Terms of Service – LingoSnap

Effective: 2026-05-20 · Version: 3.2

1. Introduction and parties

1.1 These Terms of Service (the “Terms”) govern the relationship between:

the Operator: Martin Hubálek, Company ID (IČO): 08827303, a sole trader with registered office at Dolní Štěpanice 29, 514 01 Benecko, Czech Republic, contact support@lingo-snap.com (the “Operator”); and
the User: any natural or legal person who uses the LingoSnap application (the “User” or “you”).

1.2 By accepting these Terms (e.g. by ticking the consent box, by registering, or by continuing to use the Service after publication of the Terms) you give your free, informed and unambiguous consent to all of their provisions.

1.3 If you do not agree with these Terms, do not use the Service.

2. Definitions

Service / Application – the LingoSnap mobile and web application together with all related features, APIs and content.
AI Input – any content the User submits for processing by artificial intelligence (photographs, images, texts, prompts, voice recordings, documents, PDF files, etc.).
AI Output – any content generated by the Service through artificial intelligence (recognised vocabulary items, definitions, translations, examples, quizzes, generated audio, generated images, etc.).
User Content – AI Inputs together with any other content the User creates, stores or shares within the Service.
Shared Content – User Content made available by the User to other Users via a link, QR code, invitation or group.
Teacher / Group Administrator – a User who creates a group of pupils, students or members within the Service and manages its content and access rights.
Consumer – a User who is a natural person and who enters into the contract for purposes outside their trade, business, craft or profession (Section 419 of Act No. 89/2012 Coll., the Czech Civil Code).
Subscription / Credits – paid plans and virtual units that unlock paid features of the Service.
Beta Feature – any feature labelled “Beta”, “Experimental”, “Preview” or similar, made available on a trial basis.

3. Description of the Service

3.1 LingoSnap is a SaaS application for AI-assisted foreign-language learning. It allows you in particular to: photograph printed text, extract vocabulary using artificial intelligence (Google Gemini), practise vocabulary with flashcards, quizzes and workbooks, generate audio playback of vocabulary, and use an AI chatbot for learning purposes.

3.2 The Service is strictly an auxiliary study tool. It does not, and is in no way intended to, replace:

language tuition delivered by a qualified teacher or institution;
professional (in particular sworn or certified) translation;
specialist preparation for examinations (CPE, IELTS, TOEFL, school-leaving exams, state examinations, etc.);
any form of professional, medical, legal, financial or academic advice.

3.3 The Operator may at any time introduce, modify, restrict or discontinue any feature of the Service without compensation, except as set out in Article 22 (full discontinuation of the Service).

3.4 Beta Features. Some features may be marked as Beta. Such features are provided “AS IS”, may contain errors, and may be modified or removed at any time without compensation. Use of Beta Features is entirely voluntary, and by using them you accept the heightened risk of instability. The liability cap under Article 15.2 is, in respect of damage caused exclusively by Beta Features, reduced to CZK 0.

4. Registration and User account

4.1 Full functionality of the Service requires account registration. You undertake to provide true, complete and up-to-date information.

4.2 Age. The Service may be used by persons aged 16 or over. Younger persons may use it only with the consent of their legal representative, who assumes full responsibility for such use.

4.2.1 Pupils and students in classroom groups. Where a User under 16 is added to a group by a Teacher or school, responsibility for obtaining the consent of legal guardians under Article 8 GDPR and for the lawful processing of the pupil’s personal data lies exclusively with the Teacher / school. The Operator is not required to verify such consent and relies on the Teacher’s representations under Article 8.

4.3 You are required to safeguard your account credentials. The Operator is not liable for any unauthorised use of the account resulting from the User’s negligent handling of passwords or devices.

4.4 The Operator may suspend or terminate the account without compensation in case of breach of these Terms or suspected misuse or unlawful activity.

5. Use of artificial intelligence (AI) and AI Outputs

5.1 IMPORTANT NOTICE. The Service materially relies on generative artificial intelligence (in particular Google Gemini) and other machine-learning algorithms. AI Outputs may be inaccurate, incomplete, outdated, fabricated (so-called “hallucinations”), misleading, biased, or even offensive. This is inherent to the nature of AI and does not constitute a defect of the Service.

5.2 The Operator gives no warranty that AI Outputs will be:

accurate, correct, complete or current;
fit for any particular study goal, exam, certification or professional purpose;
aligned with pedagogical recommendations, curricula, language norms, or regional language varieties;
free from errors of grammar, pronunciation, translation or substantive content.

5.3 You are required to verify each AI Output independently before relying on it for any purpose beyond mere personal practice. The Operator strongly advises against relying on AI Outputs when preparing for examinations, official translations, contracts, or any situation with real-world consequences.

5.4 AI Outputs do not constitute professional advice (legal, medical, tax, financial or otherwise). Where you act in reliance on an AI Output, you do so entirely at your own risk.

5.5 The Operator accepts no liability for any decision you make in reliance on an AI Output, nor for any consequences of its use (including without limitation: failure in an examination, loss of business opportunity, mistranslation, professional malpractice).

5.6 Ownership and IP risk in AI Outputs. To the extent permitted by the AI provider’s terms and applicable law, AI Outputs are made available to you for your personal study use. You acknowledge, however, that:

AI Outputs may not enjoy copyright protection (machine-generated authorship may not meet statutory requirements);
an AI Output may inadvertently reproduce a work or elements of a work protected by third-party rights;
any use of an AI Output beyond personal study (in particular commercial or public dissemination) is solely your responsibility and is subject to the indemnity in Article 17.

5.7 AI Act compliance. The Service incorporates AI systems within the meaning of Regulation (EU) 2024/1689 (the AI Act). In line with Article 50 of the AI Act, we transparently inform you that:

you are interacting with an AI system (chatbot, AI Outputs);
audio outputs may be AI-generated (TTS – text-to-speech synthesis);
images may be AI-generated and are labelled as such within the application.

By the Operator’s own assessment, LingoSnap is an AI system of minimal risk; the Operator is neither a provider nor a developer of foundation models within the meaning of the AI Act.

6. AI Inputs: data entrusted to artificial intelligence

6.1 You expressly acknowledge that any content you submit to the Service for AI processing (an AI Input) is, for the purpose of such processing, transferred to the AI provider (in particular Google LLC / Google Cloud) and may be processed on servers located outside the Czech Republic and the EU (in particular in the United States) on the basis of Standard Contractual Clauses (SCC) approved by the European Commission.

6.2 Your warranties. By submitting an AI Input you represent and warrant that:

you own all necessary rights in the AI Input or have obtained written permission from the rightsholder;
the AI Input does not infringe any copyright, trademark, patent, trade secret or other right of any third party;
the AI Input does not contain:
- personal data of third parties (in particular: third-party names, photographs of identifiable individuals, contact or health data) unless you have a lawful basis for processing such data;
- special categories of personal data within the meaning of Article 9 GDPR (health, biometric, sexual-orientation, political or religious data, etc.);
- payment-instrument data, authentication credentials, private keys, passwords;
- trade secrets, classified information, information subject to NDA;
- unlawful content, child sexual abuse material (CSAM), content inciting violence, hatred or terrorism, etc.
the AI Input complies with the laws of the Czech Republic, the EU, and the country from which it is submitted.

6.3 Sole responsibility of the User. All responsibility for the content of AI Inputs, their lawfulness and the lawfulness of their submission lies solely with you. The Operator acts only as a technical intermediary between you and the AI provider and does not pre-screen the content of individual AI Inputs.

6.4 Waiver of claims arising from AI Input processing. You expressly waive any claim for damages or non-pecuniary harm against the Operator arising out of the manner in which the AI provider (Google) processed, retained or further used AI Inputs in accordance with that provider’s own published terms and privacy policy. You acknowledge that the AI provider’s terms and privacy policy apply, and that you familiarised yourself with them before using the Service.

6.5 AI model training. The Operator does not use your AI Inputs to train its own AI models. According to the public terms of the Google Gemini API provider, AI Inputs processed via the paid API are by default excluded from model training; however, the Operator accepts no liability for any unilateral change to those policies by the AI provider, nor for any breach of such policies by the AI provider.

6.6 Retention of AI Inputs. The Operator does not retain AI Inputs longer than is strictly necessary to perform the requested operation, save for short-term technical purposes (e.g. caching). User Content stored in libraries (notebooks, vocabulary items) is retained for as long as you keep it within the Service.

6.7 Misuse blocking. The Operator may refuse, block or report an AI Input to the competent authorities where it has reasonable grounds to suspect a breach of these Terms or applicable law, with no entitlement to refund of Credits or any portion of the Subscription.

7. User Content – ownership and licence

7.1 You retain ownership of your User Content. By accepting these Terms, however, you grant the Operator a worldwide, non-exclusive, royalty-free licence to use the User Content solely to the extent necessary for:

providing the Service to you (text recognition, vocabulary generation, storage, cross-device synchronisation);
transferring AI Inputs to the AI processors listed in the Privacy Policy;
technical operations (back-ups, monitoring, anti-abuse).

7.2 The Operator does not disclose User Content to third parties for marketing or commercial purposes and does not use it to train its own AI models.

7.3 Following deletion of your account, your User Content and personal data will be deleted within the period set out in the Privacy Policy, except for data the Operator is required to retain by law (in particular accounting records under Act No. 563/1991 Coll.).

8. Shared Content and classroom groups

8.1 User-to-user sharing. The Service allows Users to share User Content (notebooks, vocabulary items, study plans) by way of a link, QR code, invitation or assignment to a group.

8.2 Sharing User’s responsibility. A User who shares content is fully responsible for:

the lawfulness of the Shared Content;
obtaining all necessary third-party consents and licences for distribution at the relevant scope;
compliance of the Shared Content with these Terms and with appropriateness rules for the target audience (in particular where minors are present).

8.3 Receiving User’s acknowledgement. A User who receives Shared Content acknowledges that the content originates from another User and that the Operator does not verify or actively moderate it. Unlawful Shared Content may be reported under Article 18 (notice & takedown). The Operator may at its discretion deactivate any Shared Content, whether on receipt of a notice or on its own initiative.

8.4 Teacher / Group Administrator. A User acting as a Teacher / Group Administrator:

acts in that capacity as an organiser of processing for their own pedagogical purposes and may, within the meaning of GDPR, qualify as a separate controller in respect of their pupils’ personal data;
is solely responsible for obtaining the consent of legal guardians of minor members of the group in accordance with Article 8 GDPR;
is solely responsible for ensuring that the content placed in the group (including shared AI content) is appropriate for the group’s minor members;
indemnifies the Operator against any claim arising out of breach of these obligations to the extent set out in Article 17.

8.5 Pupil / group member. By joining a group, a User agrees that the Teacher / Group Administrator can see the User’s group-related activity (assigned notebooks, practice results) and may end the User’s membership of the group.

9. Subscriptions, payments, Credits

9.1 Free and paid plans. The Service is available in a free version (with limited features and local storage) and in paid plans (cloud sync, AI Credits, advanced features).

9.2 Payment processor. All payments are processed by Stripe. The Operator does not store payment-card details.

9.3 Auto-renewal. Subscriptions renew automatically at the end of the current billing period. You may cancel auto-renewal at any time in your account; access continues until the end of the paid period.

9.4 Refunds. Subscriptions and Credits, once paid for, are non-refundable, except to the extent a refund is mandated by mandatory law, by the procedure under Article 22.2 (full discontinuation of the Service), or by the procedure under Article 9.6(f) (guaranteed Credit refund on technical failure). In particular, the Operator does not refund:

the unused portion of a billing period upon cancellation or upgrade;
activated, unused Credits;
Credit consumption for an operation under Article 9.6(c)–(e) (neither Operator-controlled-prompt operations nor User-controlled-content operations give rise to a Credit refund based on dissatisfaction with the AI Output);
dissatisfaction with AI Outputs (their inaccuracy is not a defect of performance – see Article 5);
unavailability of a particular feature discontinued by the Operator for material reasons.

9.5 Plan change. When you upgrade to a higher plan, the new plan takes effect immediately and no refund or credit is granted for the unused portion of the previous plan. The new price applies from the next billing period.

9.6 Credits, moment of deduction, and limits of non-refundability.

(a) AI Credits are non-transferable, remain valid for the duration of the active Subscription, and expire upon its termination with no entitlement to compensation.

(b) Moment of deduction. A Credit is deducted from your account immediately before the technical execution of the paid operation begins (balance check, ledger entry and subsequent dispatch of the AI Input to the AI provider or initiation of internal processing). The deduction is tied solely to the initiation of the technical delivery of the service and not to the result of the operation or to your subjective satisfaction with the AI Output.

(c) Operations with prompts controlled by the Operator (in particular: vocabulary extraction from photographs and PDFs, generation of vocabulary sets by CEFR level, generation of flashcard definitions, document or workbook analysis, PDF structure detection, TTS audio generation, generation of flashcard images). For these operations the Operator controls the system prompt and processing parameters, but given the inherent nature of generative AI (Article 5) the Operator does not warrant and is objectively unable to warrant:

the accuracy, completeness, currency or factual correctness of the AI Output;
the alignment of the AI Output with your subjective expectations, your learning goal, an exam, or a regional language variant;
the quality of pronunciation, intonation or accent in TTS;
the aesthetic quality, faithfulness or suitability of generated images.

