This Privacy Policy explains how MuntligB1 collects, uses, and protects your personal data when you use our service to prepare for the Norwegian oral language exam (Norskprøve).
MuntligB1 is operated by BANI YOUNES, a sole proprietorship registered in Norway. We process your data in line with the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (Personopplysningsloven).
If you have any questions about this policy or how we handle your data, email us at privacy@muntligb1.com.
Who is responsible for your data
The data controller responsible for your personal data is:
Legal entityBANI YOUNES (sole proprietorship)
Organization number934 103 424
CountryNorway
Contactprivacy@muntligb1.com
What data we collect
We collect only the data needed to provide and improve the service:
Account data — Your email address, a hashed (encrypted) password, and your display name.
Usage data — Your progress per topic, streaks, weak topics, assessment results, and practice history.
Audio data — Voice recordings you make during speaking exercises. These are transient — sent to our transcription provider, converted to text, and never stored on our servers.
AI feedback data — Transcripts of your speaking practice, sent to our AI provider for evaluation and feedback.
Analytics data — Page views, clicks, session recordings, and device information, collected through analytics tools.
Cookies — Essential session cookies that keep you signed in, and non-essential analytics cookies (see the Cookies section below).
Why we are allowed to process your data
Under GDPR Article 6, we rely on the following legal bases:
Contract — Processing necessary to deliver the service you sign up for — your account, progress tracking, and exam practice.
Legitimate interest — Improving the product, fixing problems, and keeping the service secure.
Consent — Non-essential analytics. An active cookie consent banner lets you accept or decline (see the Cookies section).
How we use your data
To deliver the service: your account, saved progress, and practice history.
To transcribe your speech and give you feedback on your spoken Norwegian.
To respond to support requests and communicate with you about your account.
To understand how the service is used so we can improve it.
Third parties who process your data
We use trusted providers to run the service. Each processes only the data needed for its specific purpose:
Provider
Purpose
Region
Retention
Notes
Supabase
Database, authentication, file storage
EU (eu-west-3, Ireland)
Until account deletion
GDPR-compliant region
Deepgram
Speech-to-text transcription
EU (api.eu.deepgram.com)
Not retained beyond transcription
GDPR processor, SCCs in place
Anthropic (Claude API)
AI feedback on speaking exercises
US with SCCs
30 days, no training on API data
Per Anthropic Privacy Policy
Netlify
Hosting, serverless functions
US with SCCs
Per Netlify policy
Standard hosting provider
Stripe
Payment processing and subscription management
US/EU with SCCs
Per Stripe policy / as required by Norwegian accounting law
We never store full card details
Microsoft Azure (Speech)
Text-to-speech (spoken prompts/example answers)
EU (Norway East), with SCCs
Not retained beyond generating the audio
Processes text only
Google Analytics
Usage analytics
US with SCCs
Per Google policy
Requires consent (see Cookies section)
Meta Pixel
Marketing analytics
US with SCCs
Per Meta policy
Requires consent (see Cookies section)
Microsoft Clarity
Session replay analytics
US with SCCs
Per Microsoft policy
Requires consent (see Cookies section)
International data transfers
We host your account data and audio transcription in the EU wherever possible — Supabase (database, authentication, storage) runs in eu-west-3 (Ireland), and Deepgram transcription uses its EU endpoint.
Some providers are based in the United States: Anthropic (AI feedback), Netlify (hosting), and our analytics tools. Transfers to these providers are covered by Standard Contractual Clauses (SCCs) — the safeguard approved by the European Commission for transferring personal data outside the EU/EEA.
How long we keep your data
We keep your data only as long as needed:
Account and usage data — Kept until you delete your account. When you delete your account, this data is removed.
Audio recordings — Not stored. Sent for transcription and discarded immediately afterward.
AI feedback transcripts — Retained by our AI provider (Anthropic) for up to 30 days, then deleted. Anthropic does not train its models on data sent through its API.
Analytics data — Retained according to each analytics provider's standard policy.
Your rights
Under GDPR, you have the following rights over your personal data:
Access — Request a copy of the data we hold about you.
Rectification — Correct data that is inaccurate or incomplete.
Erasure — Request full deletion of your account and data (the 'right to be forgotten').
Restriction — Ask us to limit how we process your data.
Portability — Receive your data in a portable, machine-readable format.
Objection — Object to processing based on legitimate interest.
Withdraw consent — Withdraw consent for analytics at any time.
Complaint — Lodge a complaint with Datatilsynet, the Norwegian Data Protection Authority (datatilsynet.no).
To exercise any of these rights, email us at privacy@muntligb1.com. You can delete your account directly from your account settings, or contact us and we will do it for you.
Cookies and analytics
We use essential cookies to keep you signed in and to make the service work. These are always active and cannot be turned off.
We also use analytics tools — Google Analytics, Meta Pixel, and Microsoft Clarity — to understand how the service is used and to improve it. These set non-essential cookies and may record session activity.
You control whether analytics tools run. When you first visit the site, you’ll see a consent banner asking you to accept or decline analytics. You can change your choice at any time by clicking “Manage cookies” in the footer. Your preference is stored for 12 months, after which we’ll ask again.
Children
MuntligB1 is not directed at children. We do not knowingly collect data from anyone under 13. If you believe a child has provided us with personal data, email privacy@muntligb1.com and we will delete it.
How we protect your data
Passwords are stored hashed, never in plain text.
All data is transmitted over encrypted connections (HTTPS).
Your account data and transcription are stored in EU-region infrastructure wherever possible.
Changes to this policy
We may update this policy from time to time. If we make a material change, we will notify you by email or with an in-app notice. The “last updated” date below always reflects the current version.
Contact us
For any privacy questions or to exercise your rights, email privacy@muntligb1.com.
You also have the right to contact or lodge a complaint with the Norwegian Data Protection Authority: Datatilsynet, datatilsynet.no.