Privacy Policy
Last updated: June 29, 2026
1. Who We Are
This Privacy Policy describes how IF LLC ("we," "us," or "our") handles information when you use:
- the AAA Words website at https://www.aaawords.com (the "Website");
- our AAA Words mobile application for iOS on the Apple App Store; and
- our AAA Words mobile application for Android on Google Play
(together, the "Service").
AAA Words is an English vocabulary learning platform. An account is required to use the Service. You must create an account and sign in to access vocabulary lookups, learning modes, lists, points, referrals, subscriptions, and other features. Sign-up uses email and password (we store a secure password hash, not your plain password).
Questions about this policy: Click "Get In Touch" in the footer of this website. On the iOS or Android app, open Profile and tap the Feedback tab.
2. Summary
- Account required: you must create an account and sign in to use the Service; sign-up uses email and password (we store a secure password hash, not your plain password).
- Account data includes email, username, optional profile details you provide (such as given name, family name, or phone number), learning preferences (difficulty level, mixed-mode ratio, text-to-speech voice), points, referral relationships, referral ad-free balances and session status, and subscription status when applicable.
- Activity data can include lookup history, custom word lists, sentences you submit for AI feedback, points history, and content issue reports.
- Lookups and audio may be sent to our servers and, when needed, to AI and speech providers to generate definitions, examples, and pronunciation audio.
- Public lists you choose to share are viewable by anyone with the share link.
- Leaderboard shows usernames and point totals; we do not display email addresses to other users.
- On-device storage includes theme preference, sign-in token (mobile), and some practice progress.
- Payments for paid plans are processed by Stripe; we do not store full payment card numbers.
- When enabled — Website: Google Analytics 4 (GA4) and Google AdSense.
- When enabled — mobile apps: Google Analytics for Firebase, Google AdMob, and Firebase Crashlytics.
- Referral ad-free perk (when ads are enabled): when a referred user reaches 500 points, both parties may receive banked ad-free days to activate when they choose; we store earned/available balances and active session timing as described in Section 3.1.
- Selling data: We do not sell your personal information.
Analytics, advertising, and crash reporting are described in Sections 3.10–3.12 and apply when those features are turned on. We will update this page when they go live.
3. Information We Collect
3.1 Account and Profile Information
When you create an account, we collect and store:
- Email address (used to sign in, reset your password, and communicate about your account when needed);
- Password (stored only as a cryptographic hash);
- Username (unique public identifier; also used as your referral code);
- Optional profile details you choose to provide, such as given name, family name, and phone number;
- Learning preferences, such as difficulty level (easy, medium, or hard), mixed-mode ratio, and preferred text-to-speech voice;
- Points and badges earned through Service activity;
- Referral information, such as who referred you (if applicable), your referral count, referral links derived from your username, usernames and join dates of users you invited (when shown in your referral list), and whether a referral milestone reward has been granted;
- Referral ad-free data (when ads are enabled), such as ad-free days earned and available, whether ad-free access is active, scheduled end time, and related session timestamps needed to operate start/stop and billing in whole-day blocks;
- Account metadata, such as account creation date and last login time.
We do not offer social sign-in (for example, Sign in with Apple or Google) at this time.
3.2 Information You Provide
Depending on how you use the Service, you may provide:
- Feedback — type, subject, message, and email address you provide (via our feedback flow in the Service); we may associate the submission with your account;
- Content reports — details about dictionary content you believe is incorrect, optional suggested corrections, and optional email;
- Practice sentences — sentences you write to check usage against a word or phrase definition; we process these with AI to provide feedback and may store them in your sentence history;
- List details — names, descriptions, and words or phrases you add to your lists;
- Support messages — anything you include when you contact us.
3.3 Learning and Usage Data
When you use the Service while signed in, we may store:
- Lookup history — words and phrases you have looked up, lookup counts, language, and review/hide preferences;
- Word lists and list items — including default lists (such as Bookmarks) and lists you create, reorder, or delete;
- Points log — actions that earned or adjusted points and related metadata;
- Sentence history — your submitted sentences, whether they were judged correct, explanations, corrected versions, and related processing metadata;
- Sentence challenge progress — stored on our servers when you use that feature.
