On this page
Aplora — Privacy Policy
Last updated: 9 July 2026 | Effective date: 9 July 2026
Summary (plain-language overview)
- Who we are: JB Learning Systems Pty Ltd (ABN 96 696 942 935), an Australian company and owner and operator of “Aplora” — an AI language tutor you speak to.
- What we collect: account details, your voice recordings and conversation transcripts, learning progress and memory data, device and usage data, and payment information (handled by a payment processor).
- Why: to run lessons, give you feedback, remember your progress across sessions, process payments, keep the service secure, and improve the product.
- AI & voice: your speech is processed by us and by third-party AI / speech providers to deliver lessons. We do not store your voice recordings, and we do not currently use your voice or conversations to train AI models — see Section 5.
- Who governs: Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles, with extra protections for users in the EU/EEA & UK (GDPR) and the US (CCPA/CPRA).
- Your rights: access, correct, delete, export, object, and complain. Contact privacy@aplora.org.
- We do not sell your personal information.
1. About this policy and who it covers
This Privacy Policy explains how JB Learning Systems Pty Ltd (“Aplora”, “we”, “us”, “our”) collects, uses, discloses, and protects personal information when you use the Aplora mobile apps (iOS and Android), our websites (including aplora.org and app.aplora.org), the try-it-now web demo, and related services (together, the “Service”).
This policy applies to all users worldwide. Where local law gives you additional rights, the relevant country/region sections below (EU/UK, United States) apply to you in addition to the general terms.
Aplora may also provide the Service to people through their employer, school, or a government or sponsored program (“Organisation Accounts”). In those cases the organisation may act as a separate data controller for some information. See Section 17.
2. Information we collect
2.1 Information you provide
- Account & profile: name, email address, password or social-login identifier, chosen learning language(s), proficiency level, learning goals, tutor preferences, and optional profile details such as a photo or bio.
- Social login: if you sign in with Google (or another provider), we receive your name, email address, and basic profile information from that provider. We do not receive your provider password.
- Communications: messages you send to support, survey and feedback responses, and other correspondence.
- Payment details: when you buy lessons or lesson packs, our payment processor collects your payment-card or billing details. We receive confirmation and limited transaction data (e.g., last four digits, amount, date) but do not store full card numbers.
2.2 Voice, audio and conversation content
Because Aplora is a spoken-conversation tutor, this is the most sensitive category we handle:
- Voice recordings: live audio captured through your device microphone (with your permission) during lessons and the demo.
- Transcripts: text transcriptions of your speech and of the tutor’s responses.
- Inputs to AI features: anything you say or type to the AI tutor, including pronunciation attempts.
Voice and biometric considerations. Depending on jurisdiction, voice recordings may be treated as sensitive or biometric information (e.g., a “voiceprint” under some US state laws). Aplora uses voice to deliver and assess language learning, and never uses voice recordings to identify you biometrically.
2.3 Learning & memory data
A core feature of Aplora is that your tutor remembers you. We create and store a learning profile that may include: words and phrases you’ve saved, learned, or struggled with; pronunciation and fluency assessments; mistakes and corrections; lesson topics; speaking time; streaks, XP and skill metrics; and session summaries. We link this to your account to personalise future lessons.
2.4 Information collected automatically
- Device & technical: device type and model, operating system, app version, language and locale settings, IP address, and device identifiers.
- Usage: features used, lessons taken, pages/screens viewed, session duration, in-app actions, and approximate location derived from IP.
- Diagnostics & analytics: crash logs, performance data, and (where used) session/analytics tooling. Sensitive fields such as passwords and payment details are excluded from analytics capture.
- Cookies & similar technologies: on our websites and demo — see Section 14.
2.5 Information from third parties
- Social-login providers (Section 2.1).
- Payment processors and fraud-prevention partners (transaction status).
- Analytics and advertising partners (aggregated or attribution data).
- Organisations that sponsor your access (e.g., employer or program enrolment details) — see Section 17.
3. How we collect information
We collect information directly from you (when you register, speak or type in lessons, contact us, or pay), automatically (through your use of the Service and device permissions you grant, such as microphone access), and from the third parties listed in Section 2.5. You can control device permissions (microphone, notifications) at any time in your device settings; disabling the microphone will prevent spoken-lesson features from working.
