Privacy Policy
Lupa Vision Last updated: April 17, 2026
Orange Hill GmbH ("we", "us", "our") operates the Lupa Vision mobile application ("Lupa", "the App"). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use Lupa.
We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR) and applicable Austrian data protection law.
1. Data Controller
Orange Hill GmbH Otto-Bauer-Gasse 4/4 1060 Wien, Austria
Email: privacy@orangehill.ai
2. What Data We Collect
2.1 Account Data
When you create an account, we collect:
- Email address — required for all sign-in methods
- Name — optional, provided by you or your identity provider
- Authentication identifiers — Apple ID or Google ID (opaque identifiers, not passwords)
- Avatar URL — if provided by your identity provider
- Locale preference — your preferred language setting
2.2 Lookup Data
When you use Lupa to look up words, we store:
- Word and translation — the word you selected and its translation
- Source and target language
- Part of speech and definition
- Context translation — if surrounding text was used for context
- Lookup source — whether the result came from the local dictionary (WordNet) or AI translation
- Timestamp — when the lookup occurred
2.3 Voice Data
When you use voice word selection (hold your finger and speak a word):
- Audio recording — a short audio clip (typically 1–5 seconds) is recorded on your device
- The audio clip is sent to our server, which forwards it to a third-party speech-to-text service for transcription
- Transcription text — the transcribed text is stored in your lookup history alongside the lookup entry
- Audio clip storage (optional) — if "Save Media" is enabled in Settings, the audio clip is stored on our servers and associated with your lookup history. If disabled, the audio clip is discarded after transcription
- You can disable audio storage at any time in Settings by turning off "Save Media"
2.4 Photos (Optional)
If you have "Save Media" enabled in Settings (on by default for all signed-in users):
- Snapshot — a compressed photo of what you were viewing when you looked up a word
- Photos are stored on our servers and associated with your lookup history
- You can view saved photos from your lookup history at any time
- You can disable photo and audio storage at any time in Settings by turning off "Save Media"
2.5 Usage Data
We collect anonymized usage data through Firebase Analytics (Google Analytics for Firebase) to understand how the App is used:
- App opens and session duration
- Feature usage (lookups, favorites, translations)
- Subscription events (trial activation, purchases)
- Device type, OS version, and app version
- Crash reports
This data is collected using Google's Firebase SDK. See Google's Privacy Policy for details on how Google processes analytics data.
2.6 Camera and Microphone
- Lupa accesses your device camera to read text
- Camera frames are processed entirely on your device for text recognition (OCR)
- Camera frames are never transmitted to our servers, except when you explicitly look up a word and photo storage is enabled (see 2.4)
- The front-facing camera may be used for the lens reflection effect. Front camera data is processed on-device only and is never stored or transmitted
- Lupa accesses your device microphone when you use voice word selection (see 2.3). Microphone access is only active while you hold your finger on screen during voice selection — it is never used in the background
2.7 Data We Do NOT Collect
- We do not collect your location
- We do not access your contacts, calendar, or other personal data
- We do not access your photo library
- We do not collect biometric data
- We do not use cookies (Lupa is a native mobile app)
3. How We Use Your Data
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Provide the translation service | Lookup data, account data | Performance of contract (Art. 6(1)(b)) |
| Voice word selection | Audio recording, transcription text | Performance of contract (Art. 6(1)(b)) |
| AI-powered translations | Selected text, context, target language | Performance of contract (Art. 6(1)(b)) |
| Sync history across devices | Lookup data, account data | Performance of contract (Art. 6(1)(b)) |
| Manage your subscription | Account data, purchase data | Performance of contract (Art. 6(1)(b)) |
| Send onboarding emails | Email address, name | Legitimate interest (Art. 6(1)(f)) |
| Improve the App | Anonymized usage data | Legitimate interest (Art. 6(1)(f)) |
| Prevent abuse and enforce limits | Account data, usage counts | Legitimate interest (Art. 6(1)(f)) |
4. AI Translation Processing
When you request an AI translation (by pulling down on the definition card), the following data is sent to our server:
- The selected word or phrase
- Surrounding context text (if available)
- Your target language preference
Our server forwards this to a third-party AI service to generate the translation. The AI service provider processes this data under a data processing agreement and does not use API inputs to train their models.
We store the AI request and response in your lookup history so you can review past lookups.
5. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Third-party AI service | AI translations | Selected text, context, target language |
| Third-party speech-to-text service | Voice transcription | Short audio clips (1–5s) |
| Firebase / Google Analytics | Usage analytics, crash reporting | Anonymized usage events, device info |
| Apple Sign-In | Authentication | Apple ID token |
| Google Sign-In | Authentication | Google ID token |
| Third-party email service | Onboarding emails | Email address, name, locale |
| Apple App Store | Subscription management | Purchase data (managed by Apple) |
We maintain data processing agreements with all third-party service providers. A current list of sub-processors is available upon request by emailing privacy@orangehill.ai.
6. Data Storage and Security
- Account data and lookup history are stored on servers located in the European Union
- Data is transmitted using TLS encryption (HTTPS)
- Authentication tokens are stored securely in the iOS Keychain on your device
- Server access is restricted and protected by standard security measures
- Photos and audio clips are stored on our server filesystem and are not publicly accessible
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until you delete your account |
| Lookup history | Until you delete individual entries or your account |
| Photos | Until you delete individual entries or your account |
| Audio clips | Until you delete individual entries or your account |
| Analytics data | 14 months (Firebase default) |
| Email marketing data | Until you unsubscribe or delete your account |
When you delete your account, all associated data (profile, history, photos, audio clips, favorites) is permanently deleted from our servers within 30 days.
8. Your Rights (GDPR)
As a data subject under the GDPR, you have the following rights:
- Access — Request a copy of the personal data we hold about you
- Rectification — Request correction of inaccurate data
- Erasure — Request deletion of your data ("right to be forgotten")
- Restriction — Request that we limit processing of your data
- Portability — Receive your data in a structured, machine-readable format
- Objection — Object to processing based on legitimate interest
- Withdraw consent — Where processing is based on consent, withdraw it at any time
To exercise any of these rights, email us at privacy@orangehill.ai.
To delete your account and all data, you can also use the "Delete Account" option in the App (Settings > Delete Account). This immediately triggers permanent deletion.
You also have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehorde): dsb.gv.at.
9. International Data Transfers
Your data is primarily processed within the EU. When data is transferred outside the EU (e.g., to third-party AI and speech-to-text services in the United States, or to Google for analytics), such transfers are protected by:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- The service provider's adherence to applicable data protection frameworks
10. Children's Privacy
Lupa is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us at privacy@orangehill.ai and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Updating the "Last updated" date at the top of this page
- Displaying a notice in the App for significant changes
Your continued use of Lupa after changes constitutes acceptance of the updated policy.
12. Contact
For any questions about this Privacy Policy or your personal data:
Orange Hill GmbH Otto-Bauer-Gasse 4/4 1060 Wien, Austria Email: privacy@orangehill.ai