A consumed Credit for these operations cannot be refunded on grounds of dissatisfaction with the quality of the AI Output.

(d) Operations with content controlled by the User (in particular AI chat, where you formulate the query or message yourself). For these operations the quality of the AI response depends primarily on your input (formulation of the query, context, language, length). The Operator controls only the chatbot's system prompt, not the content of the conversation. A consumed Credit for these operations cannot be refunded on grounds of dissatisfaction with the AI response or on grounds of an incorrect, incomplete or unsuitable query on your part.

(e) No entitlement to a Credit refund arises in particular from:

inaccurate, incomplete, outdated, hallucinating or biased AI Output;
incorrect, incomplete or unsuitable AI Input on your part (illegible photograph, empty or corrupted PDF, query in a language other than the one you intended);
interruption of an operation by you after its technical start;
rejection or blocking of an AI Input for breach of Article 6.2 or Article 11 (see also Article 6.7).

(f) Guaranteed Credit refund. A Credit will be automatically refunded to your account without the need for a complaint in the following cases:

technical failure attributable solely to the Operator before the AI Output is delivered (in particular: internal Service error, loss of connection to the AI provider before its response is received, processing timeout exceeding the standard operation limit);
service of the operation from the Operator's cache without an actual call to the AI provider (in particular repeated generation of an identical image or other output);
demonstrably erroneous deduction (technical fault in Credit accounting).

The refund under (f) is processed automatically and without the need for a complaint; if the automatic refund nevertheless fails for technical reasons, you may pursue the claim by filing a complaint under Article 16, which the Operator will handle on a priority basis and without undue delay.

9.7 Price changes. The Operator may change prices of Subscriptions and Credits at any time. Price changes do not affect a billing period that has already been paid for; new prices apply from the next billing period following notice (at least 14 days in advance).

9.8 Taxes. Listed prices include applicable VAT unless stated otherwise. B2B Users (legal persons and self-employed individuals) shall provide the Operator with their business status and a valid VAT ID for the purposes of any reverse-charge regime under EU VAT rules.

9.9 Chargebacks. You undertake, before initiating a chargeback with your bank or payment processor, to first raise a complaint with the Operator in accordance with Article 16. Initiating a chargeback without first raising a complaint is a breach of these Terms and entitles the Operator to:

immediately suspend your account without compensation;
recover the amount in question from you, increased by associated costs (gateway fees, administrative costs).

10. Express consent to commencement of performance and waiver of withdrawal right (Section 1837 of the Czech Civil Code)

10.1 The Consumer expressly consents to the Operator commencing performance (provision of the Subscription, crediting of Credits, AI features) immediately upon payment and before expiry of the 14-day withdrawal period.

10.2 The Consumer expressly acknowledges that, by such consent, in accordance with Section 1837(l) of the Czech Civil Code, they lose the right to withdraw from the contract within 14 days, because performance of the digital content commenced with their prior express consent before expiry of the withdrawal period.

11. Prohibited conduct

11.1 You undertake in particular not to engage in any of the following, the occurrence of which is grounds for immediate termination of the account without compensation:

circumvention of free-plan limits (multiple-account creation, automation);
scraping, automated AI prompting, robotic traffic, stress-testing;
reverse engineering, decompilation, extraction of models or data from the Service;
uploading unlawful or prohibited content (Article 6.2);
attempting to gain unauthorised access (penetration testing without consent, social engineering against support);
resale or sharing of accounts; sharing of Credits with third parties;
using the Service to develop a competing product;
placing advertising, spam, phishing or other unsolicited communications into Shared Content;
any conduct that harms the reputation of the Service, the Operator or other users.

11.2 Detection and enforcement against multi-account abuse. To protect the Service, the Operator may:

detect repeated registrations by the same User using technical means (e.g. device fingerprint, browser fingerprint, IP address) to the extent necessary to prevent abuse;
automatically suspend accounts showing signs of abuse and any related accounts;
recover damages (in particular for misappropriated free Credits);
report serious breaches to law-enforcement authorities.

11.3 Sanctions and embargoes. You represent that you are not listed on any international sanctions list (in particular EU, UN, OFAC) and that you do not use the Service from a jurisdiction subject to a comprehensive embargo. Should this representation prove untrue, the Operator is required to suspend the account immediately and without compensation.

12. Service availability and force majeure

12.1 The Operator endeavours to maintain the highest possible availability of the Service, but does not guarantee 100% availability or any specific level of performance. No SLA applies to the Service.

