CHAPPIE
Chappie Logo

Privacy Policy

Effective date: 26 October 2025

1. Who We Are and Scope

Chappie is provided by Bahut Limited (registered in England & Wales, company number 10496847) with its registered office at 79 Brighton Road, Surbiton, Surrey, United Kingdom, KT6 5NF. We are actively building a compliance programme aligned with the UK GDPR / EU GDPR, but several safeguards described here (retention automation, deletion APIs, consent tooling) are still in progress. This notice reflects our current data practices so you can decide whether to use the Services while improvements roll out.

Important: Chappie is currently not available to individuals located in the European Union or European Economic Area (EEA) while we complete our GDPR compliance programme. Please do not use the Services if you are based in those regions. This version primarily applies to users in the United Kingdom and other non-EU/EEA regions, and to legacy EU users who already had accounts before delisting.

If you have questions, our privacy team can be reached at legal@bahut.io. We currently do not appoint an EU representative because the Services are unavailable in the EEA.

2. Personal Data We Collect

We only collect information that enables us to run, improve, and support Chappie. This includes:

  • Account data: name, email address, preferred name, authentication tokens, referral codes, subscription status, and purchase history.
  • Onboarding & profile information: native language, gender, age range, work status, goals, obstacles, speaking confidence, study preferences, timezone, country, and optional mobile number.
  • Device & technical data: device identifiers, OS version, app version, IP address-derived location, push notification token, crash diagnostics, and log files.
  • Usage & learning data: lesson selections, progress, streaks, exercise performance, hints requested, translation usage, and interactions with in-app experiments.
  • Voice & content data: audio you record during speaking exercises, transcripts generated by our speech services, AI-generated feedback, and any messages exchanged with the in-app coach.
  • Support & communications: emails, chat transcripts, survey responses, and metadata about when we contacted you.
  • Marketing & analytics data: install attribution, campaign identifiers, device advertising identifiers, and engagement with notifications or promotions. These signals are generated automatically whenever you use the app; you may limit them only via your device or platform settings.

We receive some of this information directly from you, some from your device, and some from processors acting on our behalf (see Section 7). If we ever need additional data we will explain why at the point of collection. There is currently no in-app toggle to disable audio capture or telemetry—declining the App Tracking Transparency prompt only limits how Apple/Meta handle advertising identifiers, not how Chappie collects data. If you do not want your data processed, please refrain from using the Services.

3. Voice, Audio, and AI Processing

Chappie’s core experience is real-time oral practice. When you use the Services we automatically capture your microphone input, generate transcripts, run AI scoring, and store the resulting transcripts, metrics, and feedback in Google Cloud Storage and Groq/OpenAI-style providers. These steps are mandatory for the AI tutor to function—there is no in-app option to disable them other than not engaging with the speaking experiences. Audio data is processed solely to provide speaking feedback and is not used to train public AI models.

Audio uploads may be retained for up to 30 days (see Section 6) to improve detection quality and deliver support if you report an issue. We do not sell or license your recordings, but we may review them internally or share them with vetted vendors to investigate bugs, enforce community rules, or enhance safety tooling. By continuing to use Chappie you acknowledge that these recordings and transcripts are essential to the service.

4. How and Why We Use Your Data

We rely on the following legal bases:

  • Performance of a contract: creating and securing your account, delivering lessons, tailoring exercises, troubleshooting issues, and processing in-app purchases.
  • Legitimate interests: improving content, preventing fraud or misuse, measuring service performance, and keeping our services secure. We balance these interests against your rights.
  • Consent: sending marketing communications, enabling platform-level advertising identifiers, and honouring Apple/Google tracking prompts. Where you decline those prompts we still process essential telemetry, but we stop sharing advertising identifiers with third-party ad networks.
  • Legal obligations: accounting, tax compliance, responding to lawful requests, and honoring data-subject rights.

Because the AI tutor, diagnostics, and fraud controls depend on continuous data collection, declining marketing emails or uninstalling the app are currently the only ways to stop new data being created. You may still request deletion of existing records as described in Section 10. The legal bases described in this section apply under the UK GDPR and, for any legacy EEA users who already had accounts, under the EU GDPR.

