Arpi Labs

Privacy Policy

WordsUp mobile application and related services
Effective date: July 4, 2026 · Version 1.0

This Privacy Policy explains how we collect, use, store, and share personal data when you use the WordsUp mobile application, the website wordsupapp.click, and related services (together, the "Services"). This Policy applies together with the Terms of Use. By using the Services you acknowledge that you have read and understood this Policy.

1. Data controller

2. Data we collect

Data you provide directly:

Technical data collected automatically:

Product analytics: app opens, learning session events, key in-app actions (viewing the premium screen, starting and completing a purchase, marking words as learned, completing exercises), and aggregate progress counters.

Payment-related data: payment identifiers, tokenized payment method references, amount, currency, date and status of transactions, selected plan, and applied promo code. We never receive or store card numbers, CVV codes, or other payment credentials — these are processed exclusively by the payment processor.

Error monitoring data: error messages, stack traces, the sequence of in-app actions preceding an error, and device/environment information.

Data stored only on your device: your dictionary, learning progress, repetition schedule, statistics, and settings are stored locally on your device and are not routinely transmitted to us. They may be shared with us only at your initiative as part of a support request.

3. Purposes and legal bases

We process personal data for the following purposes:

4. Third parties and processors

We share personal data only to the extent necessary for the purposes above, with the following categories of recipients:

Product analytics is processed on our own infrastructure and is not shared with third parties for analytics purposes. We may also disclose personal data to public authorities where required by applicable law, and to professional advisers (lawyers, accountants, auditors) bound by confidentiality obligations.

We do not sell personal data and do not share it for advertising or marketing purposes.

5. International data transfers

Some of the recipients listed above are located outside the Republic of Armenia, including in the United States (Google LLC, Apple Inc., Functional Software, Inc., 650 Industries, Inc.) and Ireland (Google Ireland Limited), as well as other countries where these providers or their subprocessors operate data centers. Where personal data is transferred internationally, we limit the transfer to the minimum necessary and rely on the safeguards offered by the respective providers.

6. Data retention

7. Your rights

Subject to applicable law, you have the right to:

To exercise your rights, email us at arpilabs@gmail.com with the subject "Data subject request", specifying the email address used in the Services and the substance of your request. We may ask for additional information to verify your identity. We respond within 30 calendar days; if more time is needed, we will notify you of the reason and the new deadline. Deleting your account does not remove records we are legally required to keep (such as payment records); these are retained for the statutory period with the minimum necessary scope of data.

8. Children

The Services are not intended for children under 16 without the consent of a parent or legal guardian. We do not knowingly collect personal data from children under 16. If we learn that such data has been collected without the required consent, we will delete it promptly.

9. Cookies and local storage

The website may use cookies and similar local storage technologies (LocalStorage, SessionStorage) for authentication, protection against automated abuse, and basic technical diagnostics. The mobile application uses the operating system's local storage facilities (an on-device database, key-value storage, and the system keychain/keystore) to store data required for app functionality. This data remains under your control and can be removed using standard operating system tools (deleting the app or clearing its data).

10. Security

We apply organizational and technical measures appropriate to the risk, including TLS encryption in transit, storage of tokens in the operating system's secure storage, separate secrets for different token types, restricted administrative access with key-based authentication, firewalls, encrypted backups with integrity checks, and tokenization of payment methods. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Changes to this policy

We may update this Policy from time to time. The current version is always available at https://wordsupapp.click/privacy, with the effective date shown at the top. If the changes are material, we will notify you through the app or by email. Continued use of the Services after a new version takes effect constitutes acceptance of that version.

12. Governing law

This Policy is governed by the laws of the Republic of Armenia. Nothing in this Policy limits any rights you may have under mandatory provisions of the law applicable in your place of residence.

13. Contact

FAIZOV ARTUR, Individual Entrepreneur (Republic of Armenia)
Email: arpilabs@gmail.com
Website: https://wordsupapp.click/