12.2 The Operator may carry out scheduled and unscheduled maintenance (maintenance, updates, security interventions) without compensation.

12.3 The Operator is not liable for outages caused by third parties (in particular hosting providers, the AI provider, Stripe, internet providers), force majeure, cyberattacks, or restrictions stemming from public-authority requirements.

12.4 Force majeure means in particular: war, armed conflict, terrorism, large-scale cyberattack (DDoS, ransomware, supply-chain attack), pandemic, natural disaster, large-scale failure of electricity supply or internet infrastructure, outage or permanent discontinuation of services of key sub-processors (in particular Google Cloud, MongoDB Atlas, Stripe, hosting), state action, sanctions or embargo, labour strikes, and other events beyond the Operator’s reasonable control. For the duration of force majeure, the Operator’s liability for non-performance under these Terms is excluded.

13. Operator’s intellectual property

13.1 All elements of the Service (source code, design, trademarks, logos, documentation, didactic methods, content selection and structure) are the sole intellectual property of the Operator or its licensors.

13.2 You are granted a limited, non-exclusive, non-transferable licence to use the Service for your own personal study or internal use within the scope of your purchased plan. Any other use is prohibited.

14. Disclaimer of warranties

14.1 To the maximum extent permitted by law, the Service is provided “AS IS” and “AS AVAILABLE”, without any express or implied warranty, in particular:

fitness for a particular purpose;
merchantability;
non-infringement of third-party rights;
accuracy, completeness or timeliness of AI Outputs;
uninterrupted, error-free or secure operation;
compatibility with all devices, operating systems or browsers.

14.2 This provision is without prejudice to the Consumer’s mandatory rights, in particular rights for defects of digital content under Section 2389a et seq. of the Czech Civil Code, to the extent such rights cannot validly be excluded.

15. Limitation of liability

15.1 Key provision. To the maximum extent permitted by law, the Operator shall not be liable for any indirect, consequential, incidental, special, punitive or exemplary damages, including in particular:

loss of profits, loss of revenue, loss of business opportunity or savings;
loss, corruption or unavailability of data (you are required to back up your data; the Service is not a backup solution and you must not rely on any feature of the Service as your sole source of data);
damage to reputation, reputational harm;
failure in examinations, certifications, admissions procedures or other outcomes;
mistranslation, miscommunication, any action taken in reliance on an AI Output;
damages caused by interruption of the Service, outages, delays or data loss on the part of third parties (Google, Stripe, hosting);
damage to the User’s device, loss of time;
damages caused by the use or misconfiguration of device permissions (camera, microphone, storage, push notifications).

15.2 Liability cap. The Operator’s aggregate liability for all claims by a User shall not exceed the lower of:

an amount equal to one (1) monthly Subscription fee for the User’s plan as currently (or most recently) paid – calculated at a monthly rate even where the Subscription is annual or otherwise multi-month; or
CZK 1,000 (one thousand Czech crowns).

For Users on the free plan and for Users who have never paid for the Service, the Operator’s maximum liability is CZK 0. This cap applies on an aggregate basis to all claims raised by a User in any period, not on a per-claim basis.

15.3 Mandatory-law limits. The limitations under Articles 15.1 and 15.2 do not apply only to the extent their application would be inconsistent with Section 2898 of the Czech Civil Code, in particular in the case of:

wilful breach of duty;
gross negligence;
harm caused to a person’s natural rights (life, health).

15.4 Specific exclusions. The Operator is not liable, in particular, for:

content generated by AI and any consequence of reliance on it;
content the User submitted to AI in breach of these Terms;
acts or omissions of the AI provider, payment processor, hosting provider or any other sub-processor;
outages of the User’s internet, hardware, OS or third-party applications;
data loss caused by the User’s own actions (account deletion, device loss, failure to back up);
any harm arising from use of the Service for a purpose for which it is not intended (Article 3.2).

16. Complaints and rights for defects

16.1 Complaints are submitted by email to support@lingo-snap.com. You shall describe the defect, the date it was identified, and attach relevant evidence (screenshots, transaction IDs).

16.2 Items that do not constitute a defect of the Service:

inaccurate, incomplete, misleading or “hallucinating” AI Outputs (Article 5.1);
discrepancy between an AI Output and the User’s subjective expectation;
Credit consumption for an operation under Article 9.6 (neither Operator-controlled-prompt operations nor User-controlled-content operations give rise to a Credit refund based on dissatisfaction with the AI Output; the only exception is the guaranteed refund under Article 9.6(f) for technical failure on the Operator’s side);
short-term unavailability (up to 24 hours in aggregate per month) caused by maintenance or third parties;
behaviour of Beta Features (Article 3.4);
limitations of the free plan;
matters caused by the User’s environment (device, OS, browser, internet).

