V
Verba

Verba Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your information when you use our language learning application.

Last Updated: December 10, 2025

1. Introduction

Welcome to Verba ("Verba," "the App," "we," "us," or "our"). We are committed to protecting your privacy and being transparent about how we collect, use, and share your information. This Privacy Policy explains our practices regarding the collection, use, and disclosure of information when you use our language learning application and related services (collectively, the "Service").

Verba is an innovative language learning mobile application built with Flutter, designed to provide a comprehensive and personalized English learning experience. The Service combines intelligent assessment, interactive vocabulary training, conversation practice, community engagement, and progress tracking to create an immersive learning environment for language learners of all levels.

Data Controller:

Verba Team

Email:

This Privacy Policy applies to all users of the Service. By accessing or using the Service, you agree to the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

When you use Verba, we collect information that you provide directly to us, including:

Account Information:

  • Name, email address, and password when you create an account
  • Profile information, including your preferred language, learning goals, and proficiency level
  • Date of birth (for age verification purposes)
  • Profile picture (optional)

Learning Data:

  • Assessment results from initial and ongoing proficiency evaluations
  • Vocabulary exercises, quiz responses, and practice activities
  • Speaking practice recordings and pronunciation analysis
  • Writing exercises and grammar practice responses
  • Learning preferences and customization settings
  • Progress tracking data and learning statistics

Community Content:

  • Forum posts, comments, and discussions
  • Peer practice session content
  • Study group interactions and shared materials
  • User-generated content submitted through the Service

Payment Information:

If you purchase a subscription, our third-party payment processors collect payment information. We do not store full credit card numbers on our servers.

2.2 Information Collected Automatically

When you use the Service, we automatically collect certain information, including:

Usage Information:

  • How you interact with the Service (features used, time spent, progress)
  • Learning patterns, study habits, and engagement metrics
  • Device information (device type, operating system, browser type)
  • IP address and general location information
  • App performance data and error reports
  • Cookies and similar tracking technologies

Learning Analytics:

  • Time spent on different lesson types
  • Success rates on exercises and assessments
  • Learning pace and consistency patterns
  • Areas of strength and difficulty identification
  • Engagement levels with different content types

2.3 Information from Third Parties

We may receive information about you from third parties, such as:

  • Social media platforms if you choose to connect your account
  • Analytics providers and advertising partners
  • Educational partners and content providers
  • Third-party authentication services

3. Legal Basis for Processing (GDPR/VCDPA Specific)

3.1 Lawful Bases Under GDPR

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal information based on the following lawful bases:

  • Consent: When you explicitly consent to specific processing activities
  • Contractual Necessity: To provide the Service and fulfill our obligations under our Terms of Service
  • Legitimate Interests: For improving our Service, security, fraud prevention, and direct marketing (where permitted)
  • Legal Obligation: To comply with applicable laws and regulations

3.2 Legal Bases Under VCDPA

For Virginia residents, we process personal data as defined under the Virginia Consumer Data Protection Act (VCDPA):

  • With your consent
  • To provide our Service
  • For security and fraud prevention
  • For internal research and development

4. How We Use Your Information

4.1 Service Delivery and Personalization

  • To provide, maintain, and improve the Verba Service
  • To personalize your learning experience based on your proficiency level and learning style
  • To create adaptive learning paths and customized lesson plans
  • To track your progress and provide performance analytics
  • To enable community features and peer learning opportunities
  • To process transactions and manage your subscription

4.2 Learning Enhancement and Research

  • To analyze learning patterns and improve our teaching methodologies
  • To develop and enhance our intelligent assessment algorithms
  • To conduct research on language acquisition and learning effectiveness (with anonymized data)
  • To improve vocabulary training, conversation practice, and other learning features
  • To develop new features and content based on user needs and preferences

4.3 Communication and Support

  • To communicate with you about your account, updates, and security alerts
  • To provide customer support and respond to inquiries
  • To send educational content, learning tips, and motivational messages
  • To notify you about new features, promotions, or policy changes
  • To gather feedback on your experience with the Service

4.4 Legal and Security Purposes

  • To protect the security and integrity of the Service
  • To prevent fraud, abuse, and unauthorized access
  • To comply with legal obligations and respond to legal requests
  • To enforce our Terms of Service and other policies
  • To protect the rights, property, or safety of Verba, our users, or others

5. How We Share Your Information

5.1 With Your Consent

We may share your information with third parties when we have your explicit consent to do so.

