Privacy Policy

1. Data Controller

Controller details are specified in the contact section below.

2. Types of Data Collected

2.1 Account Data

• Email address (via Google/Apple Sign-In)
• Username chosen by the user
• Authentication provider ID (Google/Apple)
• Language and theme preferences
• Notification settings

2.2 Learning Data

• Kanji study progress (JLPT level, kanji learned)
• Quiz statistics (correct/incorrect answers, response times)
• Collection of stamps and avatars acquired
• History of missions and objectives completed
• Spaced repetition system (SRS) data for learning
• Study streaks and habits

2.3 Usage Data

• Anonymous analytics on feature usage
• App performance and crash data
• Study sessions and usage time
• User interface interactions

2.4 Commercial Data

• In-app purchase history
• Payment receipts (managed by Apple/Google)
• Subscription status (active/expired)
• Payment methods (only via store)

2.5 Technical Data

• Device information (model, operating system)
• IP address (for security and geolocation)
• Unique device identifiers
• Security and audit logs

2.6 Approximate Geolocation

• Country of origin (ISO 2-letter code, e.g., IT, US, FR) derived from IP address ONLY on first login
• Timestamp of when country was tracked
• NO precise location (city, GPS coordinates) is collected
• NO device location permissions required
• IP address is NOT stored in the database

2.7 Social and Competition Data

• Global leaderboard rankings and positions
• Public display of nickname, avatar, cards, and stamps
• Competition scores and achievements
• Social interactions within the app

2.8 Friends System Data (v2.0)

• Friend codes (unique 8-character identifiers, e.g., A3F7-9K2L)
• Friend requests sent and received (status: pending, accepted, rejected)
• Friend relationships and connections
• Battle statistics between friends (wins, losses, draws)
• Blocked users list
• Friend suggestions based on mutual friends

2.9 Ganbatte System Data (v2.0)

• Ganbatte gifts sent and received (30 Tama coin gifts between users)
• Transaction history with timestamps
• Sender and receiver identifiers
• Push notification preferences for Ganbatte

2.10 User Safety and Reports Data (v2.0)

• User reports submitted (reporter identity, reported user, reason)
• Report categories (spam, harassment, inappropriate content, cheating, other)
• Moderation actions and admin notes
• Appeal requests and resolution status

2.11 Push Notifications Data (v2.0)

• Firebase Cloud Messaging (FCM) device tokens
• Notification preferences by type (friend requests, Ganbatte, rank changes)
• User language preference for localized notifications
• Notification delivery status and history

3. Purpose and Legal Basis for Processing

3.1 Essential Processing (Art. 6, para. 1, letter b GDPR)

• User account management and authentication
• Data synchronization across devices
• Delivery of app services
• Management of purchases and subscriptions
• Global leaderboard functionality and competition features
• Friends system (friend codes, requests, connections, blocking)
• Ganbatte system (sending and receiving coin gifts between users)
• Battle statistics between friends

3.2 Processing for Legitimate Interest (Art. 6, para. 1, letter f GDPR)

• App security and fraud prevention
• Performance and stability improvement
• Anonymous analytics for product development
• Technical support and issue resolution
• Technical communications regarding app updates, new features, and security fixes
• Global ranking system and competitive features
• Approximate geolocation (country only) for aggregate statistics and service improvement
• Friend suggestions based on mutual friends (you can opt-out in Settings → Privacy → Friend Suggestions)
• User safety and moderation (processing reports to maintain platform safety and comply with legal obligations)
• Content moderation to enforce Community Guidelines

3.3 Processing Based on Consent (Art. 6, para. 1, letter a GDPR)

• Push notifications for study reminders
• Push notifications for social interactions (friend requests, Ganbatte received, rank changes)
• Direct email marketing and promotional communications
• Advanced content personalization
• Social media sharing
• Participation in special events and contests

NOTE: You can manage notification preferences at any time in Settings → Notifiche, with granular controls for each notification type (friend requests, Ganbatte, rank changes, study reminders).

3.4 Processing for Legal Obligations (Art. 6, para. 1, letter c GDPR)

• Retention of tax data for purchases
• Security logs required by law
• Communications to authorities if requested

3.5 Implied Consent for Technical Communications

By downloading, installing, and using KANJIDON, and by accepting this privacy policy, you provide implied consent for receiving technical communications including:

• App update notifications
• New feature announcements
• Security patch information
• Service maintenance notifications
• Critical technical information necessary for app functionality

This implied consent is separate from marketing communications and is based on the legitimate interest of maintaining a functional and secure service.