4. How we use information
| Purpose | Examples |
|---|---|
| Provide the Service | Run spoken lessons and the demo, transcribe and assess speech, generate tutor responses, deliver feedback and session summaries. |
| Personalise & remember | Maintain your learning profile so the tutor recalls your words, level, and struggles across sessions. |
| Accounts & payments | Create and manage your account, process per-lesson and lesson-pack purchases, send receipts. |
| Communicate | Service messages, support responses, and — where permitted — product updates and marketing you can opt out of. |
| Improve the Service | Diagnose issues, analyse aggregated usage, and improve lesson quality and AI performance (see Section 5 for limits on voice/AI training). |
| Safety & security | Detect, prevent and respond to fraud, abuse, and security incidents. |
| Legal | Comply with legal obligations and enforce our terms. |
5. AI features, voice data, and model training
How AI processing works. To deliver lessons, your speech and text inputs are processed by Aplora and by trusted third-party AI providers — including automatic speech recognition (ASR), large-language-model, and text-to-speech services (see the subprocessor list in Section 7). These providers process your inputs to return transcriptions, tutor responses, and pronunciation feedback. We contractually require providers to handle data only on our instructions and to protect it.
Model training and your control. Aplora’s approach is privacy-protective:
- We do not sell your voice data or conversations.
- We do not currently use your voice or conversation data to train AI models. If this changes, we will update this policy and, where required, ask for your consent first.
- We require AI subprocessors to commit, by contract, not to use your inputs to train their own foundation models, except as needed to provide the service to us.
Storage of recordings. We do not store raw voice recordings. Your audio is held in memory and transmitted over the network only for as long as needed to run the lesson; it is never written to persistent storage.
6. Legal bases for processing (EU/EEA & UK users)
Where the GDPR or UK GDPR applies, we rely on:
- Performance of a contract — to provide lessons, process speech, run your account, and take payment.
- Legitimate interests — to secure, maintain and improve the Service (balanced against your rights).
- Consent — for non-essential cookies, certain marketing, microphone access, and any use of voice data for model improvement. You may withdraw consent at any time.
- Legal obligation — to comply with applicable law.
7. How and with whom we share information
We share personal information only as described below. We do not sell your personal information.
- Service providers / subprocessors — vendors who host, power, secure, and support the Service (table below).
- Payment processors — to take payment and prevent fraud.
- Sponsoring organisations — limited reporting to an employer/program that funds your access (see Section 17).
- Legal & safety — to comply with law, lawful requests, or to protect rights, safety, and property.
- Business transfers — in a merger, acquisition, or asset sale, subject to this policy.
Key categories of subprocessors:
| Category | Purpose | Providers | Data involved |
|---|---|---|---|
| Cloud hosting & storage | Run and store the Service | Amazon Web Services (AWS) | All categories |
| AI — speech recognition | Transcribe your speech | AWS | Voice, transcripts |
| AI — language model | Generate tutor responses & feedback | Amazon Bedrock (AWS) | Transcripts, learning data |
| AI — text-to-speech | Tutor voice output | AWS | Lesson text |
| Payments | Process purchases | Stripe (web); Apple App Store / Google Play (in-app) | Billing data |
| Authentication | Sign-in | Google OAuth / Apple Sign in | Account identifiers |
| Analytics & crash reporting | Improve reliability | PostHog / Google Analytics (rolling out) | Usage, device data |
| Email & messaging | Transactional & marketing email | Klaviyo (rolling out; no marketing email is currently sent) | Contact details |
8. International data transfers
Aplora is based in Australia and uses providers located in other countries, including the United States and the EU. This means your personal information may be processed outside your country of residence.
- Australian users (APP 8): before disclosing personal information overseas we take reasonable steps to ensure recipients handle it consistently with the Australian Privacy Principles.
- EU/EEA & UK users: where we transfer data outside the EEA/UK, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK Addendum/IDTA) or an adequacy decision.