5.2 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

  • Cloud hosting and storage providers
  • Payment processors
  • Analytics and data analysis services
  • Customer support platforms
  • Email and communication services
  • Research partners (with anonymized data)

5.3 Educational and Research Partners

We may share aggregated, anonymized learning data with:

  • Academic researchers studying language acquisition
  • Educational institutions for research purposes
  • Partners developing language learning methodologies

5.4 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Court orders, subpoenas, or other legal processes
  • Government requests or regulatory requirements
  • To protect our legal rights or defend against legal claims
  • To prevent harm or illegal activities

5.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction.

5.6 Community Features

When you participate in community features, your username and content may be visible to other users according to your privacy settings.

5.7 International Data Transfers

GDPR Transfers: For EEA/UK/Swiss residents, we use Standard Contractual Clauses (SCCs) and other approved mechanisms for transfers outside these regions.

Adequacy Decisions: We ensure appropriate safeguards for international data transfers.

VCDPA Transfers: For Virginia residents, we implement reasonable security measures for data transfers.

6. Data Security and Retention

6.1 Data Security Measures

We implement appropriate technical and organizational measures to protect your personal information, including:

Technical Measures:

  • Encryption of data in transit and at rest
  • Regular security assessments and vulnerability testing
  • Access controls and authentication mechanisms
  • Secure development practices and code review
  • Regular security training for our team

Organizational Measures:

  • Privacy by design and data protection impact assessments
  • Staff training on data protection
  • Data processing agreements with all service providers
  • Incident response and breach notification procedures

Important: No method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to implementing reasonable safeguards.

6.2 Data Retention

We retain your information for as long as necessary to:

  • Provide you with the Service
  • Maintain your learning history and progress
  • Comply with our legal obligations
  • Resolve disputes and enforce our agreements
  • Support research and service improvement

When we no longer need your information, we will securely delete or anonymize it. You may request deletion of your account and associated data at any time by contacting us at .

7. Your Data Protection Rights

Right to Access

Request access to personal information we hold about you

All Users

Right to Correction

Request correction of inaccurate or incomplete information

All Users

Right to Deletion

Request deletion of personal information (subject to exceptions)

All Users

Right to Data Portability

Request a copy of your data in a structured format

All Users

Right to Object to Automated Decisions

Request human review of automated decisions

GDPR Users

Right to Opt-Out (VCDPA)

Opt-out of targeted advertising, sale of data, and profiling

Virginia Residents

Right to Limit Sensitive Data

Limit use of sensitive personal information

California Residents

Right to Appeal (VCDPA)

Appeal our response to your rights request

Virginia Residents

How to Exercise Your Rights:

Submit a request to with:

  • Your full name
  • Email address associated with your account
  • Specific right you wish to exercise

Response Times:

  • GDPR: 30 days (extendable to 60 days for complex requests)
  • VCDPA: 45 days (extendable once by 45 days)
  • CCPA: 45 days (as specified by law)

8. AI, Machine Learning & Automated Decisions

Verba uses artificial intelligence, machine learning, and automated processing to:

  • Assess language proficiency levels
  • Generate personalized learning paths
  • Recommend vocabulary and exercises
  • Provide pronunciation feedback
  • Analyze learning patterns and adapt content
  • Improve conversation practice exercises

Your Rights Regarding Automated Processing:

  • Right to Human Intervention: You may request human review of automated decisions
  • Right to Explanation: You may request information about the logic involved
  • Right to Challenge: You may contest automated decisions
  • Opt-Out Rights (VCDPA): Virginia residents may opt-out of profiling

These technologies process your learning data to improve your experience and enhance the Service's effectiveness. We implement measures to ensure the responsible and ethical use of AI technologies.

