Short Learn

Last updated: 18 October 2025 (Paris time)

This policy explains what personal data we collect, how we use it, who we share it with and what rights you have. Apple’s guidelines require that an iOS privacy policy disclose the data collected, how it is collected and used, third‑party sharing, retention periods and mechanisms for withdrawing or deleting data.

1. Data Controller

The data controller is **Yanis Cherifi, Sole Trader (auto‑entrepreneur)**, registered in France and domiciled at **8 rue Guynemer, 94300 Vincennes, France**. For privacy‑related questions you can contact us at **contact.shortlearn@gmail.com**.

2. Data We Collect

In keeping with the data minimisation principle, we collect only the information necessary to operate Short Learn. Categories of data include:

Category	Description	Purpose
Account data	Name, email address, encrypted password	To create and manage the account, communicate with the user and provide the service
Usage statistics	Number of videos submitted per day, number of lessons generated per day, source and target languages, timestamps	To analyse and improve our service; aggregated statistics are anonymised
Technical data	Device identifier (IDFV), connection logs, IP address, operating system information	To ensure security, prevent fraud and measure performance
Content data	URL and metadata of the shared content, temporary transcription and translation	To generate the language lesson; transcription is deleted after processing

We do not collect sensitive data (such as race, political opinions) and we do not collect precise location or health data.

3. How We Collect Data

**Data provided directly:** When creating an account or submitting a link, the user enters or shares information (name, email, URL).

**Data collected automatically:** Certain identifiers and technical information are automatically collected via the device (IDFV, logs) to ensure functionality and security. Short Learn does not engage in cross‑app advertising tracking and does not use the advertising identifier unless explicit consent is obtained via the App Tracking Transparency (ATT) prompt.

**Data generated during processing:** During video analysis, a transcription and translation are produced via OpenAI’s Whisper service. These data are deleted after the lesson has been displayed.

4. Purposes and Legal Bases

Purpose	Legal basis	Details
Provide the service (account creation, lesson generation)	Performance of a contract	Account data and shared URLs are necessary to deliver the requested functionality.
Measure audience and improve the application	Legitimate interest	The Publisher analyses aggregated usage statistics (number of videos, languages, timestamps) to enhance user experience without individual profiling.
Security and fraud prevention	Legitimate interest	Logs and technical identifiers are used to detect misuse or faults and to ensure service integrity.
Compliance with legal obligations	Legal obligation	Retention of connection data and response to lawful requests from authorities.
Communication with users (support, important notifications)	Legitimate interest	We may contact users regarding the service (confirmations, responses to queries). We do not send marketing without consent.

5. Recipients and Data Transfers

Personal data are not sold. They are processed by:

**Publisher staff** authorised to manage accounts and support.

**Technical processors**, including hosting providers and transcription/translation providers (e.g. OpenAI). In line with Apple’s requirements, any third party must uphold privacy standards equivalent to ours. Processors act on the Publisher’s instructions and may not use data for other purposes.

**Judicial or administrative authorities** if required by law.

In some cases, data may be transferred outside the European Economic Area (for example to the United States when using AI services). Such transfers are governed by the European Commission’s Standard Contractual Clauses or adequacy decisions ensuring an adequate level of protection.

6. Retention

We retain personal data only for as long as necessary for the purposes described above:

**Account data:** retained while the account is active; deleted at the user’s request or after 3 years of inactivity.

**Aggregated statistics:** retained indefinitely in anonymised form.

**Technical logs:** retained for 12 months for security purposes.

**Transcriptions and translations:** deleted automatically after the lesson is generated.

These retention periods align with the obligation to specify how long data are kept and to delete them when they are no longer needed.

7. User Rights

Under the GDPR and French law, users have the following rights:

**Right of access:** to obtain confirmation that data are being processed and receive a copy.

**Right to rectification:** to correct inaccurate or incomplete data.

**Right to erasure (right to be forgotten):** to have data deleted, subject to legal limitations.

**Right to object:** to object to processing based on the user’s specific situation or for marketing purposes.

**Right to restrict processing:** to request suspension of processing.

**Right to data portability:** to receive data in a structured format and transfer it to another controller.

**Right to withdraw consent:** for processing based on consent, the user may withdraw consent at any time without affecting prior lawful processing.

The app offers an **“Account”** section where users can view and edit their information. To exercise another right or request assistance, users may contact the Publisher via the address in § 1. The Publisher may request proof of identity. Users may also lodge a complaint with the CNIL (French data protection authority).

8. Data Security

The Publisher implements appropriate technical and organisational measures to protect data against accidental or unlawful destruction, loss, alteration, disclosure or unauthorised access. Measures include password encryption, access logging and database segregation. However, no method of electronic transmission or storage is completely secure. Despite our efforts, we cannot guarantee absolute security, and users use the service at their own risk.

9. Children

Short Learn is not intended for children under 16. Individuals aged 16 or above but under the age of majority in their country must obtain consent from a legal guardian before creating an account. We do not knowingly collect data from children; if we discover that a child under 16 has provided information, we will delete the data and disable the account.

10. Cookies and Similar Technologies

The app does not use third‑party cookies in the native interface. Technical cookies may be used on the website and login area to ensure security and functionality. Where required, a notice and consent mechanism will be provided.

11. Changes to This Policy

We may modify this policy to reflect legal or service changes. Significant updates will be notified to users via the app or by email. Continued use of the service after the effective date of the new policy constitutes acceptance.

12. Contact

For privacy‑related questions or to exercise your rights, please contact us at **contact.shortlearn@gmail.com**.