Privacy policy

Last updated: May 24, 2026.

This policy explains how Dictable collects, uses, stores, shares, and protects personal data in connection with the website, application, accounts, profiles, learning activities, contests, payments, and institution services.

We apply the European General Data Protection Regulation (GDPR) where applicable, French data protection law, Ivorian Law No. 2013-450 on personal data protection, and any mandatory local rule.

Controller and contact

Dictable is operated by WAKKEH.

• WAKKEH Côte d'Ivoire: Angré 9ème tranche, 04 BP 412 Abidjan 04, Côte d'Ivoire.
• WAKKEH FRANCE: SAS registered under SIREN 992 692 798, SIRET 992 692 798 00018, registered office: Bureau 3, 5 rue Pleyel, 93200 Saint-Denis, France.

Depending on the contractual or geographic context, the data controller may be WAKKEH Côte d'Ivoire, WAKKEH FRANCE, or both for processing needed to operate Dictable. For people located in the European Economic Area, WAKKEH FRANCE also acts as the European contact point for GDPR matters.

Data protection contact: support@dictable.org

Data we process

We limit collection to data useful for the service. Depending on your use, we may process:

• Account and identity: username, first name, last name, email, phone, encrypted password, language, country, preferences, avatar, age or school level where necessary.
• Profiles and learning: profiles linked to an account, level, goals, learning preferences, completed activities, answers, corrections, scores, badges, rankings, progress, attempt history, and statistics.
• Institutions and groups: organization, admin/supervisor/member roles, classes or groups, invitations, assignments, member activity, and data needed for educational tracking.
• Contests and gamification: registrations, participation, results, leaderboards, rewards, and public profile elements when you join visible activities.
• Payments and billing: payment status, subscribed offer, amount, currency, transaction identifiers, and accounting records. Complete banking data, mobile money credentials, or full card numbers are processed by the relevant payment providers and are not stored by Dictable.
• Support, contact, and sales: messages, demo requests, email, phone, organization, expressed need, and exchange history.
• Technical data: IP address, security logs, device, browser, pages viewed, errors, cookies and trackers according to your choices.

We do not seek to collect special category data under the GDPR. If you send such data voluntarily in a message, we may ask you to remove it or delete it when it is not necessary.

Purposes and legal bases

We process data for the following purposes:

• Create and manage accounts, profiles, subscriptions, and access: contract performance or pre-contractual steps.
• Provide activities, tracks, corrections, contests, leaderboards, and statistics: contract performance.
• Manage institutions, classes, groups, and roles: contract performance and legitimate interest in educational organization.
• Process payments, invoices, refunds, and accounting obligations: contract performance and legal obligation.
• Secure the platform, prevent fraud, detect abuse, and maintain necessary logs: legitimate interest and legal obligation where applicable.
• Respond to support, contact, demo, or partnership requests: pre-contractual steps and legitimate interest.
• Improve the product, measure audience, and analyze usage: legitimate interest for strictly necessary measures or consent when optional cookies or trackers require it.
• Send useful or marketing communications: consent where required, or limited legitimate interest for existing users, with opt-out.
• Comply with legal, tax, accounting, judicial, or regulatory obligations: legal obligation.

Where processing relies on consent, you may withdraw it at any time without affecting processing already carried out.

Required data

Some data is required to create an account, access an activity, join an institution, enter a contest, or make a payment. If you refuse to provide it, the relevant service may be unavailable or limited.

Optional data is used to personalize the experience, improve support, or facilitate exchanges. It may be ignored when the form allows it.

Recipients

Data may be accessed, within the limits of their roles, by authorized WAKKEH staff, institution administrators or supervisors for members linked to their organization, and our technical providers.

Our providers may include hosting, infrastructure, email, consent-based analytics, support, security, payment, billing, accounting, and communication tools. They act only on instructions, for the intended purposes, and are subject to confidentiality and security obligations.

Payment providers may access the information needed only during payment, authorization, verification, refund, or anti-fraud operations. They may also retain certain data under their own responsibility when financial, accounting, or anti-fraud rules require it.

We may disclose data to an administrative, judicial, tax, or regulatory authority when required by law or to defend our rights.

International transfers

Dictable may be operated from Côte d'Ivoire, France, or by providers located in other countries. When data relating to people located in the European Economic Area is transferred outside the European Economic Area, we implement, where required, appropriate safeguards such as standard contractual clauses, contractual security commitments, and suitable technical measures.

Retention periods

We keep data for as long as necessary for the purposes above, then delete, anonymize, or archive it where the law requires it.

• Account and profile: for the life of the account, then deletion or anonymization after request or prolonged inactivity, unless otherwise required.
• Learning activity, scores, corrections, badges, and progress: for the useful life of the service, educational tracking, and user history.
• Institution data: for the duration of the institution contract, then archiving or deletion according to contractual and legal obligations.
• Payments, invoices, and accounting records: the applicable legal period, generally up to 10 years where accounting or tax rules require it.
• Support and contact: up to 3 years after the last exchange, unless contract follow-up or dispute requires more.
• Marketing: up to 3 years after the last active contact or until consent is withdrawn.
• Security logs: for a short and proportionate period, unless an incident, fraud, legal obligation, or evidence need requires longer.
• Cookies: according to the periods listed in the cookie policy.

Minors, families, and institutions

Dictable may be used by pupils or minor profiles. Where required, use must be authorized by a parent, legal representative, school, or authorized organization. Institution administrators and supervisors must create, import, or manage only profiles for which they have the necessary permissions.

We limit access to minors' data to authorized people and to educational or contractual needs.

Leaderboards, public profiles, and automated decisions

Some information may be visible in leaderboards, contests, or profile pages depending on the service settings: username, avatar, level, country, score, badges, or results. We avoid displaying directly identifying data when it is not necessary.

Dictable may automatically recommend activities or calculate scores based on learning activity. These processes do not produce a legal or similarly significant effect under the GDPR.

Cookies and preferences

Dictable uses cookies and similar technologies to operate the service, remember your choices, and, when you accept, measure audience. Categories, purposes, and retention periods are detailed in our cookie policy.

Strictly necessary cookies are required for the service to work. Analytics or marketing cookies are activated only according to your preferences when consent is required.

Security and confidentiality

We apply reasonable technical and organizational measures: access control, encrypted passwords, encryption where relevant, security logging, role limitation, backups, monitoring, and confidentiality clauses.

No online service can guarantee absolute security. If a data breach is likely to create a risk to your rights and freedoms, we will take the necessary measures and notify the competent authority or affected people where required by law.

Your rights

Depending on the applicable rules, you may request:

• access to your data;
• correction of inaccurate data;
• deletion of your data;
• restriction of processing;
• objection to certain processing;
• portability of data you provided where the GDPR applies;
• withdrawal of your consent;
• information about safeguards used for international transfers;
• instructions about what should happen to your data after death where French law applies.

To exercise your rights, email support@dictable.org. We may request reasonable proof of identity if necessary. We respond within the legally applicable time limits.

You may also lodge a complaint with the competent authority, including the CNIL in France (www.cnil.fr) or the competent Ivorian authority where Ivorian law applies.

Updates to this policy

We may update this policy to reflect changes to the service, the law, or our providers. If a significant change occurs, we will provide appropriate information on Dictable or by any suitable means.