9. Children's Privacy

Age Restrictions:

  • Under 13: Service not permitted; we do not knowingly collect data
  • 13-15 (EEA/UK): Parental consent required for certain processing
  • 13-17 (California): Treated as minors with additional protections
  • 13-15 (Virginia): Opt-in required for targeted advertising

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at .

For users between 13 and 18 years of age, we recommend that parents or guardians review this Privacy Policy and discuss it with their children.

10. Cookies and Tracking Technologies

Categories of Cookies Used

  • Essential: Required for Service functionality
  • Analytical: For service improvement (with appropriate consent where required)
  • Marketing: For personalized content (opt-in required where applicable)

Consent Management

  • GDPR/VCDPA: Explicit consent required for non-essential cookies
  • CCPA: Right to opt-out of sale/sharing for targeted advertising
  • Global: Cookie preferences can be managed through browser settings

Most web browsers allow you to control cookies through their settings. However, disabling cookies may affect your ability to use certain Service features.

Your Choices

  • Account Information: You can access and update your account information through the Service settings
  • Communication Preferences: You can opt out of promotional emails by following unsubscribe instructions
  • Location Information: You can control location tracking through your device settings
  • Account Deletion: You may delete your account by contacting us

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Your CCPA/CPRA Rights

  • Right to Know: What personal information we collect, use, disclose, and sell
  • Right to Delete: Request deletion of your personal information (subject to exceptions)
  • Right to Opt-Out of Sale/Sharing: Opt-out of sharing for targeted advertising
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Limit Use of Sensitive Information: Limit use of sensitive personal information
  • Right to Non-Discrimination: Not be discriminated against for exercising your rights

How to Exercise CCPA Rights: Email with "CCPA Request" in the subject line. Include your full name and email address associated with your account.

Authorized Agents: You may designate an authorized agent to make requests on your behalf.

Metrics Reporting: As required by CCPA, we maintain and can provide metrics on consumer rights requests received and processed.

Additional California Disclosures

Shine the Light Law (Civil Code §1798.83): California residents may request information about disclosures to third parties for direct marketing purposes.

Financial Incentives: We may offer incentives for participating in programs; details will be provided when offered, and you may opt out at any time.

12. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our Service
  • Updating the "Last Updated" date
  • Providing in-app notifications for significant changes
  • Emailing registered users for major policy revisions

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the revised policy.

13. Third-Party Data Sharing

We may share your personal data with third parties in the following circumstances:

Categories of Third Parties:

  • Service providers (hosting, analytics, payment processing)
  • Educational partners for research purposes (with anonymized data)
  • Legal and regulatory authorities when required by law
  • Business transfer recipients in case of merger or acquisition

Purposes of Sharing:

  • To provide and maintain our services
  • To process payments and subscriptions
  • To conduct research and improve our learning algorithms
  • To comply with legal obligations
  • To protect our rights and prevent fraud

We require all third parties to maintain appropriate security measures and use data only for the purposes we specify. We do not sell your personal data to third parties for monetary compensation.

14. User Rights Regarding Personal Data

Right to Deletion

You have the right to request deletion of your personal data collected by Verba. To exercise this right:

  • Submit a request to verbalangsoci@gmail.com with "Data Deletion Request" in the subject line
  • Provide sufficient information to verify your identity
  • Specify the data you wish to have deleted

We will process your request within 45 days, subject to certain exceptions where we may need to retain data for:

  • Completing transactions or providing services you requested
  • Security, fraud prevention, or legal compliance
  • Internal uses reasonably aligned with consumer expectations
  • Exercise of free speech or other legal rights

Right to Access

You have the right to request access to the personal data we have collected about you. Upon verified request, we will provide:

  • Categories of personal data collected
  • Sources of the personal data
  • Business or commercial purposes for collection
  • Categories of third parties with whom we share data
  • Specific pieces of personal data collected

Right to Correction

You have the right to correct inaccurate personal data we maintain about you. To request correction:

  • Contact verbalangsoci@gmail.com with "Data Correction Request"
  • Identify the inaccurate information
  • Provide the correct information with supporting documentation if necessary

We will correct the information within 45 days and notify any third parties with whom we shared the inaccurate data, unless doing so is impossible or involves disproportionate effort.

Right to Know About Data Selling and Sharing

You have the right to know whether your personal data is sold or shared with third parties.

Regarding Data Selling:

Verba does not sell your personal data in the traditional sense (for monetary compensation). However, we may share certain information with third parties for analytics and advertising purposes that may be considered a "sale" under some privacy laws.

Regarding Data Sharing:

We share personal data with service providers as described above. You have the right to know:

  • Categories of personal data shared
  • Categories of third parties with whom data is shared
  • Purposes for sharing

Right to Opt-Out of Data Selling and Sharing

You have the right to opt-out of the "sale" or sharing of your personal data for cross-context behavioral advertising.

How to Opt-Out:

  • Email Request: Send an opt-out request to verbalangsoci@gmail.com with "Opt-Out Request" in the subject line
  • In-App Settings: Use the privacy settings within the Verba application (if available)
  • Global Privacy Control: We honor the Global Privacy Control signal where applicable

Once we receive your opt-out request, we will process it within 15 business days and will not discriminate against you for exercising this right. Your opt-out preference will be valid for at least 12 months before we ask you to renew it.

Email-Based Opt-Out Procedure

Method: Direct Email Request

Verba provides a straightforward email-based method for users to exercise their right to opt-out of data sharing and selling activities. This method is available to all users regardless of their technical proficiency or device type.

Step-by-Step Process:

1. Compose Your Request Email:

  • Send to: privacy@verbalangsoci.com
  • Subject Line: "Data Sharing Opt-Out Request - [Your Full Name]"
  • Required Information in Email Body:
    • Your full legal name
    • Email address associated with your Verba account
    • Verba user ID (if known)
    • Specific statement: "I wish to opt-out of all data sharing and selling activities"
    • Date of request

2. Verification Process:

  • Within 24 hours: You will receive a verification email from privacy@verbalangsoci.com
  • Action Required: Click the unique verification link in the email
  • Security Note: This link expires after 48 hours for security reasons
  • No Verification? Check your spam folder or request a new verification email

3. Confirmation and Processing:

  • Immediate Response: Upon verification, you'll receive an acknowledgment email with a tracking number
  • Processing Timeline: Your request will be processed within 15 business days
  • Completion Notice: You'll receive a final confirmation email when processing is complete

What Happens After You Opt-Out:

Immediate Actions (within 48 hours):

  • Your account is flagged in our system to prevent new data sharing
  • Our data processing pipelines are updated to exclude your information
  • You will stop receiving targeted advertising based on Verba data

Ongoing Actions (within 15 business days):

  • We notify our third-party partners to delete your shared data
  • Your preferences are updated across all Verba systems
  • Historical data sharing records are annotated with your opt-out status

Permanent Changes:

  • Your opt-out preference remains in effect for 12 months
  • You will receive a renewal reminder 30 days before expiration
  • You can update or renew your preferences at any time

Important Information:

  • Verification Required: We cannot process unverified requests to protect your privacy
  • Account Association: Only the account associated with the provided email will be affected
  • Family/Group Accounts: If you manage multiple accounts, specify all affected accounts in your request
  • International Users: This method is available globally, with support for multiple languages in our response emails

What Cannot Be Opted-Out Of:

Certain data processing activities are essential for service delivery and cannot be opted out of, including:

  • Data sharing necessary for payment processing
  • Information required for legal compliance and security purposes
  • Minimal data needed for core app functionality

Questions or Issues:

If you encounter any difficulties with the opt-out process or do not receive our verification email within 24 hours, please contact our privacy support team at privacy-support@verbalangsoci.com with "Opt-Out Assistance" in the subject line.