16.3 Time-limit for complaint handling is 30 days from the proper submission by a Consumer.

16.4 Out-of-court dispute resolution (Consumer). A Consumer is entitled to seek out-of-court resolution of any dispute under these Terms with the Czech Trade Inspection Authority (ČOI), Štěpánská 567/15, 120 00 Prague 2, web www.coi.cz. For online disputes, the EU Online Dispute Resolution platform is available: https://ec.europa.eu/consumers/odr/.

17. Indemnity by the User

17.1 You agree to indemnify the Operator, its affiliates, employees, statutory representatives and contractual partners, and to hold them fully harmless from any claim, proceedings, fines, sanctions and legal costs arising out of:

breach of your warranties under Article 6.2 (in particular uploading copyrighted content or third-party personal data);
infringement of any copyright, trademark, patent or other intellectual-property right of any third party by you;
uploading of unlawful content;
breach of GDPR or other data-protection laws by you (in particular: uploading third-party personal data without a lawful basis; failure to obtain guardian consent for minor members of a classroom group under Article 8);
your use of an AI Output in conflict with the rights of any third party;
any other breach of these Terms or applicable law by you.

17.2 The Operator is entitled to assume sole control of the defence of any such claim; you shall provide all reasonable cooperation.

18. Notice & takedown – reporting illegal content (DSA)

18.1 In respect of Shared Content, the Operator acts as a hosting service provider within the meaning of Regulation (EU) 2022/2065 (the Digital Services Act, “DSA”).

18.2 Notice. Any person (including a third party outside the Service) may report unlawful content by email to abuse@lingo-snap.com. A notice should contain:

a precise identification of the content (URL, notebook/item ID, screenshot);
the reason the content is alleged to be unlawful (copyright infringement with proof of ownership, defamation, unlawful content, etc.);
the contact details of the notifier (name, email);
a statement of accuracy.

18.3 Procedure. The Operator will:

confirm receipt of the notice;
assess the notice without undue delay (typically within 7 business days);
where the notice is well founded, deactivate, remove or block access to the relevant content;
inform the User whose content was affected of the reasons for the action.

18.4 Appeal. A User whose content has been deactivated may appeal to abuse@lingo-snap.com within 14 days. The Operator will decide the appeal within 14 days of submission.

18.5 Out-of-court resolution. A User may submit a content-moderation dispute to a certified out-of-court dispute settlement body under Article 21 DSA, listed by the European Commission.

18.6 Misuse. Repeatedly manifestly unfounded notices, or repeated uploading of unlawful content, may result in suspension of the notifier or User.

19. Security disclosures (responsible disclosure)

19.1 The Operator welcomes reports of security vulnerabilities and supports responsible disclosure. To submit a report, email security@lingo-snap.com, with subject “Security Vulnerability Report”, and include: the affected component, steps to reproduce, impact, and a proof of concept where available.

19.2 Safe harbour. Where a researcher acts in good faith and:

reports the vulnerability to the Operator before any public disclosure;
limits testing to what is necessary to demonstrate the issue;
does not access users’ personal data, exfiltrate data, or impair the availability of the Service (DoS, etc.);
gives the Operator a reasonable period to remediate (typically 90 days from confirmation of the vulnerability) before disclosure,

the Operator will not pursue claims under Article 11 (prohibited conduct) against that researcher and will use reasonable efforts to cooperate and to provide acknowledgement. The Operator is not obliged to pay a bounty in the absence of a publicly announced bug-bounty programme.

19.3 Conduct that does not comply with Article 19.2 (in particular data exfiltration, extortion, delayed reporting, disclosure before remediation) is treated as an attack under Article 11, with all consequences including criminal-law consequences.

20. Personal data protection

Processing of your personal data is governed by the separate Privacy Policy, which forms an integral part of these Terms and is available within the Service.

21. Changes to the Terms and the Service

21.1 The Operator may unilaterally amend these Terms, in particular for reasons relating to the development of the Service, technological changes, changes in law, security, or matters relating to sub-processors.

21.2 Users will be informed of material changes in the application or by email at least 14 days before they take effect, unless an immediate change is required for security or legal reasons.

21.3 If you do not agree with the changes, you may terminate the contract by deleting your account before the new Terms take effect; continued use of the Service after the new Terms take effect constitutes acceptance of the new version.

