Jan 20, 2026

Privacy policy

Privacy policy

Privacy Policy

Effective: 10 June 2026

Data controller: Malggu, [Your registered business address — update in Framer]. Privacy contact: privacy@malggu.com

This policy covers malggu.com, market.malggu.com, wordbook.malggu.com, and related interactive learning Services. It applies to users in the UK, EEA, Korea, the United States, and worldwide. Where GDPR or UK GDPR applies, you have the rights in Section 9.[EU-6]

1. Data we collect

  • Account: email, password hash, consent choices, age confirmation flag.[KR-15]
  • Purchase & redeem: order references, license/redeem keys, purchaser email (via Polar checkout and market.malggu.com).
  • Learning & games: wordbook/quiz progress, scores, deck completion, faction/profile choices, simulation dialogue selections, session timestamps. We do not require camera data for core account features.
  • Usage: pages visited, device/browser, IP (short retention) — analytics only with cookie consent.[EU-7]
  • Support: messages you send us.
  • Phone (optional): if you provide a number and consent to SMS marketing.

2. Lawful bases (GDPR Art. 6)

  • Contract: account, delivery of digital products, license redemption, support, saving game progress tied to your account.[EU-6]
  • Consent: marketing use of data, promotional email/SMS/push, analytics cookies, marketing cookies, and camera access in Magic Motion games. Withdraw anytime without losing core Services (except camera-based features).[EU-7][KR-22-5]
  • Legitimate interests: security, fraud prevention, essential server logs — not for analytics cookies or promotional email.
  • Legal obligation: tax and accounting.

3. Processors (who helps us)

We use trusted providers under data processing agreements:

  • Supabase — auth, database (USA; SCCs).
  • Polar — payments, merchant of record & license delivery.
  • Cloudflare — CDN & security.
  • Framer — website hosting (www).
  • Google Analytics — only if you accept analytics cookies.
  • Email provider — transactional and (if opted in) marketing email.

We do not sell your personal data.

4. Marketing & promotional messages

Service messages (receipts, redeem keys, password reset, security) — sent under contract; no marketing consent required.

Optional marketing requires separate choices at signup or in account settings. Refusing marketing does not block signup, purchase, or use of learning games.[KR-22-5][EU-7]

  • Marketing use of personal data (events, offers, recommendations).
  • Promotional email, SMS, or app push — each channel separately.

Free gift: optional marketing opt-in may include a free starter PDF. Not required to sign up or buy.

Withdraw in account privacy settings or via unsubscribe links. We keep proof of consent/withdrawal (timestamps, policy version).[KR-15]

5. Cookies & similar technologies

Essential (always on): login session, malggu_at cross-site auth, checkout, security.

Analytics (opt-in): e.g. Google Analytics — loaded only after you accept in the cookie banner.

Marketing (opt-in): ad measurement cookies — only after consent.

Change choices anytime via “Cookie settings” in the footer. Rejecting non-essential cookies does not block the site.[EU-7]

6. Third-party links

Our Services may link to other websites (Polar checkout, social profiles, partner venues shown in Simulation). Those sites are operated by third parties with their own privacy policies. Review their policies before you provide personal information.

7. International transfers

Data may be processed in the USA and other countries. For UK/EEA users we use Standard Contractual Clauses and processor agreements. Request copies via privacy@malggu.com.

8. Retention

  • Account: until deletion request, then erase within 30 days (except legal holds).
  • Consent logs: consent period + up to 3 years for proof.
  • Game progress: while your account is active, unless you delete it.
  • Purchases: 5–7 years for tax/accounting where required.

9. Your rights

Access, rectification, erasure, restriction, portability, object to processing, withdraw consent, complain to a supervisory authority (ICO UK, your EU DPA, or PIPC Korea). Email privacy@malggu.com — we respond within one month.[EU-6]

10. Children

Malggu is an educational product but not directed at young children without appropriate safeguards. At signup we require you to confirm you meet the minimum age for your region:

  • European Economic Area / UK: 16, or the lower age set by your country (not below 13) with parental consent below 16.[EU-8]
  • Republic of Korea: under 14 requires verifiable consent from a legal guardian; we do not knowingly collect data from under-14s without that process.[KR-22-2]
  • United States: we do not knowingly collect personal information from children under 13 (COPPA). If you believe a child under 13 has registered, contact privacy@malggu.com for deletion.[US-COPPA]

Camera-based games are offered only after a separate in-game consent step (see Section 13). Parents/guardians may contact us to review or delete a minor's account.

11. Camera & motion (Magic Motion games)

Some games (e.g. Grammar Spells / Magic Motion) may ask to use your device camera to detect body movement for gameplay. This is optional and requested only when you enter those games — not at account signup.[KR-ICT][EU-13]

  • On-device processing: video frames are processed in your browser (e.g. TensorFlow.js / MediaPipe). We do not upload raw video or store your face on our servers by default.
  • What we may store: gameplay results (scores, spell success, session duration) linked to your account — not raw camera recordings.
  • Refusal: you may decline camera access and use non-camera study modes where available. Declining does not block your account, purchased content, or non-camera games.[KR-ICT]
  • Withdrawal: revoke camera permission in browser settings; previously saved scores remain unless you delete your account.

12. Korea Simulation & sponsored content

Our Korea Simulation experience may show maps, landmarks, fictional cafés, and real or partner restaurants/cafés for language practice. Some locations may be sponsored or promotional — they are labelled in-game (e.g. “Sponsored” / “Partner”).[KR-AD]

  • Dialogue scenarios are for learning only — not professional travel, immigration, or legal advice.
  • We may log which scenarios you complete and choices you make to improve learning paths (contract/legitimate interest). We do not sell this data to sponsors.
  • Partner names, logos, and offers are provided by those businesses; their own terms apply if you visit or purchase from them.

13. Security & breaches

We use encryption, access controls, and monitoring. If a breach risks your rights, we will notify you and regulators as required by law.

14. Changes

We may update this policy. Material changes are posted here and may be emailed. Consent-based processing (marketing, camera, analytics) may need fresh consent after major changes.

privacy@malggu.com · Version 2026-06-22-v3 · Terms of Service

Cast your first Korean

Language is not just studying,
it is experiencing

Cast your first Korean

Language is not just studying,
it is experiencing

Cast your first Korean

Language is not just studying,
it is experiencing