Privacy Policy
Last updated · 1 July 2026
lemmaro is a browser extension that helps you learn vocabulary while you read. This policy explains what it processes on your device, the small amount it sends to our servers to look a word up, who we share data with, and the choices you have. The data controller isAndriy Moskalyuk (sole trader / Einzelunternehmen), based in Germany — see theImpressum for full legal details. You can reach us athello@lemmaro.com for anything in this policy.
What stays on your device
Most of lemmaro runs locally. The text of the pages you read is parsed in your browser to decide which words to highlight — that page text is not sent anywhere. The on-device language models used for parsing and meaning detection are downloaded to your browser once and then run offline. Your reading position, highlight states, app settings, and a local cache of previously looked-up dictionary entries live in your browser's own storage on your device.
What we send to our servers
Some features can't run fully on-device. When you look a word up or ask us todisambiguate a meaning, the word and the surrounding sentence are sent to our backend so it can return the right sense, definition, and examples. We send only what that lookup needs — not your whole page, and not your browsing history.
The data we hold on our servers is:
- Account data — your email address and authentication details when you create an account or sign in.
- Learning data — the words you save, your review history, and your learning settings (such as your language and level), so your progress syncs across devices.
- Lookup requests — the term and its sentence context, used to answer the lookup and to improve sense accuracy over time.
Who we share data with
We use a small set of processors, strictly to operate the service. We do not sell your data or use it for advertising.
- Authentication (Google) — if you choose “Sign in with Google”, Google handles that sign-in and shares your basic profile (email, name) with us. Email/password sign-in does not involve Google.
- Payments (Lemon Squeezy) — when you subscribe, our merchant of record, Lemon Squeezy, processes the payment and related billing data. We never see or store your full card details.
- AI language processing (DeepSeek) — when you use sentence translation or AI-generated examples and exercises, the relevant word and its sentence context are sent to DeepSeek to produce the result. Reading and word highlighting do not use this.
- Hosting & backups — the service runs on a self-hosted server (Hetzner Online GmbH — verify your hosting provider) with database backups stored off-site (verify your actual backup provider).
- Model & asset delivery — the on-device models and language files are downloaded from public content-delivery networks (e.g. Hugging Face and our own storage). These downloads carry only your IP address, inherent to any web request; no account or learning data is sent.
International transfers
Some of the processors above are located outside the EU/EEA (for example, in the United States, and DeepSeek in China). Where your data is transferred outside your region, we rely on appropriate safeguards such as the providers' standard contractual clauses. If you would rather not have sentence context processed by DeepSeek, simply don't use the sentence-translation and AI-example features — the rest of lemmaro works without them.
Legal basis & retention
We process this data to provide the service you asked for (contract) and to keep it secure and working (our legitimate interest). We keep account and learning data for as long as your account is active. When you delete your account, we delete your live account and learning datawithin 30 days, and purge it from encrypted backups within 90 days after that. Anonymous, aggregated data used to improve sense accuracy may be retained longer, as it can no longer be linked to you.
Security
Traffic between the extension and our servers is encrypted in transit (HTTPS). Access to production data is restricted, and database backups are encrypted. No system is perfectly secure, but we take reasonable measures to protect your data.
Children
lemmaro is not directed at children under 13, and you must be at least 13 to use it. If you believe a child under 13 has given us personal data, contact us and we will delete it.
Your rights
If you're in the EU/EEA or UK, you can request access to, correction of, export of, or deletion of your data, and you can object to or restrict certain processing. To exercise any of these, email hello@lemmaro.com. You may also complain to your local data-protection authority.
Changes to this policy
We may update this policy as the product evolves; we'll post the new version here and update the date above. Material changes will be communicated where appropriate.
Contact
Questions about this policy or your data? Reach us athello@lemmaro.com.