21.4 The Operator may modify, restrict or discontinue any feature of the Service. For paid features whose discontinuation would have a material impact on you, you will be informed in advance; in such case you are entitled to a pro-rata refund of the Subscription for the unused period, unless the law provides otherwise.

22. Full discontinuation of the Service (sunset)

22.1 The Operator may at any time discontinue the Service or a substantial part thereof for operational, technical, legal or economic reasons.

22.2 In the event of a full discontinuation of the Service:

Users will be informed in the application and/or by email at least 60 days before the planned discontinuation;
Users will be enabled to export their data in a machine-readable format (JSON);
the unused portion of an active Subscription will be refunded pro rata for the remaining period until the planned discontinuation.

22.3 Discontinuation of individual features (rather than the whole Service) is governed by Article 21.4.

23. Term and termination of the contract between the parties

23.1 The contract is concluded for an indefinite period.

23.2 Termination by the User. You may terminate the contract at any time by deleting your account in the application.

23.3 Termination by the Operator. The Operator may terminate the contract:

with immediate effect and without compensation in case of breach of these Terms by you (in particular Articles 6, 11);
for operational reasons on 30 days’ notice.

23.4 Termination does not affect the survival of, in particular, Articles 5–8, 14–19, 24, 25 and 26.

24. Assignment of the contract and change of ownership

24.1 You consent to the Operator assigning its rights and obligations under this contract to a third party, in particular in the event of:

sale, merger, acquisition or other corporate transaction;
transfer of the LingoSnap project to a successor operator.

24.2 You will be informed of an assignment at least 30 days in advance and will then be entitled to terminate the contract; the unused portion of the Subscription will be refunded pro rata.

24.3 In the event of insolvency or analogous proceedings against the Operator, the Operator undertakes – to the extent permitted by insolvency law – to ensure preservation of User data and the possibility of its export for a reasonable period.

24.4 You may not assign your rights and obligations under the contract without the Operator’s prior written consent.

25. Communications and service of notice

25.1 All communications between the Operator and the User are primarily made:

from the Operator to the User: by email to the address registered in the account, by in-app notice, and/or by push notification;
from the User to the Operator: by email to support@lingo-snap.com, privacy@lingo-snap.com, abuse@lingo-snap.com or security@lingo-snap.com, depending on the nature of the matter.

25.2 You are required to keep your contact email up to date. A communication sent by the Operator to the User’s email address registered in the account is deemed delivered to the User upon dispatch, and at the latest on the second day after dispatch.

25.3 Email delivery is deemed delivery in writing to the extent permitted by Section 562 of the Czech Civil Code.

26. Severability

If any provision of these Terms is held to be invalid, void or unenforceable, the remaining provisions remain in full force. The parties shall replace the invalid provision with a valid one whose substance most closely reflects the economic purpose of the original provision.

27. Governing law and jurisdiction

27.1 The contract and these Terms are governed by the laws of the Czech Republic, in particular Act No. 89/2012 Coll., the Civil Code, excluding conflict-of-law rules.

27.2 Consumer. Mandatory rules on jurisdiction at the Consumer’s domicile within the EU under the Brussels I bis Regulation apply to consumer disputes. Nothing in these Terms affects the Consumer’s rights under the laws of their state.

27.3 B2B. Disputes with a User who is not a Consumer are subject to the exclusive jurisdiction of the ordinary courts of the Czech Republic, determined by the Operator’s seat.

28. Final provisions and contact

28.1 The languages of communication are Czech and English. In case of any conflict between language versions, the Czech version prevails.

28.2 These Terms are valid and effective from 2026-05-20 and supersede all prior versions, save for obligations that arose before they took effect.

28.3 Contact:

General support and contractual matters: support@lingo-snap.com
Personal data protection: privacy@lingo-snap.com
Reports of illegal content (DSA): abuse@lingo-snap.com
Security vulnerabilities: security@lingo-snap.com

LingoSnap – Martin Hubálek, Company ID 08827303, Dolní Štěpanice 29, 514 01 Benecko, Czech Republic.