This data is tied to your account because an account is required to use the Service.
3.4 Lookups, Definitions, and Audio
When you search for a word or phrase, request learning content, or play pronunciation audio:
- Your query (for example, the word or phrase text, language, and content level) is sent to our servers;
- If the entry is not already in our database or cache, we may send it to a third-party AI service provider to generate leveled definitions and related content;
- For text-to-speech, we may send the word, phrase, or text to a third-party speech synthesis provider to generate audio, then store the audio using cloud storage for faster playback later;
- We use caching services to reduce repeated processing.
Please do not submit sensitive personal information (health, financial, government ID, etc.) in search boxes or practice sentences. The Service is designed for vocabulary learning, not for private or confidential content.
3.5 Public and Shared Content
If you set a word list to public, we generate a share link (token) that allows anyone with the link to view that list's name, description, and items without signing in. You can make a list private again to disable sharing. Do not share personal information in list titles or descriptions if you publish a list.
3.6 Leaderboard
Our leaderboard displays usernames and point totals for top participants in selected time periods. Usernames you choose may be visible to other users on the leaderboard. We do not display your email address—masked or unmasked—to other users or the public anywhere in the Service.
3.7 Information Stored on Your Device
Website:
- HTTP-only authentication cookie when you sign in (in addition, a token may be stored in browser local storage for API access);
- Local storage for theme preference and, when signed in, sentence-challenge progress for specific terms;
- Session-related data managed by your browser.
Mobile apps (iOS and Android):
- Secure storage (with fallback to on-device storage) for your sign-in token;
- On-device storage for theme preference and sentence-challenge progress;
- Clipboard — if you use share or copy actions, content is copied locally; we do not receive clipboard data unless you paste it into the Service.
Clearing site data, app storage, or uninstalling the app removes this information from your device.
3.8 Subscriptions and Payments
If you subscribe to a paid plan (for example, Pro or Enterprise), Stripe processes payment. We receive and store information such as Stripe customer and subscription identifiers, plan type, subscription status, and billing period dates. Stripe collects payment card and billing details under Stripe's Privacy Policy. We do not receive or store your full card number.
3.9 Information We Do Not Collect Through Routine Use
We do not require your real name, phone number, or postal address to create an account, though you may optionally add a name or phone number in Profile. We do not intentionally collect government ID numbers, precise geolocation for tracking, or health information through the vocabulary features.
3.10 Google Analytics (Website)
When enabled, we use Google Analytics 4 (GA4) on the Website to understand how visitors use the Service—for example, pages viewed, approximate region, browser and device type, and general interaction patterns. Google may use cookies and similar technologies. See Google's Privacy Policy and the Google Analytics terms. Where required by law (for example in the EEA, UK, or Switzerland), we obtain consent before non-essential analytics cookies via our consent tools when shown.
3.11 Google Analytics, AdMob, and Crashlytics (Mobile Apps)
When enabled:
- Google Analytics for Firebase helps us understand app usage (screens, sessions, device model, OS version, general region);
- Google AdMob displays ads and may collect advertising identifiers, IP address, device information, and ad interactions;
- Firebase Crashlytics collects crash reports, stack traces, app version, device model, and similar diagnostic data to fix bugs.
These tools are not designed to collect the content you type into vocabulary fields, but crash logs could rarely include incidental memory fragments. Please avoid entering sensitive personal data in the app. Processing is subject to Firebase/Google privacy terms. On iOS, your device privacy settings and App Tracking Transparency choices may affect advertising identifiers (see Section 8).
3.12 Advertising — Google AdSense (Website)
When enabled, we display ads through Google AdSense. Google and partners may use cookies and similar technologies for ad delivery, measurement, frequency capping, and fraud prevention. See Section 9 for control links. We do not use your vocabulary lookups to target ads through AdSense.
