sell Google user data, use Google user data for advertising, use Google user data for data brokerage, use Google user data for credit-related decisions, or use Google user data for AI model training.
  • Access to Google-derived data by personnel is restricted and permitted only where necessary for support, security, troubleshooting, abuse prevention, legal compliance, or with the user's explicit consent.
  • Teachers can disconnect Google Calendar through the Platform. Disconnecting calendar access removes the locally stored Google refresh token and pauses booking features that depend on connected calendar availability.

7. International Data Transfers

  • We host our application and store data using third-party infrastructure providers. Our primary database is hosted in the European Union.
  • Some hosting, content delivery, logging, security, payment, calendar, authentication, email, and support providers may process personal data outside Switzerland and the European Economic Area.
  • Where personal data is transferred internationally, we rely on appropriate safeguards as required by applicable law, which may include adequacy decisions, Standard Contractual Clauses, or other recognized transfer mechanisms.

8. Data Storage and Security

  • We use technical and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, loss, or misuse.
  • These measures include encryption in transit, hashed passwords, encrypted storage for selected integration tokens and retained deletion records, access controls, provider security controls, and operational logging.
  • Google refresh tokens used for teacher calendar sync are stored in encrypted form and are used only to maintain the calendar features authorized by the teacher.
  • Lesson recordings are not stored by the Platform.

9. Account Closure, Erasure, and Retention

  • You may request account closure and erasure of personal data through the Platform where the self-service deletion flow is available, or by contacting us.
  • Self-service account closure may be temporarily blocked where the account has upcoming bookings, pending payments, open lesson disputes, or unresolved PayPal disputes. In those cases, contact support so the issue can be resolved first.
  • When account closure is completed, we disable account access, remove authentication accounts, sessions, and verification tokens, erase or clear public profile fields, student and teacher profile fields, saved-teacher records, availability, reviews linked to the closing account, PayPal connection records, booking notes, Google Meet links, Google Calendar event identifiers, and raw PayPal dispute payloads where applicable.
  • After account closure, we replace the account email with a non-contactable deleted-account address and mark the account as deleted so historical booking, payment, dispute, tax, and compliance records are not linked to an active public profile.
  • We retain limited encrypted deletion-retention records, including original email, original name, role, and, for teachers where applicable, teacher compliance data, for up to 10 years where needed for accounting, tax, payment disputes, fraud prevention, legal claims, DAC7, audit, or regulatory obligations.
  • Booking, transaction, payment, refund, reversal, PayPal dispute, lesson dispute, moderation, support, tax, accounting, and compliance records may be retained for up to 10 years, or longer where necessary for an unresolved dispute, legal claim, legal obligation, or regulator request.
  • When personal data is no longer required for the purposes for which it was collected or retained, we delete, anonymize, or securely restrict that data, unless continued retention is required by law or for legal claims.
  • Backup copies may retain personal data for a limited period until backups are overwritten according to the relevant backup lifecycle. During that period, backup data is not used for ordinary operational purposes.

10. Cookies and Similar Technologies

  • We use cookies and similar browser technologies for essential account login, security, booking, and payment functionality.
  • We may temporarily store booking-intent data in browser local storage so a student can return to the intended booking flow after signing in.
  • With analytics consent, we use Google Analytics to measure site usage and understand how visitors interact with the Platform.
  • We do not currently use marketing, advertising, retargeting, or promotional measurement cookies.
  • Google Analytics is loaded only after analytics consent is granted. You may withdraw analytics consent using the settings in the Cookie Policy.
  • More information is available in our Cookie Policy.

11. Your Rights

Depending on where you live and which law applies, including Swiss data protection law and the GDPR for EU users, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of personal data where the right to erasure applies.
  • Request restriction of processing or data portability where applicable.
  • Object to processing based on legitimate interests or direct marketing.
  • Withdraw consent where processing is based on consent, without affecting processing carried out before withdrawal.
  • Lodge a complaint with a competent data protection authority, including the authority in your place of residence in the EEA where applicable, or in Switzerland with the Federal Data Protection and Information Commissioner (FDPIC).

These rights are not absolute. For example, we may need to retain certain data to comply with legal obligations, complete transactions, resolve disputes, prevent fraud, or establish, exercise, or defend legal claims.

To exercise your rights, contact us at: speaking-humans@proton.me.

12. Minors

  • The Platform is intended only for individuals who are at least 18 years old.
  • We do not knowingly allow minors to register for or use the Platform.
  • If we learn that a minor has created an account or submitted personal data, we may suspend or delete the account and remove the data, subject to applicable legal obligations.

13. Automated Decision-Making

  • We do not use personal data for fully automated decision-making or profiling that produces legal effects or similarly significant effects concerning users.
  • The Platform may use operational rules to check booking availability, PayPal eligibility, DAC7 readiness, moderation status, account status, and payment or dispute state. These checks are used to operate the Platform and may affect access to booking, payment, or seller features until requirements are satisfied or reviewed.

14. Third-Party Links and Services

  • Our Platform may contain links to third-party websites or services, including Google and PayPal.
  • We are not responsible for the privacy practices of third parties where they act as separate controllers or operate their own websites or services.

15. Changes to This Privacy Policy

  • We may update this Privacy Policy from time to time to reflect changes in law, Platform functionality, service providers, or data processing practices.
  • Updates will be posted on the Platform with a "Last updated" date.
  • Where required by applicable law, we will provide additional notice or obtain consent for material changes before they take effect.

16. Contact

speakinghumans.com
Operated by Tim Freuler
Sole proprietorship under Swiss law
Registered address:
Langgruetstr. 88A
8047 Zurich
Switzerland

Email: speaking-humans@proton.me