Legal
Privacy Policy
Last updated: 8 April 2026
Constructing Language ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the rights you have over your data. It applies to all visitors and customers of constructinglanguage.com and any related services.
By using our website or purchasing a course, you agree to the practices described in this policy. If you do not agree, please do not use our services.
1. Who We Are
Constructing Language is an online language education platform offering audio courses, course books, and free learning resources for Japanese and Mandarin Chinese. Our website is operated by Luke Marchetti (the "Owner"). For data protection enquiries, please contact us at [email protected].
2. What Data We Collect
We collect personal data in the following categories:
| Category | Examples | How collected |
|---|---|---|
| Account data | Name, email address, hashed password | Registration form |
| Purchase data | Course purchased, payment reference (Stripe ID), transaction date | Stripe checkout |
| Newsletter data | Email address, subscription date, unsubscribe token | Newsletter signup form |
| Usage data | Pages visited, browser type, referring URL, IP address | Automatically via analytics |
| Communications | Messages sent to us via email or contact forms | Direct contact |
We do not store full card numbers, CVV codes, or any raw payment credentials. All payment processing is handled by Stripe, which operates under its own privacy policy.
3. How We Use Your Data
We use your personal data for the following purposes:
- To provide your course access — we use your account and purchase data to authenticate you and deliver the courses you have purchased.
- To process payments — we pass your name and email to Stripe to complete transactions and issue receipts.
- To send purchase confirmations — after a successful payment, we send a confirmation email via Resend.
- To send newsletters — if you have subscribed, we send periodic emails about new courses, resources, and language learning tips. Every email includes an unsubscribe link.
- To improve our website — we use anonymised analytics data to understand how visitors use the site and improve the experience.
- To comply with legal obligations — we may retain transaction records as required by applicable tax and financial regulations.
We do not sell, rent, or trade your personal data to third parties for marketing purposes.
4. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA) and United Kingdom, we process your personal data under the following legal bases:
| Processing activity | Legal basis |
|---|---|
| Account creation and course delivery | Performance of a contract (Art. 6(1)(b) GDPR) |
| Payment processing | Performance of a contract (Art. 6(1)(b) GDPR) |
| Newsletter emails | Consent (Art. 6(1)(a) GDPR) — you may withdraw at any time |
| Analytics and site improvement | Legitimate interests (Art. 6(1)(f) GDPR) |
| Tax and financial record-keeping | Legal obligation (Art. 6(1)(c) GDPR) |
5. Third-Party Services
We use a small number of trusted third-party services to operate the website. Each service processes data under its own privacy policy:
| Service | Purpose | Privacy policy |
|---|---|---|
| Stripe | Payment processing | stripe.com/privacy |
| Resend | Transactional and newsletter email delivery | resend.com/privacy |
| Amazon S3 | Secure file storage (course files, PDFs, images) | aws.amazon.com/privacy |
6. Cookies
We use a single session cookie to keep you logged in to your account. This cookie is strictly necessary for the website to function and does not track you across other websites. We do not use advertising cookies or third-party tracking cookies.
You can disable cookies in your browser settings, but doing so will prevent you from staying logged in to your account.
7. Data Retention
We retain your personal data for as long as necessary to provide our services and comply with legal obligations:
- Account data — retained for the lifetime of your account. You may request deletion at any time.
- Purchase records — retained for 7 years to comply with tax and financial regulations.
- Newsletter subscriptions — retained until you unsubscribe. Every email includes a one-click unsubscribe link.
- Analytics data — retained in anonymised, aggregated form indefinitely.
8. Your Rights
Under GDPR (and equivalent UK data protection law), you have the following rights regarding your personal data:
- Right of access — you may request a copy of the personal data we hold about you.
- Right to rectification — you may ask us to correct inaccurate data.
- Right to erasure — you may request deletion of your data, subject to legal retention obligations.
- Right to restrict processing — you may ask us to limit how we use your data in certain circumstances.
- Right to data portability — you may request your data in a structured, machine-readable format.
- Right to object — you may object to processing based on legitimate interests.
- Right to withdraw consent — where processing is based on consent (e.g. newsletters), you may withdraw at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority (in the UK: the ICO; in the EU: your national supervisory authority).
9. Email Communications (CAN-SPAM)
In compliance with the US CAN-SPAM Act, all marketing emails we send will clearly identify the sender, include a physical or electronic mailing address, and contain a clearly visible unsubscribe link. We will honour all unsubscribe requests within 10 business days.
To unsubscribe from our newsletter, click the unsubscribe link in any email we send, or contact us directly at [email protected].
10. Children's Privacy
Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted HTTPS connections, hashed password storage (bcrypt), JWT-signed session cookies, and access-controlled file storage (Amazon S3). No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
12. International Data Transfers
Our servers and third-party service providers may be located outside the EEA or UK. Where data is transferred internationally, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses or adequacy decisions) in accordance with GDPR requirements.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify registered users by email. Continued use of the website after any changes constitutes your acceptance of the updated policy.
14. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us at: