Privacy policy
Who we are
Lessonpills is an interactive English learning platform operated by Michał Włosik EFC, ul. Północna 16/5, 54-105 Wrocław, Poland (NIP: 8942747708). We provide CEFR-leveled ESL lessons with interactive exercises, available at lessonpills.com and learn.lessonpills.com.
For any privacy-related questions, you can reach us at contact@lessonpills.com.
What data we collect
We collect only what is needed to run the service. Here is what we store and why:
| Data | Why we collect it | When |
|---|---|---|
| Email address | Account creation, sign-in, and subscription management | When you create an account or subscribe |
| Password (hashed) | Account authentication | When you create an account with email/password |
| Google account info (name, email) | Account authentication via Google OAuth | When you choose "Continue with Google" |
| Learning preferences | Personalizing your experience (target CEFR level, UI theme, language) | When you change your settings |
| Lesson favorites | Letting you bookmark lessons for later | When you star a lesson |
| Subscription details | Managing your premium access (plan type, status, billing period) | When you subscribe via Polar.sh |
Google user data
When you sign in using "Continue with Google," our application requests access to your Google account's basic profile information through Google OAuth 2.0. This section specifically addresses how we handle data obtained from Google APIs, in compliance with the Google API Services User Data Policy.
| Requirement | Our practice |
|---|---|
| Data accessed | We access your Google account email address and basic profile name. We do not request access to any other Google services (no Gmail, Drive, Calendar, or other data). |
| Data usage | Your Google email and name are used solely to create and authenticate your Lessonpills account. We do not use this data for advertising, analytics, or any purpose other than providing the service. |
| Data sharing | Your Google user data is not shared with any third parties. It is stored only in our authentication database (Supabase) and is not sold, rented, or disclosed to anyone. |
| Data storage & protection | Google user data is stored in a Supabase-managed PostgreSQL database protected by Row Level Security. All data is encrypted in transit (HTTPS/TLS) and at rest. Access is restricted to authenticated users viewing only their own records. |
| Data retention & deletion | Google user data is retained for as long as your account is active. You can request deletion at any time by emailing contact@lessonpills.com. Upon request, all associated data — including data obtained from Google — will be permanently deleted within 30 days. You may also revoke Lessonpills' access to your Google account at any time via your Google Account permissions. |
How we use your data
Your data is used exclusively to provide and improve the Lessonpills service. Specifically, we use it to authenticate your account, grant access to premium content based on your subscription status, remember your learning preferences across sessions, and manage your saved lessons. We do not use your data for profiling, targeted advertising, or any purpose unrelated to the service.
Third-party services
We rely on a small number of trusted third-party services to operate the platform. Each processes only the data it needs:
| Service | What it does | Data it processes |
|---|---|---|
| Supabase | Database, authentication, and serverless functions | Account data, preferences, favorites, subscription records |
| Vercel | Hosts and serves the lesson renderer | Standard HTTP request data (IP, user agent) in server logs, retained briefly |
| Polar.sh | Processes subscription payments | Email, payment method, billing details |
| OAuth sign-in provider | Email and basic profile info, only when you choose Google sign-in | |
| YouTube | Embedded video content within lessons | Standard YouTube embed data (subject to Google's Privacy Policy) |
| Ghost | Hosts the marketing site and blog | Standard web server logs |
We do not sell, rent, or share your personal data with any third party for marketing or advertising purposes.
Cookies
We use a single essential cookie to keep you signed in across sessions. This cookie is set by our authentication system on the learn.lessonpills.com domain and contains an encrypted session token. It is not used for tracking.
We do not use analytics cookies, advertising cookies, or any non-essential cookies. YouTube embeds within lessons may set their own cookies when you play a video — these are governed by Google's privacy policy.
Data storage and security
Your account data is stored in a Supabase-managed PostgreSQL database. Passwords are never stored in plain text — they are hashed using industry-standard algorithms before storage. Access to the database is protected by Row Level Security policies, meaning each user can only access their own data. All connections between your browser and our servers are encrypted via HTTPS/TLS.
Payment processing is handled entirely by Polar.sh. We never see or store your credit card number or full payment details.
Your rights under GDPR
As we are based in the EU, the General Data Protection Regulation (GDPR) applies. You have the right to:
| Right | What it means |
|---|---|
| Access | Request a copy of all personal data we hold about you |
| Rectification | Ask us to correct any inaccurate data |
| Erasure | Ask us to delete your account and all associated data |
| Portability | Receive your data in a structured, machine-readable format |
| Restriction | Ask us to limit how we process your data |
| Objection | Object to specific processing of your data |
To exercise any of these rights, email contact@lessonpills.com. We will respond within 30 days. If you believe your rights have not been respected, you may file a complaint with the Polish data protection authority (UODO) at uodo.gov.pl.
Legal basis for processing
We process your data under the following legal bases: contract performance (providing the service you signed up for, including authentication and subscription management), legitimate interest (maintaining platform security and preventing abuse), and consent (where you voluntarily provide data such as learning preferences). You may withdraw consent at any time by deleting your preferences or contacting us.
Data retention
We retain your account data for as long as your account is active. If you delete your account, we will remove all associated personal data within 30 days. Subscription records may be retained for up to 12 months after cancellation for accounting and legal compliance purposes, after which they are anonymized or deleted.
Children's privacy
Lessonpills is not directed at children under 16. We do not knowingly collect personal data from anyone under 16 years of age. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
Changes to this policy
We may update this policy from time to time. If we make significant changes, we will notify registered users by email. The "last updated" date at the top of this page reflects the most recent revision.
Contact
If you have any questions about this privacy policy or how we handle your data, please contact:
Michał Włosik EFC
ul. Północna 16/5, 54-105 Wrocław, Poland
NIP: 8942747708
contact@lessonpills.com
