Legal

Privacy Policy

How sayit handles your data, written plainly and completely. This covers what we collect, why we're allowed to, who helps us process it, how long we keep it, and the rights you have, including over your voice recordings.

Last updated: June 2026

The short version

sayit is a hosted pronunciation coach. To analyse your speech and track progress, your recordings are securely uploaded and processed in the cloud. We keep only what we genuinely need, we ask before we measure anything, and we never sell your data. Using your recordings to improve our models is optional and opt-in.

  • Your recordings and pronunciation scores are processed securely in the cloud so we can analyse your speech and show your progress.
  • We collect the minimum to run your account: your email (via our secure sign-in) and what you choose to practise. Any password you set is stored only as a salted hash, never in plain text.
  • Using recordings to improve our models is strictly opt-in, OFF by default, and you can change it any time in Settings.
  • Analytics stay off until you consent. We never sell your data, ever.

This page is written in plain English to be genuinely readable. It describes how the product works and the choices you have; it's not a substitute for legal advice.

1. Who we are

sayit is an English pronunciation and speaking-practice service operated by Cipher Academy (“we”, “us”). For the personal data described here, we act as the data controller. When sayit is used through a school or company, that organisation may be a joint or separate controller for its members' data; their own policies apply alongside this one.

2. What we collect

We try to collect as little as possible. In practice that means:

  • Account & identity: your email address and a basic profile, handled through our secure sign-in. Any password you set is stored only as a salted hash, never in plain text.
  • Voice recordings: the audio you record when you practise. It is uploaded and stored so we can analyse it and so you can replay it.
  • Transcripts & analysis metadata: the text we recognise plus per-word and per-sound pronunciation scores, timings and the metrics that power your feedback and progress charts.
  • Usage & quota: how much you've practised (for free-tier limits and your history) and basic technical logs needed to run the service.
  • Billing details: if you subscribe, our third-party payment processor handles your card details. We never see your full card number; we keep only a subscription reference and status.
  • Analytics: aggregated product analytics, collected only with your cookie consent. Decline, and we don't measure you.

3. Your voice & recordings

This is the part people care about most, so we'll be specific. When you practise, your audio is uploaded over an encrypted connection and processed by our speech-analysis pipeline. The recording, its transcript, and the pronunciation scores derived from it are stored against your account so you can replay takes, compare them, and watch your accuracy improve over time.

Improving our models — your choice

Your voice recordings and their analysis metadata may be retained and used to improve and train the speech models that power sayit's scoring — but only if you opt in. This setting is OFF by default. When it's off, your recordings are used solely to give you feedback and your progress, and are not added to any training dataset.

You can turn it on or off whenever you like under Settings → Privacy & data. Turning it off stops any future use of your recordings for training; recordings already incorporated into a trained model cannot be individually extracted, but we will stop using your data going forward and honour deletion requests for what we still hold.

Either way, you stay in control of your recordings. You can replay, re-record, or delete any recording at any time from inside the app, export them, and deleting your account removes them from our live systems.

4. Legal bases for processing

If you're in the EEA or UK, we rely on these legal bases under the GDPR:

Contract (Art. 6(1)(b))

Running your account and delivering the practice, scoring and progress features you signed up for.

Legitimate interests (Art. 6(1)(f))

Keeping the service secure and reliable, preventing abuse, and fixing bugs — balanced against your rights.

Consent (Art. 6(1)(a))

Optional analytics cookies and using your recordings to improve our speech models. Both are off until you opt in, and you can withdraw at any time.

Legal obligation (Art. 6(1)(c))

Keeping limited billing and tax records where the law requires it.

5. How we use information

We use what we collect for clear, limited purposes:

  • To run your account and deliver the product: analysing your speech, showing feedback, and keeping your progress where you left it.
  • To keep sayit working and safe: diagnosing crashes, preventing abuse, and enforcing fair-use limits.
  • To improve the product: understanding, in aggregate, which lessons help (only with analytics consent), and — only if you opt in — refining our speech models.
  • To handle billing and to send essential service emails (and optional summaries you ask for).

We don't use your information to build advertising profiles, and we don't make decisions with legal effects about you through automated means.

6. Who processes your data

We don't sell your data and we don't share it for anyone else's marketing. To run sayit we rely on a small set of trusted, industry-standard service providers — for application hosting, our database, secure storage of your recordings, payment processing, transactional email, and (only with your consent) product analytics. Each handles data solely on our instructions, under a data-processing agreement, and only for the specific purpose it's engaged for.

For your security we don't publish the specific vendors or the regions they operate in. If you have a legitimate need to know a particular provider — for example a compliance or procurement review — please contact us and we'll share what's appropriate.

If the law ever requires disclosure to an authority, we'll limit it to what's strictly necessary and, where permitted, let you know.

7. International data transfers

Our providers operate in several countries, including outside the EEA and UK (for example the United States and Asia-Pacific). Where we transfer your data internationally, we rely on appropriate safeguards — such as the European Commission's Standard Contractual Clauses and equivalent UK provisions — so your data keeps a comparable level of protection wherever it's processed.

8. Cookies & analytics

Essential cookies keep you signed in and remember your preferences; these are needed for the app to function. Analytics cookies are optional and stay off until you opt in; you can change your mind whenever you like. We explain each category, and let you manage your choices, on our cookies page.

9. Data retention & security

We keep your account data and recordings for as long as your account is active. When you delete a recording it's removed from our live systems; when you delete your account we remove your personal data from our live systems and let it age out of routine backups, keeping only limited records (such as billing) where the law requires.

Recordings you've opted to share for model improvement may be retained for that purpose until you withdraw consent or delete your account. On the security side, connections are encrypted in transit, recordings live in access-controlled storage, and access is limited to the people and systems that need it. No system is perfectly secure, but we design to collect less so there's less at risk.

10. Your rights

Whatever data you've given us is yours. Under the GDPR and similar laws you can:

  • Accessit: see what's tied to your account.
  • Export it: download a copy of your data and recordings in a portable format, straight from Settings.
  • Correct it, restrict or object to certain processing, and withdraw consent (for analytics or model improvement) at any time.
  • Delete it: erase your account and the data we hold for it, right from the app.

Most of this lives right in the app's Settings: data export and account deletion are a tap away. Prefer to ask us directly? Email privacy@cipher.academy and we'll take care of it, usually within a month. You also have the right to complain to your local data-protection authority.

11. Children's privacy

sayit is made for teen and adult learners. We don't knowingly collect personal information from children under 13 (or the minimum age in your region) without appropriate consent. When sayit is used in a classroom, the school or teacher is responsible for the required consents. If you believe a child has given us information without it, contact us and we'll delete it.

12. Changes to this policy

As sayit grows, this policy may change. When it does, we'll update the date at the top, and for anything significant we'll give you a clear heads-up in the app or by email before it takes effect. We won't quietly start doing something you wouldn't expect.

Still have questions?

If anything here is unclear, we'd rather you ask than wonder. We'll explain it in plain words.

Get in touch