15. Data Retention Practices

Retention Periods

We retain personal data only as long as necessary for the purposes outlined in our Privacy Policy:

  • Account Information: Retained while your account is active and for 24 months after account closure for recovery purposes.
  • Learning Data: Retained while your account is active to provide continuity in your learning journey. Deleted 12 months after account closure.
  • Payment Information: Retained for 7 years as required by financial regulations.
  • Communication Records: Retained for 3 years for customer service and legal purposes.
  • Anonymized Data: Retained indefinitely for research and service improvement.

Deletion Procedures

When data is no longer needed, we securely delete it using:

  • Secure deletion methods for electronic data
  • Physical destruction for any hard copy records
  • Verification processes to ensure complete deletion

Exceptions to Deletion

We may retain certain data longer when:

  • Required by law or regulation
  • Necessary for legal claims or disputes
  • Required for legitimate business purposes (e.g., fraud prevention)
  • Technical limitations prevent immediate deletion (in which case we isolate and protect the data)

16. How to Exercise Your Rights

To exercise any of your privacy rights:

1. Submit a Request: Email verbalangsoci@gmail.com with:

  • Your full name
  • Email address associated with your account
  • Specific right(s) you wish to exercise
  • Additional information for identity verification

2. Verification Process: We will verify your identity using at least two pieces of information to prevent unauthorized access. For requests to know or delete, we will match at least three data points.

3. Authorized Agents: You may use an authorized agent to exercise your rights. The agent must provide proof of authorization and we will still verify your identity directly.

4. Response Time: We will respond within 45 days of receiving a verified request. If we need more time, we will notify you and explain the reason for the delay.

5. Appeals: If we deny your request, you may appeal within 30 days by contacting verbalangsoci@gmail.com with "Privacy Appeal" in the subject line.

Changes to These Practices

We will notify you of material changes to our data practices through:

  • Updates to this Privacy Policy
  • In-app notifications
  • Email communication for significant changes

17. GDPR Rights Supplement

Rights of European Union Users Under GDPR

For users located in the European Economic Area (EEA), United Kingdom, and Switzerland, the General Data Protection Regulation (GDPR) provides specific rights regarding your personal data. As the data controller, Verba respects and facilitates these rights:

Lawful Bases for Processing

We process your personal data under the following lawful bases as defined by GDPR:

  • Consent: When you have given clear, affirmative consent for specific processing activities
  • Contractual Necessity: To perform our obligations under the Terms of Service with you
  • Legitimate Interests: For purposes such as service improvement, security, fraud prevention, and direct marketing (where permitted)
  • Legal Obligation: To comply with applicable EU and member state laws

Specific GDPR Rights

1. Right to Be Informed

You have the right to be informed about:

  • The identity and contact details of the data controller (Verba Team)
  • The purposes and legal basis for processing
  • Categories of personal data concerned
  • Recipients or categories of recipients of the personal data
  • Data retention periods
  • Your rights under GDPR
  • The right to lodge a complaint with a supervisory authority

2. Right of Access

You may request confirmation as to whether personal data concerning you is being processed, and where that is the case, access to that personal data including:

  • The purposes of processing
  • The categories of personal data concerned
  • The recipients or categories of recipients
  • The envisaged retention period
  • The existence of automated decision-making, including profiling

3. Right to Rectification

You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

4. Right to Erasure ("Right to Be Forgotten")

You have the right to obtain the erasure of personal data concerning you without undue delay where one of the following grounds applies:

  • The data is no longer necessary for the purposes collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing based on legitimate interests and there are no overriding legitimate grounds
  • The personal data has been unlawfully processed
  • The personal data must be erased to comply with a legal obligation

5. Right to Restriction of Processing

You have the right to obtain restriction of processing where one of the following applies:

  • You contest the accuracy of the personal data
  • The processing is unlawful and you oppose erasure
  • We no longer need the personal data but you require it for legal claims
  • You have objected to processing pending verification of legitimate grounds

6. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller without hindrance, where:

  • Processing is based on consent or contractual necessity
  • Processing is carried out by automated means

7. Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on legitimate interests. We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

8. Rights Related to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where:

  • It is necessary for entering into or performance of a contract
  • It is authorized by EU or member state law
  • It is based on your explicit consent

18. How to Exercise Your GDPR Rights

For EU/UK/Swiss Residents:

  • Submit Requests: Email
  • Verification: Provide sufficient information to verify your identity
  • No Fee Usually: We provide this service free of charge, unless requests are manifestly unfounded or excessive
  • Response Time: We respond within one month (may be extended to two months for complex requests)
  • Format: We provide information in a concise, transparent, intelligible, and easily accessible form

Data Protection Officer (DPO)

While not legally required for our scale of operations, we have designated a data protection contact point:

  • The data protection officer's name:John
  • The data protection officer's Email:
  • Response Time: Within 30 days for GDPR-related inquiries

International Data Transfers

For transfers of EU/UK/Swiss personal data outside these regions:

  • We use Standard Contractual Clauses approved by the European Commission
  • We implement supplementary measures to ensure equivalent protection
  • We conduct transfer impact assessments for high-risk transfers

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement. The lead supervisory authority for Verba is:

  • Country: Ireland (if we establish a main establishment there)
  • Alternative: Your local national data protection authority

Special Category Data

We do not intentionally process "special category data" as defined by GDPR (racial/ethnic origin, political opinions, religious beliefs, etc.). If we inadvertently receive such data, we will delete it promptly.

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities, including:

  • Systematic and extensive profiling with legal effects
  • Large-scale processing of special category data
  • Systematic monitoring of publicly accessible areas on a large scale

Breach Notification

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay when the breach is likely to result in a high risk to your rights and freedoms.

Record Keeping

We maintain records of processing activities as required by GDPR Article 30, including:

  • Purposes of processing
  • Categories of data subjects and personal data
  • Categories of recipients
  • International transfers
  • Retention periods
  • Security measures

This supplement to our Privacy Policy is effective as of December 10, 2025, and applies specifically to users in the EEA, UK, and Switzerland.

19. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Data Controller: Verba Team

Email:

Mailing Address: Available upon request for legal notices

For specific inquiries, please include the appropriate subject line:

  • General Privacy Questions: "Privacy Inquiry"
  • CCPA/CPRA Requests: "CCPA Request"
  • GDPR Requests: "GDPR Request"
  • VCDPA Requests: "VCDPA Request"
  • Data Deletion: "Account Deletion Request"
  • Data Access: "Data Access Request"
  • Correction Requests: "Data Correction Request"
  • Opt-Out Requests: "Opt-Out Request"

20. Definitions

Personal Information: Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

Service Provider: A person or entity that processes information on behalf of Verba and to which Verba discloses personal information for a business purpose.

Sell/Sale: Selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information to another business or third party for monetary or other valuable consideration.

Share/Sharing: Sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information to a third party for cross-context behavioral advertising.

Personal Data (GDPR): Any information relating to an identified or identifiable natural person.

Personal Data (VCDPA): Any information that is linked or reasonably linkable to an identified or identifiable natural person.

Processing: Any operation performed on personal data.

Controller: The entity that determines the purposes and means of processing.

Processor: The entity that processes data on behalf of the controller.

Consent: Freely given, specific, informed, and unambiguous indication of wishes.

Special Category Data (GDPR): Sensitive data requiring enhanced protection (not typically collected by Verba).

Your Privacy Matters

We are committed to protecting your privacy and being transparent about our data practices. This Privacy Policy outlines how we collect, use, and protect your information to provide you with the best possible language learning experience while respecting your privacy rights.

Version 4.0 | Effective Date: December 10, 2025

By using Verba, you acknowledge that you have read and understand this Privacy Policy. Your continued use of our services constitutes acceptance of these terms.