← BackCocolingo

Privacy Policy

Effective Date: January 5, 2026

Company / Controller: Yellow Melon (Delaware) Inc. (“Yellow Melon,” “we,” “us,” “our”)

Product: Cocolingo (the “Service”)

Contact: hello@cocolingo.ai

Mailing Address: 131 Continental Dr Suite 305, Newark, DE, 19713, USA

This Privacy Policy explains how Yellow Melon collects, uses, shares, and protects personal information in connection with Cocolingo.

1) What this Policy covers

This Policy applies to information we collect when you:

  • use the Service (including our website and any related applications),
  • create an account,
  • purchase a subscription,
  • sign up for marketing/newsletters, or
  • otherwise interact with us.

2) Information we collect

We collect information in the following categories:

A) Information you provide

  • Account information: first name, last name, email address, password, and timezone.
  • Profile / personalization information (optional): native language, target language, target language proficiency level, age, gender, location, and your reasons for learning a language.
  • Marketing/newsletter information: email address and preferences (where applicable).
  • Communications: information you provide when contacting support or communicating with us.

B) Information collected automatically

When you use the Service, we (and our analytics partners) may collect:

  • Device and usage information: IP address, device identifiers, browser type, pages/screens viewed, actions taken, referring/exit pages, timestamps, and approximate location derived from IP.
  • Cookies and similar technologies: used for functionality, analytics, and marketing as described below.
  • Device/browser fingerprint identifier: a hashed identifier derived from your browser/device using the @fingerprintjs/fingerprintjs library, used to help detect and prevent fraud/abuse and enforce free plan usage limits.

C) Payment information

Payments are processed by Stripe. We do not store full payment card numbers. Stripe may collect and process payment and billing information as described in Stripe’s documentation and privacy policy.

3) How we use information

We use personal information to:

  • Provide and operate the Service (account creation, authentication, delivering features, personalization).
  • Personalize learning experiences based on optional profile data you choose to provide (not for advertising targeting based on sensitive fields).
  • Process transactions and manage subscriptions through Stripe.
  • Communicate with you about the Service, including transactional messages (e.g., account notices).
  • Send marketing communications (e.g., newsletters) when you opt in, and to honor opt-out requests.
  • Improve and secure the Service including analytics, debugging, fraud prevention, and compliance.
  • Detect, prevent, and investigate fraud/abuse including enforcing limits on free plan usage (which may involve cost to us).
  • Comply with legal obligations and enforce our terms.

4) Cookies, analytics, and similar technologies

We use cookies and similar technologies and present a cookie banner for consent management.

We use:

  • Google Analytics 4 (GA4) and Google Tag Manager (GTM) to measure and understand usage.
  • Mixpanel for product analytics (e.g., feature usage and funnels).

Depending on your settings and region, you may be able to manage cookie preferences through the banner and/or browser settings. If you disable certain cookies, some functionality may be impacted.

5) How we share information

We may share personal information in the following ways:

  • Service providers / processors: vendors who help us operate the Service (e.g., hosting/infrastructure, analytics, email delivery). This includes Stripe (payments), Amazon SES (email delivery), Mailchimp (marketing/newsletters), Google (GA4/GTM) and Mixpanel (analytics).
  • Legal and compliance: when we believe disclosure is required by law, regulation, legal process, or to protect rights, safety, and security.
  • Business transfers: if we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction.
  • With your direction: when you request or consent to sharing.

We use the @fingerprintjs/fingerprintjs library to generate an identifier, and we do not share this identifier with FingerprintJS as a third-party service provider in connection with generating it.

We do not sell personal information in the traditional sense. See the “California Privacy Rights” section for additional details.

6) Data retention

We keep personal information for as long as reasonably necessary to provide the Service, maintain your account, comply with legal obligations, resolve disputes, and enforce agreements.

Retention periods vary based on the type of data and why we collected it.

Some identifiers used for fraud/abuse prevention (such as device/browser fingerprint identifiers) may be retained indefinitely unless you request deletion, subject to legal and operational requirements.

7) Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information. No security measure is perfect, and we cannot guarantee absolute security.

8) International data transfers (including to the United States)

Your data is stored in the United States. If you access the Service from the UK, EEA, or Switzerland, your information may be transferred to and processed in the United States and other jurisdictions that may not provide the same level of data protection.

Where required, we rely on appropriate safeguards for cross-border transfers (such as contractual protections).

9) Your choices and controls

  • Account information: you can update certain account and profile information within the Service (where available).
  • Optional personalization fields: optional profile fields can be left blank, changed, or removed by you (where available). You can also request deletion (see Section 13).
  • Marketing emails: you can opt out at any time by using the unsubscribe link in marketing emails. Transactional/service messages may still be sent (e.g., password resets, billing notices).
  • Cookies: manage via the cookie banner (where available) and browser/device settings.

10) Children’s privacy

Because the Service collects personal information and is not designed to comply with child-directed requirements in all jurisdictions, the Service is not intended for children under 13, and we do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us personal information, please contact us at hello@cocolingo.ai, and we will take steps to delete the information.

11) GDPR / UK GDPR (EEA/UK/Switzerland) privacy rights

If you are located in the EEA, UK, or Switzerland, you may have the right to:

  • Access your personal data.
  • Rectify inaccurate or incomplete data.
  • Delete your personal data.
  • Restrict or object to certain processing.
  • Data portability (receive a copy in a usable format).
  • Withdraw consent where processing is based on consent (this does not affect processing already performed).

You also have the right to lodge a complaint with your local data protection authority.

Lawful bases (EEA/UK)

We process personal data when:

  • it is necessary to perform a contract (provide the Service),
  • it is in our legitimate interests (e.g., securing and improving the Service, analytics where permitted), and/or
  • we have consent (e.g., marketing emails and certain cookies, where required).

12) California Privacy Rights (CCPA/CPRA)

This section applies to California residents, to the extent the CCPA/CPRA applies.

A) Categories of personal information we collect

Depending on your use, we may collect:

  • Identifiers: name, email, IP address, online identifiers (including device/browser fingerprint identifiers).
  • Internet or network activity: usage and analytics data.
  • Geolocation data: approximate location derived from IP (and any location you choose to provide).
  • Characteristics / profile data you provide: age and gender (optional), language preferences, reasons for learning (optional).
  • Account credentials: password (stored in protected form).

B) Purposes for collection

We collect and use the categories above for providing the Service, personalization, payments/subscriptions, marketing (opt-in), analytics and improvement, security and fraud prevention, and legal compliance.

C) “Sale” and “Sharing” / targeted advertising

We do not sell personal information for money. Some privacy laws define “sale” or “sharing” broadly to include certain advertising/analytics-related disclosures (including via cookies). If we engage in practices that constitute “sharing” under CPRA (e.g., certain cookie-based advertising), we will provide appropriate opt-out controls (such as through the cookie banner or a “Do Not Sell or Share” mechanism, where required).

D) Your California rights

You may have the right to:

  • Know/access the personal information we collect, use, and disclose.
  • Delete personal information (subject to exceptions).
  • Correct inaccurate personal information.
  • Opt out of sale/sharing (if applicable).
  • Limit the use/disclosure of sensitive personal information (if applicable).
  • Non-discrimination for exercising your rights.

To submit a request, contact hello@cocolingo.ai.

13) How to contact us / submit privacy requests

Email: hello@cocolingo.ai

Mail: 131 Continental Dr Suite 305, Newark, DE, 19713, USA

14) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version and update the “Effective Date” above. If changes are material, we may provide additional notice.