Privacy Policy

📋 Overview

HiWord.AI ("we", "our", or "us") operates the HiWord.AI web application at hiword.ai and the HiWord.AI Chrome Extension. This Privacy Policy explains how we collect, use, and protect your information.

We are committed to protecting your privacy. We collect only the minimum data necessary to provide our vocabulary learning service.

📊 Information We Collect

We collect the following types of information:

• Account information — Username, email address, and (if using Google Sign-In) your Google profile name and avatar. Passwords are stored as salted hashes and never in plain text.
• Vocabulary data — Words you look up, save, or add to your learning queue. Spaced repetition review history (intervals, ease factors).
• Learning progress — Study streaks, review results, and deck progress used to power the SM-2 spaced repetition algorithm.
• Usage data — Basic analytics (page views, feature usage) via Google Analytics to help us improve the product. No personally identifiable data is sent to analytics.

🔌 Chrome Extension — Additional Data

The HiWord.AI Chrome Extension additionally handles:

• Dictionary lookups — Words you double-click on webpages are sent to our API (hiword.ai/api/dict-lookup) to retrieve definitions. We do not store the URLs or webpage content you visit.
• Authentication token — Stored locally in chrome.storage.local to keep you signed in. Never transmitted to third parties.
• Cached lookups — Dictionary results are cached locally in your browser to reduce API calls and enable offline use.
• Article import — When you use the "Import Article" feature, the text of the current webpage is extracted and sent to HiWord.AI for reading practice. We do not store raw article content beyond the duration of your reading session.

The extension does not monitor your browsing history, track which websites you visit, or collect any data unrelated to vocabulary learning.

🔑 Google Sign-In

If you choose to log in with Google, we receive your Google account's:

• Email address
• Display name
• Profile picture URL
• Unique Google account ID (used to link your account)

We do not receive your Google password or access to your Google Drive, Gmail, or any other Google services. Google authentication is handled via OAuth2 through chrome.identity (Chrome Extension) or Google Identity Services (web app).

🛡️ How We Use Your Data

• To provide and improve the vocabulary learning service
• To sync your word lists and learning progress across devices
• To power the SM-2 spaced repetition algorithm for personalized review scheduling
• To authenticate your account securely
• To generate anonymous usage statistics (no PII) to improve the product

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.

🗄️ Data Storage & Security

Your data is stored in a cloud database (Turso/libSQL) hosted on AWS US-East-1. We use HTTPS for all data transmission. Passwords are hashed with PBKDF2-SHA512 (120,000 iterations, per-user salt) and never stored in plaintext.

Local data (authentication token, cached dictionary results, favorites) is stored in your browser's localStorage or chrome.storage.local and is never transmitted to third parties.

🗑️ Data Deletion & Account Removal

How to delete your account:

• iOS App (fully self-service): open the HiWord app → Settings → Account → Delete Account. You will be asked to confirm by typing DELETE MY ACCOUNT. The deletion is instant and does not require manual review.
• Web: account self-deletion is not yet available in the web app. Contact support@hiword.ai from your registered email and we will action your request within 14 days.
• Chrome Extension: to clear local extension data, remove the extension from Chrome or clear its storage via chrome://extensions.

What happens after you delete your account:

1. Your account is immediately marked as deleted. You will no longer be able to log in with this account from any client.
2. Your learning data (SRS progress, favorites, streak, push subscriptions, daily-path cache, rate-limit logs) is retained for 30 days, then permanently deleted.
3. Within 30 days, you may request restoration by emailing support@hiword.ai from the email associated with your account.
4. After 30 days, all data is permanently deleted and cannot be recovered.
5. For audit and abuse-prevention purposes, we retain only your username, account-link identifiers (Apple Sub / Google Sub if applicable), and the deletion timestamp in an audit log (no learning content, no contact info if you signed in with Apple Hide-My-Email).

GDPR Article 17 / China PIPL rights: You can request to view, modify, export, or delete your personal data at any time by contacting support@hiword.ai. We will respond within 30 days.

👶 Children's Privacy

HiWord.AI is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it promptly.

🔄 Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by updating the "Last updated" date at the top of this page. Continued use of HiWord.AI after changes constitutes acceptance of the updated policy.

📧 Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: hi@hiword.ai
• Website: hiword.ai