blas.blas.
HomeArchive
Tables
blas.blas.
blas.

Privacy Policy

Last updated: 8 May 2026

blas. (“we”, “us”, “our”) operates the blas. mobile applications (iOS and Android), the website at blasapp.com, and the blas. Grammar Checker browser extension (collectively the “Service”). This privacy policy explains what data we collect, why, and your rights.

1. Data we collect

Account data

If you create an account, we store your email address and a hashed password via our authentication provider (Supabase Auth). You can use the app without creating an account.

Learning data

Drill results, spaced-repetition schedules, session history, and progress data are stored on your device. If you sign in, this data syncs to our database (hosted by Supabase in the EU) so you can access it across devices.

Analytics

We use PostHog (EU cloud, Frankfurt) to collect anonymised usage analytics: screens visited, drills completed, session duration, and app version. Analytics are only collected if you opt in via the “Share usage data” setting. We do not use analytics for advertising or sell this data.

Research data

blas. is built around Irish and Welsh — minority languages where almost no large-scale data exists on how adults actually learn them. To improve the app and contribute to Celtic-language learning research, we record per-drill data each time you answer a question: which drill you saw, what you answered, whether it was correct, how long you took, and the spaced-repetition state of the item. This data is tied to your pseudonymous user ID (a UUID), not to your name, email, or any free-text content — drill inputs are constrained to short words and phrases drawn from our curated content.

We rely on the legitimate interest lawful basis under Article 6(1)(f) GDPR to process this data. We have carried out a balancing test: the data is pseudonymous, never joined to identifying information for analysis, cannot be used to profile you in any decision that affects you, and supports a documented public-interest research purpose (how adults acquire Celtic mutations and grammar). Aggregate results may be published in academic papers or open datasets; no output will identify individual learners.

You have the right to object at any time. Email privacy@blasapp.com with the subject “research objection” and we will stop collecting new research rows for your account within 7 days. Previously collected rows are retained only in pseudonymised aggregate form. You can also delete your account in-app (Settings > Delete account), which permanently removes all research rows tied to your user ID within 30 days.

TTS requests

When you play audio pronunciations, requests are routed through our server to third-party text-to-speech providers (ABAIR.ie for Irish, techiaith.cymru for Welsh, Microsoft Azure as fallback). We do not log the content of these requests.

AI features (optional)

If you enable AI features (conversation practice, writing feedback, weekly progress insights), the following data is sent to OpenAI (via our Supabase Edge Functions) for processing:

  • Your typed or spoken text (conversation messages, writing compositions)
  • Conversation history within the current session
  • Your language level (e.g. CEFR level) and target language
  • Aggregated learning statistics for weekly reports (drill counts, accuracy rates, error categories)

No personal information (name, email, account ID) is included in data sent to OpenAI. OpenAI processes this data to generate responses and does not retain it after processing. OpenAI’s data usage policies are available at openai.com/policies.

AI features require separate, explicit consent before any data is shared. You can enable or revoke AI consent at any time in Settings > Privacy & Data.

Grammar Checker browser extension

The blas. Grammar Checker extension processes text entirely on your device. The text you type into any webpage is tokenised, tagged, and checked against our rule set inside the extension’s own service worker. At no point is the text sent to our servers or any third party.

The extension ships its Irish and Welsh lexicon files inside the extension package. It makes network requests only for explicit optional features:

  • Account linking — if you link the extension to your blas. account, the website mints a scoped extension token. The extension never stores your password or full Supabase session.
  • Save to blas. — when you click “Save”, the selected word or suggested form, language, and optional sentence context are sent to blas. so the item can appear in your saved words.
  • Synced ignores — when linked, ignored suggestions sync by rule id and ignore key only. Raw snippets are not synced.
  • False-positive reports — if you choose “Report false positive”, only the fields you explicitly include in the report form are sent.
  • Model-improvement examples — if you choose “Share example to improve blas.”, the extension shows the exact flagged text, suggested correction, and sentence context before sending them with your judgement for human review.
  • Optional analytics — if you enable the “Share anonymous usage data” toggle in extension Settings, the extension sends anonymised events to PostHog (US cloud ingestion endpoint) describing which language was selected, which rule categories fired, and the domain of the site you were typing on (e.g. mail.google.com). No text content is ever included. Analytics is off by default.

The extension stores your language preference, formal/casual register mode, strictness, Irish dialect preference, disabled rule categories, weekly summary counts, account-link token (if linked), sync queues, explicitly shared model-improvement examples waiting to send, and your local list of ignored issues in chrome.storage.local on your own device. Uninstalling the extension deletes the local copy.

A neural part-of-speech tagger model (~1 MB, hosted on blasapp.com) is declared in the extension manifest as a capability but is currently disabled in production. If it is re-enabled in a future version, the model is fetched once on first use and cached in chrome.storage.local; the tagger then runs locally. Your text is never sent to the CDN — only the model is downloaded from it.

2. How we use your data

  • To provide the core learning experience (drills, scheduling, progress tracking)
  • To sync progress across your devices (if signed in)
  • To improve the app based on aggregated, anonymised analytics (if opted in)
  • To send daily reminders (if enabled, via device-local notifications)
  • To process subscription purchases and verify receipts

3. Third-party services

  • Supabase (EU) — authentication, database, edge functions
  • PostHog (EU, Frankfurt for app analytics; US cloud ingestion endpoint for optional browser-extension analytics) — anonymised analytics (opt-in only)
  • Apple / Google — app distribution, in-app purchases, push notifications
  • ABAIR.ie / techiaith.cymru / Microsoft Azure — text-to-speech
  • OpenAI — AI-powered conversation, writing feedback, and weekly insights (opt-in only, no personal data shared)
  • Firebase Cloud Messaging — push notification delivery

4. Data retention

We retain your account and learning data for as long as your account is active. If you delete your account (Settings > Delete account), all data is permanently erased from our servers within 30 days. Local data is cleared immediately.

5. Your rights (GDPR)

We respect your data rights under the GDPR and equivalent regulations:

  • Access — request a copy of your data by emailing us
  • Erasure — delete your account in-app (Settings > Delete account) or email us
  • Portability — request your data in a machine-readable format
  • Rectification — update your email in account settings
  • Withdrawal of consent — revoke analytics or AI consent at any time in Settings
  • Objection to research use — email privacy@blasapp.com (see “Research data” above)

6. Children’s privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

7. Security

We use industry-standard measures to protect your data: encrypted connections (TLS), hashed passwords, row-level security on our database, and limited access to production systems.

8. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes via the app or email. Continued use of the Service after changes constitutes acceptance.

9. Contact

Questions about this policy? Email us at privacy@blasapp.com.

blas.
TermsBlog