3.13 Hosting and Technical Logs
Our hosting and infrastructure providers may log technical data when you use the Service—for example, IP address, date and time, requested URL or API path, and user agent—for security, delivery, and operations. We use such logs only as needed to operate and protect the Service, not to build unrelated marketing profiles.
4. How We Use Information
We use information to:
- Provide the Service — lookups, learning modes, lists, audio, points, leaderboard, shared lists, and account features;
- Personalize learning — apply your difficulty level, voice preference, and mixed-mode settings;
- Improve content — cache definitions, generate missing entries, and review user reports;
- Operate accounts — authentication, password reset emails, username changes, referrals, and referral ad-free perks (including banked days and session timing);
- Process subscriptions — manage paid plans through Stripe;
- Analytics (when enabled) — understand Website and app usage;
- Advertising (when enabled) — display and measure ads, including referral ad-free periods where offered;
- Reliability (when enabled) — diagnose crashes through third-party crash reporting;
- Security and compliance — protect the Service, enforce terms, and respond to lawful requests;
- Support — respond to feedback and emails.
We do not use your practice sentences or lookups to build marketing lists or sell personal information.
5. Legal Bases (EEA, UK, and Switzerland)
Where these laws apply, we rely on:
- Contract — to provide features you request when you create an account or subscribe;
- Legitimate interests — to operate, secure, and improve the Service, run the leaderboard, process lookups, and respond to support;
- Consent — where required for non-essential cookies, analytics, and personalized advertising on the Website or apps;
- Legal obligation — when we must retain or disclose information by law.
You may withdraw consent where offered without affecting core features that do not depend on optional tracking.
6. Cookies, Local Storage, and Similar Technologies
6.1 Our Own Technologies
We use authentication cookies (Website), local storage, secure storage (apps), and similar technologies for sign-in, theme, and on-device practice progress as described in Section 3.7.
6.2 Analytics and Advertising Technologies
When enabled, Google Analytics, AdSense, AdMob, and Firebase use cookies, advertising identifiers, and SDKs as described in Sections 3.10–3.12.
6.3 Managing Your Choices
Website: Block or delete cookies in your browser; use our cookie/consent tool when shown for non-essential cookies.
iOS app: Settings → Privacy & Security → Tracking; Settings → Privacy & Security → Apple Advertising; Settings → [AAA Words] for app permissions.
Android app: Settings → Google → Ads (opt out of Ads Personalization).
Clearing storage or reinstalling resets on-device preferences and sign-in state on that device.
7. Third-Party Services
We use trusted third-party service providers to operate the Service. Depending on how you use AAA Words, personal or technical information may be processed by the following categories of providers:
- Cloud hosting and infrastructure — storing account and app data, serving the Service, and maintaining security and operational logs;
- Caching and performance services — reducing repeated processing and improving response times;
- AI and language-model providers — generating definitions, examples, and feedback on practice sentences when content is not already available;
- Speech synthesis providers — generating pronunciation audio;
- Cloud storage providers — storing generated audio and related files for faster playback;
- Payment processors — subscription billing through Stripe;
- Email delivery providers — password reset and other transactional messages;
- Analytics providers (when enabled) — understanding Website and app usage, including Google Analytics 4 on the Website and Google Analytics for Firebase in the mobile apps;
- Advertising partners (when enabled) — displaying and measuring ads, including Google AdSense on the Website and Google AdMob in the mobile apps;
- Crash reporting (when enabled) — diagnosing reliability issues, including Firebase Crashlytics in the mobile apps.
We require providers to handle information only for the purposes described in this policy. We may change or replace providers over time and do not publish a vendor-by-vendor list of our internal infrastructure on this page.
For more information about major partners whose privacy policies apply when you use certain features:
We are not responsible for third-party sites or services linked from the Service.
8. iOS-Specific Privacy (Apple App Store)
When you use our app on iPhone or iPad:
- App Store: Apple processes downloads and updates under Apple's Privacy Policy. We do not receive your Apple ID password.
