Privacy policy

Last updated: 13 April 2026

1. Introduction

Glosportal is a web-based platform for vocabulary practice. This privacy policy describes how we collect, use, and protect your personal data when you use the service.

2. Personal data we collect

For teachers:

  • Email address: Used for registration, sign-in, and communication
  • Name: Used to identify you in the system
  • Word lists: Vocabulary and lists you create and save
  • Sessions: Information about practice sessions you create (name, exercises, deadline)

For students:

  • Student name: Name students enter when joining a session (optional)
  • Progress: Which exercises were completed, results, attempts, and rounds
  • Session participation: Which sessions the student joined and when

3. How we use your personal data

  • To provide and improve our service
  • To let teachers create and manage word lists and sessions
  • To let students join practice sessions and track their progress
  • To give feedback and results on exercises
  • To handle authentication and security

4. Time-limited retention and automatic deletion (GDPR)

All data tied to a practice session is deleted automatically in line with GDPR.

  • Ended sessions (after deadline): When a session's deadline has passed, the session moves to "Ended sessions" and remains for at most 24 hours. After 24 hours the following are automatically and permanently deleted:
    • The session
    • All student participations (student_sessions)
    • All student progress (student_progress)
    • Quiz results (quiz_results)
    • Other session-related data
  • Permanent deletion: Deletion happens automatically after 24 hours and cannot be undone. No backup is taken of student data in ended sessions.
  • Sessions without a deadline: Sessions without a set deadline are not deleted automatically; they can be deleted manually by the teacher.

For students: Your progress and results in a session are permanently deleted within 24 hours after the session's deadline has passed.

5. Data protection and security

We use modern security measures to protect your personal data:

  • Encrypted storage via Supabase (PostgreSQL database)
  • Secure authentication with Supabase Auth
  • Row Level Security (RLS) to restrict data access
  • HTTPS encryption for all data transfer

6. Your rights under GDPR

As a user you have the following rights:

  • Right of access: You can request information about which personal data we hold about you
  • Right to rectification: You may update or correct your personal data at any time
  • Right to erasure: You may request deletion of your personal data (except data we are legally required to keep)
  • Right to data portability: You may request a copy of your personal data in a structured format
  • Right to object: You may object to certain types of processing of personal data

To exercise your rights, contact us at: info@glosportalen.nu

7. Cookies and tracking

We use cookies to manage authentication and sessions. For more detail, see our Cookie policy.

8. Sharing of data

We do not share your personal data with third parties, except:

  • Supabase: Database provider; stores data under its own privacy policy.
  • Azure Speech Service: Used for pronunciation analysis in the "Pronounce the word" exercise. Audio is sent for analysis and is not stored.
  • OpenAI: Used to generate cloze sentences. No personal data is sent.

9. Contact

Questions about this policy: info@glosportalen.nu

10. Changes

This policy may be updated. Material changes will be published on this page with an updated date under "Last updated".