Privacy policy

Privacy Policy — Lessonpills
Last updated: July 3, 2026

Who we are

Lessonpills is an interactive English learning platform operated by Michał Włosik EFC, ul. Północna 16/5, 54-105 Wrocław, Poland (NIP: 8942747708). We provide CEFR-leveled ESL lessons with interactive exercises, available at lessonpills.com and learn.lessonpills.com.

For any privacy-related questions, you can reach us at contact@lessonpills.com.

What data we collect

We collect only what is needed to run the service. Here is what we store and why:

DataWhy we collect itWhen
Email address Account creation, sign-in, and subscription management When you create an account or subscribe
Password (hashed) Account authentication When you create an account with email/password
Google account info (name, email) Account authentication via Google OAuth When you choose "Continue with Google"
Learning preferences Personalizing your experience (target CEFR level, UI theme, language) When you change your settings
Lesson favorites Letting you bookmark lessons for later When you star a lesson
Subscription details Managing your premium access (plan type, status, billing period) When you subscribe via Polar.sh
We do not collect your browsing history, IP address logs, device fingerprints, or any data beyond what is listed above. We do not run third-party analytics or advertising trackers on our platform.

Google user data

When you sign in using "Continue with Google," our application requests access to your Google account's basic profile information through Google OAuth 2.0. This section specifically addresses how we handle data obtained from Google APIs, in compliance with the Google API Services User Data Policy.

RequirementOur practice
Data accessed We access your Google account email address and basic profile name. We do not request access to any other Google services (no Gmail, Drive, Calendar, or other data).
Data usage Your Google email and name are used solely to create and authenticate your Lessonpills account. We do not use this data for advertising, analytics, or any purpose other than providing the service.
Data sharing Your Google user data is not shared with any third parties. It is stored only in our authentication database (Supabase) and is not sold, rented, or disclosed to anyone.
Data storage & protection Google user data is stored in a Supabase-managed PostgreSQL database protected by Row Level Security. All data is encrypted in transit (HTTPS/TLS) and at rest. Access is restricted to authenticated users viewing only their own records.
Data retention & deletion Google user data is retained for as long as your account is active. You can request deletion at any time by emailing contact@lessonpills.com. Upon request, all associated data — including data obtained from Google — will be permanently deleted within 30 days. You may also revoke Lessonpills' access to your Google account at any time via your Google Account permissions.
Lessonpills' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data to develop, improve, or train generalized AI or machine learning models.

How we use your data

Your data is used exclusively to provide and improve the Lessonpills service. Specifically, we use it to authenticate your account, grant access to premium content based on your subscription status, remember your learning preferences across sessions, and manage your saved lessons. We do not use your data for profiling, targeted advertising, or any purpose unrelated to the service.

Third-party services

We rely on a small number of trusted third-party services to operate the platform. Each processes only the data it needs:

ServiceWhat it doesData it processes
Supabase Database, authentication, and serverless functions Account data, preferences, favorites, subscription records
Vercel Hosts and serves the lesson renderer Standard HTTP request data (IP, user agent) in server logs, retained briefly
Polar.sh Processes subscription payments Email, payment method, billing details
Google OAuth sign-in provider Email and basic profile info, only when you choose Google sign-in
YouTube Embedded video content within lessons Standard YouTube embed data (subject to Google's Privacy Policy)
Ghost Hosts the marketing site and blog Standard web server logs

We do not sell, rent, or share your personal data with any third party for marketing or advertising purposes.

Cookies

We use a single essential cookie to keep you signed in across sessions. This cookie is set by our authentication system on the learn.lessonpills.com domain and contains an encrypted session token. It is not used for tracking.

We do not use analytics cookies, advertising cookies, or any non-essential cookies. YouTube embeds within lessons may set their own cookies when you play a video — these are governed by Google's privacy policy.

Data storage and security

Your account data is stored in a Supabase-managed PostgreSQL database. Passwords are never stored in plain text — they are hashed using industry-standard algorithms before storage. Access to the database is protected by Row Level Security policies, meaning each user can only access their own data. All connections between your browser and our servers are encrypted via HTTPS/TLS.

Payment processing is handled entirely by Polar.sh. We never see or store your credit card number or full payment details.

Your rights under GDPR

As we are based in the EU, the General Data Protection Regulation (GDPR) applies. You have the right to:

RightWhat it means
Access Request a copy of all personal data we hold about you
Rectification Ask us to correct any inaccurate data
Erasure Ask us to delete your account and all associated data
Portability Receive your data in a structured, machine-readable format
Restriction Ask us to limit how we process your data
Objection Object to specific processing of your data

To exercise any of these rights, email contact@lessonpills.com. We will respond within 30 days. If you believe your rights have not been respected, you may file a complaint with the Polish data protection authority (UODO) at uodo.gov.pl.

Legal basis for processing

We process your data under the following legal bases: contract performance (providing the service you signed up for, including authentication and subscription management), legitimate interest (maintaining platform security and preventing abuse), and consent (where you voluntarily provide data such as learning preferences). You may withdraw consent at any time by deleting your preferences or contacting us.

Data retention

We retain your account data for as long as your account is active. If you delete your account, we will remove all associated personal data within 30 days. Subscription records may be retained for up to 12 months after cancellation for accounting and legal compliance purposes, after which they are anonymized or deleted.

Children's privacy

Lessonpills is not directed at children under 16. We do not knowingly collect personal data from anyone under 16 years of age. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

Changes to this policy

We may update this policy from time to time. If we make significant changes, we will notify registered users by email. The "last updated" date at the top of this page reflects the most recent revision.

Contact

If you have any questions about this privacy policy or how we handle your data, please contact:
Michał Włosik EFC
ul. Północna 16/5, 54-105 Wrocław, Poland
NIP: 8942747708
contact@lessonpills.com