- App Privacy labels: Apple's App Privacy information for our iOS app describes data types collected by the app, as required by Apple.
- App Tracking Transparency (ATT): When advertising SDKs are enabled, we may request permission to track you across other companies' apps and websites for advertising. You can change this in Settings → Privacy & Security → Tracking.
- Apple Advertising: You can limit personalized ads in Settings → Privacy & Security → Apple Advertising.
9. Advertising Choices and Google Disclosures
Third-party vendors, including Google, may use cookies to serve ads based on your prior visits to our Service or other sites.
- Google Privacy Policy
- How Google uses information from sites or apps
- Google Advertising Technologies
- Google Ad Settings
- US opt-out: optout.aboutads.info
- EU information: youronlinechoices.eu
10. Data Retention
- Account data: retained while your account is active; you may request deletion (see Section 14).
- Lookup history, lists, and sentence history: retained until you delete them or delete your account, subject to backup cycles.
- Public shared lists: available while the list remains public; tokens may be invalidated when you make a list private.
- Dictionary cache and generated content: retained to serve other users and improve the Service.
- Password reset tokens: short-lived; expire after use or timeout.
- Analytics, ads, and crash data (when enabled): per Google's and our configuration.
- Support and feedback: as long as needed to handle your request and for reasonable business records.
- Server logs: for a limited period consistent with security and hosting practices.
11. Data Security
We use reasonable measures appropriate for an online learning service, including hashed passwords, HTTPS, and HTTP-only cookies for web authentication where applicable. No method of transmission or storage is completely secure. You are responsible for keeping your password confidential.
12. Children's Privacy
The Service is not directed at children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children without appropriate consent. If you believe a child has provided us personal information, please contact us by clicking "Get In Touch" in the footer of this website, or by opening Profile and tapping the Feedback tab in the mobile app. We will take appropriate steps. If we learn the Service is used primarily by children, we will review ad and analytics settings to comply with applicable child-privacy rules.
13. International Transfers
IF LLC is based in the United States. Information may be processed in the United States and other countries where our providers operate (including cloud, AI, payment, and analytics providers), which may have different data protection laws than your country. Providers may offer appropriate safeguards as described in their documentation.
14. Your Privacy Rights
Depending on where you live, you may have rights to access, correct, delete, restrict, object to processing, data portability, or withdraw consent. To exercise rights related to your account:
- Access and update: use Profile and Settings in the Service where available;
- Delete account: open Profile and use the Delete tab on the Website or in the mobile app. Your account and associated data will be permanently deleted 30 days after your request is received;
- On-device data: clear browser or app storage as described in Section 6.3;
- Analytics and ads: use Google Ad Settings, device ad settings, and Website cookie controls when available;
- Stripe: for payment data held by Stripe, see Stripe's privacy resources.
California Residents (CCPA/CPRA)
We do not sell personal information. When enabled, advertising and analytics partners may process information for cross-context behavioral advertising or analytics, which some laws treat as sharing or targeted advertising. You may opt out of personalized ads via Google Ad Settings and industry tools in Section 9. We do not discriminate against you for exercising privacy rights.
Nevada
We do not sell covered personal information as defined under Nevada law.
EEA / UK / Switzerland
You may lodge a complaint with your local supervisory authority. For privacy requests, click "Get In Touch" in the footer of this website, or open Profile and tap the Feedback tab in the mobile app. For account deletion, open Profile and use the Delete tab on the Website or in the mobile app.
15. "Do Not Track"
Some browsers send "Do Not Track" signals. There is no uniform industry standard for responding to them; our practices are described in this policy.
16. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last updated" date. Material changes may also be noted on the Website or in App Store and Google Play listings where required.
17. Contact Us
IF LLC
Website: https://www.aaawords.com
For privacy questions or requests: Click "Get In Touch" in the footer of this website, or open Profile and tap the Feedback tab in the mobile app.
For account deletion: open Profile and use the Delete tab on the Website or in the mobile app.