Privacy Policy

Last updated: May 12, 2026

SweetMango is a language learning web app. We try to collect as little as possible. You can use SweetMango entirely anonymously; signing in with Google is optional and creates a small account record. This page explains exactly what we do collect, why, and what choices you have.

The short version

• Anonymous use is the default — no account required.
• Optional Google sign-in stores your email, display name, profile picture URL, and a Google-issued ID in our Supabase database.
• Your in-app settings (theme, font size, learning language) live in your browser, not on our servers.
• We use Google Analytics — but only if you click Accept on the consent banner.
• If you sign up for the email list, we store your email with Resend so we can write to you.
• We never sell your data.

Your account

When you sign in with Google, SweetMango receives and stores the following from Google:

• Your email address
• Your Google display name
• Your Google profile picture URL
• A Google-issued account identifier
• Reading progress: which stories you’ve started, your position within each, and which you’ve completed.

We store these in our Supabase database to identify you across devices. You can edit your display name in the app; you can permanently delete your account at any time from the in-app account menu. Deleting your account immediately removes all associated data from our database.

If you never sign in, SweetMango holds no account data about you.

What we collect

Stored on your device (not on our servers)

The app keeps a few things in your browser’s localStorage so it remembers you between visits:

• sm_settings — your theme, font size, and chosen learning language.
• sm_consent — your answer to the cookie banner.

These never leave your device. Clearing your browser storage removes them. See the Cookie Policy for the full list.

Analytics (only with your consent)

We use Google Analytics 4 to understand which pages and languages learners use. Analytics cookies (_ga, _ga_*) are only set after you click Accept on the consent banner. If you decline or ignore the banner, no analytics data is sent. Analytics events we record include page views and which language a learner picks — never the words you tap or the sentences you read.

Google Analytics may receive your IP address as part of normal web traffic. We have IP anonymization on by default, and analytics data is also exported to BigQuery for our own aggregate reporting.

Email subscription (only if you sign up)

If you enter your email address into the signup form on the landing page, we send it to Resend so we can email you product updates. You can unsubscribe from any email we send, which removes you from the list. We don’t share the list with anyone else.

Server logs

Our hosting providers (Google Firebase Hosting and Cloudflare) keep short-lived request logs for security and debugging. These typically include IP address, user agent, and the URL requested, and are retained according to those providers’ standard policies. We don’t use these logs for analytics or marketing.

What we don’t collect

• If you don’t sign in, we never collect names, profile info, or any account identifier.
• We don’t store passwords — Google handles authentication and only shares the fields listed above.
• We don’t accept payments, so we never see card or billing data.
• We don’t track which words you tap, which sentences you read, or how long you spend on a page.
• We don’t sell or rent any data to advertisers or data brokers.

Sub-processors

SweetMango uses the following third-party services to operate. Each receives only the data necessary for its function:

• Google Cloud — hosting (Firebase Hosting) and content delivery (Cloud Storage). United States.
• Supabase Inc. — account database and authentication. United States.
• Cloudflare — email signup proxy (anonymous email-list signups only). Global.
• Resend — newsletter delivery (only for users who explicitly subscribe). United States.
• Google Analytics 4 — anonymous usage analytics (only with cookie consent). United States.

In addition, we use Google Cloud (Text-to-Speech, Translation, Natural Language, Imagen) offline to produce story audio, translations, and cover images. The app itself does not call these from your browser.

For users in the EEA / UK, we rely on Standard Contractual Clauses for transfers to US-based processors.

Data retention

Account data is retained until you delete your account. Deletion is self-service from the in-app account menu, is permanent, and cascades to every record we hold about you. Anonymous browsing of SweetMango produces no account data to retain.

For data we cannot delete directly (e.g. third-party processor logs), we rely on each processor’s documented retention policy. To request a data export, email support@sweetmango.app.

Legal basis for processing (UK/EEA users)

• Account services: Article 6(1)(b) — performance of a contract you requested.
• Analytics: Article 6(1)(a) — consent, captured by the cookie banner.
• Service operation (necessary cookies, error logs): Article 6(1)(f) — legitimate interests.

Your rights

You can: access the personal data we hold about you (visible in the in-app account menu), correct your display name in-app, and permanently delete your account in-app. For data export or any other request, email support@sweetmango.app.

Where data is processed

Our infrastructure runs primarily in the United States. If you visit from outside the US, your data (in the limited form described above) is processed there.

Children

SweetMango is suitable for general audiences and we do not knowingly collect data from children under 13 (or under 16 in jurisdictions that apply that threshold). Because the app has no accounts and only optional analytics and email signup, the only way a child could submit personal data to us is by entering an email address. If you believe a child has submitted their email, contact us at support@sweetmango.app and we will remove it.

Your choices

• Analytics — change your answer to the cookie banner anytime by deleting the sm_consent cookie (and the _ga* cookies) and reloading.
• Email list — every email has an unsubscribe link.
• Local data — clearing your browser’s site data for sweetmango.app removes everything stored on your device.
• Account — if you signed in with Google, you can edit your display name or permanently delete your account from the in-app account menu. Deletion is immediate and cascades to all data we hold about you.
• Access / deletion — for data export or any request beyond what the in-app menu covers, email support@sweetmango.app.

Security

The site is served over HTTPS. We follow standard practices for the small amount of data we hold (subscriber emails on Resend), but no service can guarantee perfect security. If we ever become aware of a breach affecting subscriber data, we’ll notify affected addresses.

Changes to this policy

We may update this policy as the app evolves. The “Last updated” date at the top of this page reflects the current version. Material changes will be highlighted on the landing page or mailed to subscribers.

Contact

Questions, requests, or corrections? Email support@sweetmango.app.