5. Cookies, SDKs, and Similar Technologies

The Chappie mobile apps and website use essential cookies and local storage to keep you signed in, remember progress, and detect fraud. Attribution SDKs (Meta App Events, AppsFlyer, Sentry) fire automatically when the app launches. On iOS we surface Apple’s App Tracking Transparency prompt, but even if you decline, the SDKs still run in a privacy-restricted mode to measure installs and protect our systems. You can limit cookies by adjusting your browser or device, yet some telemetry is unavoidable if you continue to use the Services.

6. Data Retention

We keep personal data only for as long as needed for the purposes described above:

  • Account, purchase, and tax records: up to 7 years after the account is closed.
  • Learning progress, streaks, and onboarding data: 24 months after last activity unless you ask us to retain it.
  • Audio recordings and transcripts: deleted within 30 days unless you opt to save them for review.
  • Diagnostics and analytics logs: 13 months.

When we no longer need data, we anonymise or securely delete it and instruct our processors to do the same.

7. Who We Share Data With

We never sell your personal data. We only share it with:

  • Cloud infrastructure: Google Cloud Platform (hosting, storage of audio and backups).
  • AI and speech services: Groq Inc. and other vetted AI providers that transcribe or analyse your speech.
  • Subscription & billing: Apple App Store, Google Play Billing, and RevenueCat for entitlement management.
  • Analytics & crash reporting: Sentry, Expo, AppsFlyer, and Meta/Facebook (only when consented).
  • Communications: email and push notification vendors, customer support tooling, and survey platforms.
  • Professional advisers & authorities: when required by law, to protect our rights, or in connection with a corporate transaction.

Each processor is bound by a written data processing agreement that ensures they only use the data under our instructions and maintain appropriate safeguards.

8. International Data Transfers

We store most data in the United Kingdom and European Economic Area. When we transfer data outside those regions (for example, to the United States for Groq or Sentry), we rely on approved safeguards such as Standard Contractual Clauses and conduct risk assessments. Copies of these safeguards are available on request.

9. Security

We implement technical and organisational measures including encryption in transit and at rest, role-based access controls, regular security reviews, and incident response procedures. No system is perfectly secure, so we will notify you and the relevant authorities of any breach when legally required. Transfers between the UK and EEA benefit from the EU–UK adequacy decision; other transfers rely on SCCs or equivalent safeguards once executed.

10. Your Rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct or update inaccurate data.
  • Delete your data or restrict how we use it.
  • Receive a copy of data you provided to us in a portable format.
  • Object to processing based on legitimate interests or to direct marketing.
  • Withdraw consent at any time without affecting prior processing.

You can email legal@bahut.io or write to our registered address to exercise these rights. Automated export/deletion tooling is still being built, so responses may take up to one month and some requests (especially deletion of historic audio or analytics logs) may require additional engineering work. Opting out of marketing emails or uninstalling the app only stops future contact; it does not purge existing records. These rights primarily apply to UK users and any legacy EEA users; residents elsewhere may have different rights under local law.

If you believe we have not resolved your concern, you may lodge a complaint with the UK Information Commissioner’s Office or, for legacy EEA users, your local supervisory authority. We will update this notice once the necessary technical controls are fully operational.

11. In-App Purchases and Payment Processing

Purchases are handled by Apple App Store or Google Play. We do not receive full card numbers. RevenueCat helps us verify entitlements; their processing is limited to subscription status, receipts, and anonymised identifiers.

12. Children

Chappie is designed for users who are at least 13 years old. If we learn that we have collected personal data from a child younger than 13 (or the minimum age required in your country) without verifiable parental consent, we will delete it promptly. We do not knowingly market or make our Services available to users located in the EEA at this time.

13. Data Deletion Requests

To close your account and delete associated data, please submit a request through the app settings or email us with the subject line "Data Deletion Request". We will remove active data within 30 days and confirm completion once backups roll off our retention schedule.

14. Changes to This Notice

We may update this policy to reflect legal, technical, or business developments. We will post the updated version with a new effective date and, when changes are material, notify you through the app or email.

15. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Bahut Limited
79 Brighton Road, Surbiton, Surrey, United Kingdom, KT6 5NF
legal@bahut.io

16. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of England and Wales. Any disputes arising under or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of England and Wales.