HiWord.AI ("we", "us", "our") is a vocabulary learning web application that helps users acquire and retain English vocabulary through spaced repetition. The application is accessible at https://karryzhang.github.io/VocabLoop/ and https://vocab-loop.vercel.app.
This Privacy Policy explains how we collect, use, and protect your personal information when you use HiWord.AI. By using the application, you agree to the practices described in this policy.
2.1 Information you provide directly
2.2 Information collected via Google Sign-In (optional)
If you choose to sign in with Google, we receive the following from Google:
We do not receive or store your Google password, profile photo, contacts, or any other Google account data.
2.3 Learning data (automatically generated by your use)
2.4 Technical data
We do not collect IP addresses, browser fingerprints, analytics events, or advertising identifiers. Standard server logs may be generated by our hosting providers (Vercel) as part of normal infrastructure operation.
| Purpose | Data used |
|---|---|
| Create and authenticate your account | Username, hashed password, or Google account ID |
| Sync learning progress across your devices | All learning data listed in ยง2.3 |
| Generate personalised reading articles | List of vocabulary words you have studied (no personal identifiers sent to AI providers) |
| Provide word definitions and audio pronunciations | The individual word being looked up (no account data sent) |
| Maintain service security and prevent abuse | Request rate data (in-memory, not persisted) |
We do not use your information for advertising, profiling, or any purpose other than operating and improving HiWord.AI.
Where applicable under data protection laws (such as the GDPR), we rely on the following legal bases:
We do not sell, rent, or trade your personal information to any third party.
We may disclose information only in the following limited circumstances:
| Service | Purpose | Data sent | Privacy policy |
|---|---|---|---|
| Google Identity Services | Optional sign-in | Google ID token (verified server-side) | policies.google.com/privacy |
| Free Dictionary API (dictionaryapi.dev) | Word definitions & audio | The searched word only | dictionaryapi.dev |
| Google Gemini API | AI reading article generation | Vocabulary word list only | policies.google.com/privacy |
| Anthropic Claude API | Vocabulary data enrichment | Vocabulary word list only | anthropic.com/privacy |
| Turso (libSQL cloud) | Account & sync data storage | Username, hashed credentials, learning data | turso.tech/privacy-policy |
| Vercel | Application hosting & serverless functions | Standard HTTP request data | vercel.com/legal/privacy-policy |
Local storage โ learning progress is stored in your browser's localStorage. This data never leaves your device unless you create an account and enable cloud sync.
Cloud storage โ if you register an account, your learning data is backed up to a Turso (SQLite cloud) database. Data is encrypted at rest and in transit (TLS/HTTPS).
Password security โ passwords are hashed using PBKDF2-SHA512 with a random salt and 120,000 iterations before storage. We cannot retrieve or reset your password โ only you know it.
Session tokens โ authentication tokens are HMAC-signed and stored in your browser's localStorage. They are not accessible to other websites.
We retain your account data for as long as your account is active. Learning data synced to our servers is kept indefinitely to allow you to resume learning at any time.
You may request deletion of your account and all associated data at any time by contacting us (see ยง13). Upon a verified deletion request, we will remove your data from our databases within 30 days.
Data stored solely in your browser's localStorage is under your complete control and can be deleted at any time through your browser settings.
Depending on your jurisdiction, you may have the following rights regarding your personal data:
To exercise any of these rights, please contact us using the details in ยง13.
HiWord.AI is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately and we will delete such information promptly.
Users between 13 and 18 should obtain parental consent before creating an account.
HiWord.AI does not use tracking cookies or advertising cookies.
We use browser localStorage for the following functional purposes only:
srs_{deck}_v1 โ spaced repetition learning state per vocabulary decksrs_global_v1 โ global stats (streaks, achievements, XP)shared_dict_v1 โ cached word definitions to reduce API callsvocabloop_auth โ authentication token (if logged in)vocabloop_theme โ your display theme preference (light/dark)reading_history โ cached AI-generated reading articlesAll localStorage data is stored on your device and is not transmitted to us unless you have an account with cloud sync enabled.
We may update this Privacy Policy from time to time to reflect changes in the app, legal requirements, or our data practices. When we make material changes, we will update the "Last updated" date at the top of this page.
We encourage you to review this policy periodically. Continued use of HiWord.AI after changes are posted constitutes your acceptance of the updated policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us through one of the following channels:
We will respond to all legitimate requests within 30 days.