Privacy Policy

Effective date: 2026-04-30 · Version: 2.0

P1. Data Controller

LingoSnap
Operator: Martin Hubálek, Company ID (IČO): 08827303
Registered office: Dolní Štěpanice 29, 514 01 Benecko, Czech Republic
Contact: privacy@lingo-snap.com

P2. What Data We Collect

The following table lists all personal data we hold:

Field	Purpose	Required?	Legal basis (GDPR Art. 6)
Email	Login, account communication	Yes	Contract (6.1.b)
First name, last name	UI personalization, email greetings	No	Contract
Phone number	SMS reminders (optional)	No	Consent (6.1.a)
Password (bcrypt-hashed)	Authentication	If not using social login	Contract
Social login IDs (Google, Apple)	Sign-in via third party	No (alternative to password)	Contract
IP address (hashed in audit log)	Security, fraud prevention	Auto-collected	Legitimate interest (6.1.f)
Notebooks, vocabulary entries	Core product functionality	You create them	Contract
AI usage logs (operations, costs)	Credit accounting	Auto-collected	Contract
Subscription & transaction records	Billing, accounting	If you subscribe	Legal obligation (6.1.c) — 10 years per Czech accounting law

What we DON'T collect: credit card numbers (handled by Stripe), social security numbers, location data, contacts, biometrics, browser history, advertising identifiers.

P3. Sub-processors (Third Parties)

We share data with the following providers, all bound by GDPR-compliant Data Processing Agreements:

Provider	Purpose	Region
MongoDB Atlas	Database hosting	EU
Roští.cz	Application hosting	Czech Republic
Google Cloud (GCS, Gemini, TTS)	Encrypted backups, AI processing, audio synthesis	EU + US (SCC)
Stripe	Payment processing	Ireland + US (SCC)
Firebase (Google)	Push notifications	US (SCC)
Twilio	SMS notifications (optional)	US (SCC)
WebSupport	Email delivery (SMTP)	Slovakia
Sentry	Error tracking	EU (Germany)

P4. International Data Transfers

Some sub-processors are based in the United States. We rely on Standard Contractual Clauses (SCC) approved by the European Commission as the legal basis for these transfers.

P5. Data Retention

Category	Retention
Active account data	For the duration of your account + 30 days after deletion
Inactive accounts	Up to 24 months after last login (planned automatic cleanup)
Session refresh tokens	30 days
Email verification codes	15 minutes
Password reset tokens	1 hour
Database backups (encrypted)	90 days
Audit log (security events)	13 months
Sentry error events	30 days
Transaction records (anonymized after deletion)	10 years (Czech accounting law 563/1991 Sb.)

P6. Your Rights (GDPR Art. 15-22)

You have the right to:

Access your data (Art. 15) — use Settings → Download my data for a complete JSON export
Rectify incorrect data (Art. 16) — use Settings → Profile
Erase your data (Art. 17 — "right to be forgotten") — use Settings → Delete account
Restrict processing (Art. 18) — contact privacy@lingo-snap.com
Data portability (Art. 20) — same JSON export as Access
Object to processing (Art. 21) — for legitimate interest processing only
Withdraw consent (Art. 7) — for SMS / push notifications

Response time: We respond to all requests within 30 days as required by GDPR Art. 12.

P7. Security Measures

HTTPS everywhere (TLS 1.2+)
Bcrypt password hashing
JWT with rotating refresh tokens
Account lockout after 5 failed login attempts (exponential backoff)
Optional two-factor authentication (TOTP) — RFC 6238, with bcrypt-hashed single-use recovery codes
Encrypted database backups (age cipher, X25519 + ChaCha20-Poly1305)
MongoDB TLS for connections
Audit log of all security-relevant events (13-month retention)
Per-endpoint rate limiting (login, register, password reset)
Secret scanning in CI (gitleaks)
Dependency vulnerability scanning (npm audit + Dependabot)
No PII in error tracking or logs (IP addresses are SHA-256 hashed with daily-rotating salt)

P8. Cookies

We use only strictly necessary cookies:

accessToken — your authentication token (HttpOnly, Secure)
refreshToken — your session refresh token (HttpOnly, Secure)

We use Sentry for error tracking only — no advertising or analytics cookies.

P9. Data Breach Notification

In case of a personal data breach that risks your rights, we will notify you within 72 hours. We will also notify the Czech Data Protection Authority (ÚOOÚ).

P10. Right to Lodge a Complaint

If you believe your data is being processed unlawfully, you have the right to file a complaint with:

Úřad pro ochranu osobních údajů (ÚOOÚ)
Pplk. Sochora 27, 170 00 Praha 7, Czech Republic
Web: uoou.gov.cz

P11. Changes to This Privacy Policy

We may update this Privacy Policy. The current version (2.0) is shown at the top. Material changes will be communicated via in-app notification and require your re-acceptance.

P12. Contact

Questions about this Privacy Policy or your data:
privacy@lingo-snap.com

Terms of Service & Privacy Policy