Poly-Puff ("we", "us", "our") is an AI-powered English language learning application operated by Mark Middleton, based in Cape Town, South Africa. We operate the website at poly-puff.com and the Poly-Puff mobile application.
Contact: support@poly-puff.com
Subscription payments are processed by Paddle, our payment provider. We do not store your card details. Paddle acts as the Merchant of Record for all transactions. See Paddle's Privacy Policy for how they handle payment data.
| Purpose | Legal Basis (GDPR) | Legal Basis (POPIA) |
|---|---|---|
| Providing the app and learning features | Contract performance | Contract performance |
| AI grammar feedback via OpenAI | Contract performance | Contract performance |
| Sending you account and billing emails | Contract performance | Contract performance |
| Improving the app and fixing bugs | Legitimate interests | Legitimate interests |
| Legal compliance and fraud prevention | Legal obligation | Legal obligation |
| Marketing emails (only with consent) | Consent | Consent |
Important: When you submit an exercise for feedback, your translated sentence is sent to OpenAI's API servers located in the United States of America for AI-powered grammar analysis. This is a cross-border data transfer.
Poly-Puff is classified as a Limited Risk AI system under the EU AI Act (Regulation 2024/1689). This means we are required to be transparent about AI use. All AI-generated feedback is clearly labelled with an "AI" badge in the app.
We use OpenAI's API at a temperature of 0.0–0.1 for deterministic, consistent grammar correction. Your exercises are not used to train OpenAI's models. See OpenAI's Terms of Use and OpenAI's Privacy Policy.
For users in Saudi Arabia (SDAIA), Egypt (PDPL), and the EU (GDPR): by using the translation and grammar features, you consent to your exercise data being transferred to OpenAI's US-based servers for processing. This transfer is necessary to provide the core service.
We apply regional age thresholds in line with applicable law. Users below the threshold in their region require verifiable parental consent before using the app:
| Region | Minimum Age | Legal Basis |
|---|---|---|
| Brazil | 12+ | LGPD Art. 14 |
| USA, Canada, UK | 13+ | COPPA / GDPR-UK |
| China, Russia, South Korea | 14+ | Local law |
| Egypt | 15+ | PDPL (guardian consent required under 15) |
| EU, Vietnam, Japan | 16+ | GDPR Art. 8 |
| Indonesia | 17+ | Local law |
| South Africa, Saudi Arabia, UAE, India, Turkey | 18+ | POPIA / SDAIA / local law |
Users aged 13–17 in a "grey zone" region automatically have data sharing and public profile features disabled. We never knowingly collect data from children below the applicable threshold without parental consent.
We share data only with the following trusted third parties, and only as necessary:
We never sell, rent, or trade your personal data to third parties for marketing purposes.
Depending on your location, you have the following rights regarding your personal data:
To exercise any of these rights, visit poly-puff.com/delete-account.html or email support@poly-puff.com. We will respond within 30 days.
We retain your data for as long as your account is active. If you delete your account, all personal data is permanently erased within 30 days. Anonymised, aggregated statistical data (e.g. which grammar rules are most commonly missed) may be retained indefinitely as it cannot be linked back to you.
We use industry-standard security measures including HTTPS encryption, hashed passwords, HMAC authentication tokens, and rate limiting on all sensitive API endpoints. While no system is perfectly secure, we take reasonable and proportionate steps to protect your data.
Our website uses cookies and similar tracking technologies. Here is what we use and why:
Strictly Necessary Cookies: These keep the website functioning (e.g., keeping you logged in). They cannot be disabled.
Analytics Cookies: We use the following third-party analytics services to understand how visitors use our website:
We do not use advertising cookies or sell any data to third parties.
Your Choices: When you first visit our website, a cookie consent banner will ask for your permission before any analytics cookies are set. You can change your preferences at any time by clearing cookies in your browser settings.
For users in the European Economic Area (EEA) and South Africa: Analytics cookies are only activated after you provide explicit consent, in accordance with the GDPR and POPIA.
Poly-Puff is based in South Africa. Your data may be transferred to and processed in the United States (OpenAI, Railway) and other countries. Where required by law, we implement appropriate safeguards including standard contractual clauses for EU/UK data subjects.
We process personal information in accordance with the Protection of Personal Information Act 4 of 2013. You may lodge a complaint with the Information Regulator at inforegulator.org.za.
We process EU personal data under GDPR (Regulation 2016/679). You may lodge a complaint with your local supervisory authority.
We comply with the UK GDPR and the Data (Use and Access) Act 2025 (SI 2026/82). You may contact the ICO at ico.org.uk.
We comply with the Children's Online Privacy Protection Act. We do not knowingly collect personal information from children under 13 without verifiable parental consent.
We process Brazilian personal data in accordance with Lei Geral de Proteção de Dados (Law 13.709/2018).
We process Egyptian personal data in accordance with Personal Data Protection Law No. 151 of 2020 and its Executive Regulations (Decree 816 of 2025). Compliance deadline: 1 November 2026.
Cross-border transfers of Saudi personal data to OpenAI's US servers are disclosed. Users are notified at the point of data collection.
We may update this Privacy Policy from time to time. We will notify you of significant changes by email and by updating the "Last updated" date above. Continued use of the app after changes constitutes acceptance of the updated policy.
For any privacy-related questions, requests, or complaints:
Email: support@poly-puff.com
Address: Cape Town, South Africa