9. Data retention
We keep personal information only as long as needed for the purposes in this policy, then delete or anonymise it. Indicative periods:
| Data | Retention |
|---|---|
| Account & learning/memory data | While your account is active; deleted immediately when you delete your account. |
| Voice recordings | Not stored — audio is processed in memory only and never saved to persistent storage. |
| Transcripts & conversation history | While your account is active; deletable by you in-app. |
| Payment/transaction records | As required by tax and financial law (commonly up to 7 years in Australia). |
| Support communications | Kept only as long as needed to resolve your enquiry and maintain a record of support history. |
| Analytics/diagnostic logs | Up to 24 months, aggregated where possible. |
10. How we keep information secure
We use technical and organisational measures including encryption in transit and at rest, access controls and least-privilege access, authentication safeguards, monitoring, and staff confidentiality and training. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If a data breach occurs that is likely to cause serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme, and other regulators where applicable.
11. Your privacy rights (all users)
Subject to local law, you can: access a copy of your data; correct inaccurate data; delete your account and data; export your data; object to or restrict certain processing; and opt out of marketing. You can manage much of this in-app (profile, history, settings) or by contacting privacy@aplora.org. We will respond within the timeframe required by applicable law. We will not discriminate against you for exercising your rights.
Australian users: under APP 12 and APP 13 you may request access to and correction of your personal information. If you have a complaint, contact us first; if unsatisfied, you may complain to the OAIC (oaic.gov.au).
12. EU/EEA & UK rights (GDPR)
If you are in the EU/EEA or UK, you have the rights to access, rectification, erasure, restriction, data portability, and objection (including to processing based on legitimate interests and to direct marketing), and the right to withdraw consent. You also have the right to lodge a complaint with your local supervisory authority (in the UK, the ICO).
13. United States privacy rights (CCPA/CPRA and other state laws)
If you are a US resident in a state with a comprehensive privacy law (e.g., California, Virginia, Colorado, Connecticut, Texas, Utah), you may have rights to know/access, delete, correct, and opt out of “sale”/“sharing” and targeted advertising, and to limit use of sensitive personal information.
Categories collected (CCPA): identifiers; customer records; commercial information (purchases); internet/usage activity; geolocation (approximate); audio/electronic information (voice recordings); and possibly sensitive personal information and/or biometric information depending on how voice is processed.
We do not sell your personal information and do not knowingly sell or share the personal information of minors. To exercise rights, contact privacy@aplora.org. We will verify your request and may use an authorised agent process.
14. Cookies and tracking technologies
On our websites and the web demo we use essential cookies (to make the site work), and — with your consent where required — analytics and, if applicable, marketing cookies. You can manage non-essential cookies through our cookie banner and your browser settings. We honour Global Privacy Control (GPC) signals where required.
15. Children’s privacy
Aplora is not directed to children. The Service is intended for users aged 16 and over, and we do not knowingly collect personal information from anyone under 16. If we learn we have collected such information without appropriate consent, we will delete it promptly. If you believe a child has provided us information, contact privacy@aplora.org.
16. Third-party links and services
The Service may link to third-party sites or services (e.g., app stores, social platforms). We are not responsible for their privacy practices; review their policies before sharing information.
17. Organisation (B2B) and sponsored accounts
If your access is provided through an employer, educational institution, or government/sponsored program, that organisation may share enrolment information with us and may receive limited reporting (e.g., participation, usage, and progress) under its agreement with us. In those cases the organisation may be an independent controller of certain data; its own privacy notice will also apply. Contact your administrator for details about its handling of your information.
18. Changes to this policy
We may update this policy from time to time. We will revise the “Last updated” date and, for material changes, provide additional notice (e.g., in-app or by email) and, where required, seek your consent. Continued use after changes take effect means you accept the updated policy.
19. How to contact us
Aplora — Privacy
JB Learning Systems Pty Ltd | ABN 96 696 942 935 | ACN 696 942 935
Unit 909, 21 Dunkerley Pl, Waterloo NSW 2017, Australia
Email: privacy@aplora.org
Australian users may also contact the OAIC (oaic.gov.au). EU/EEA and UK users may contact their local supervisory authority (UK: ICO, ico.org.uk).