4. Processing Methods

4.1 Security Measures

• AES-256 encryption for data at rest
• TLS 1.3 for data transmissions
• Multi-factor authentication for admin access
• Row Level Security on database
• 24/7 security monitoring
• Regular security audits and penetration testing

4.2 Data Minimization

• Collection of only strictly necessary data
• Automatic anonymization after 6 months
• Pseudonymization for analytics
• Automatic deletion of expired data
• Regular data cleanup procedures

5. Global Leaderboard and Social Features

5.1 Public Data Display

By participating in the global leaderboard, the following data becomes publicly visible to all KANJIDON users worldwide:

• Your chosen nickname/username
• Your selected avatar
• Cards and stamps you have earned
• Your ranking position and scores
• Achievement badges and levels

5.2 Competitive Features

• Global Rankings: Your position compared to other users worldwide
• Achievement Sharing: Display of earned cards, stamps, and badges
• Progress Visibility: Study milestones and accomplishments
• Anonymous Option: You can choose to participate anonymously in rankings

5.3 Privacy Controls for Social Features

• Profile Privacy Settings: Option to make your profile private
• Anonymous Mode: Participate in leaderboards without showing personal identifiers
• Selective Sharing: Choose which achievements to display publicly
• Opt-out Option: Complete removal from public leaderboards while maintaining personal progress

5.4 Friends System (v2.0)

What We Collect:

• Your unique friend code (automatically generated, e.g., A3F7-9K2L)
• Friend requests you send and receive
• Your list of confirmed friends
• Battle statistics between you and your friends (wins, losses, draws)
• Blocked users list

How We Use It:

• To connect you with other users via friend codes
• To enable social features (friend battles, Ganbatte gifts)
• To suggest potential friends based on mutual connections
• To maintain platform safety (blocking unwanted interactions)

Legal Basis: Performance of contract (Art. 6(1)(b) GDPR)

Your Rights:

• Remove friends anytime (Settings → Friends → Remove)
• Block users to prevent all interactions
• Delete your friend code (generates a new one automatically)
• Export your friends list (Settings → Privacy → Export Data)

5.5 Friend Suggestions (v2.0)

How It Works: We show you "friend suggestions" by analyzing your existing friends and finding users who have friends in common with you (mutual friends).

Legal Basis: Legitimate interest (Art. 6(1)(f) GDPR)

Why We Do This:

• Improves your experience by helping you discover meaningful connections
• Based only on friend relationships (no behavioral tracking or profiling)
• Suggestions are computed in real-time and not permanently stored

Your Privacy:

• We only use friend relationships already established
• No external data sources or behavioral tracking
• You can dismiss individual suggestions
• OPT-OUT AVAILABLE: Settings → Privacy → Friend Suggestions (toggle off)

Your Right to Object: You can object to friend suggestions at any time under Article 21 GDPR. Simply toggle off the feature in Settings → Privacy → Friend Suggestions, or contact our Data Protection Officer at info@kanjidon.com.

5.6 Ganbatte System (v2.0)

What We Collect:

• When you send or receive Ganbatte (30 Tama coin gifts)
• Your Ganbatte history (sender, receiver, timestamp)
• Total Ganbatte sent and received counters

How We Use It:

• To process the gift transaction (updating coin balances for both sender and receiver)
• To send push notifications to recipients (if they enabled notifications)
• To display Ganbatte statistics on user profiles (total received/sent)

Legal Basis: Performance of contract (Art. 6(1)(b) GDPR)

Push Notifications:

• Requires separate consent (Art. 6(1)(a) GDPR)
• Enable/disable: Settings → Notifiche → Ganbatte
• Managed via Firebase Cloud Messaging (see Section 6.3)
• You can withdraw consent anytime (your FCM token will be deleted within 24 hours)

5.7 User Reports and Safety (v2.0)

What We Collect:

• Your report submissions when you report another user
• Information about reported users (user ID, username)
• Report reason (spam, harassment, inappropriate content, cheating, other)
• Your description of the issue
• Moderation actions taken by our team

How We Use It:

• To investigate violations of our Community Guidelines
• To take enforcement actions (warnings, temporary suspensions, permanent bans)
• To improve platform safety and user experience
• To comply with legal obligations under EU Digital Services Act (DSA)

Legal Basis:

• Legitimate interest (Art. 6(1)(f) GDPR) - maintaining platform safety
• Legal obligation (Art. 6(1)(c) GDPR) - compliance with EU Digital Services Act

Privacy Protections:

• Your identity as reporter is NOT disclosed to the reported user
• Reports are reviewed by human moderators (not fully automated)
• Data is retained only as long as needed for investigation (12 months after resolution)
• Admin notes and moderation decisions are visible only to authorized staff

Your Rights:

• View your submitted reports: Settings → Support → My Reports
• Appeal moderation decisions: Settings → Support → Appeal (within 30 days)
• Request deletion of resolved reports after 12 months

Data Retention: Open reports are retained until resolved + 30 days. Closed reports are retained for 12 months for pattern analysis and appeals. Ban records are retained for 7 years for legal defense purposes.

6. Data Sharing and Transfers

6.1 Service Providers (Data Processors)

Supabase (Backend and Database)

• Purpose: Backend management, authentication, data storage
• Shared data: User profiles, progress, preferences, leaderboard data
• Location: EU (Frankfurt)
• Safeguards: Standard Contractual Clauses, SOC 2 certification

Google Services

• Purpose: Authentication, Text-to-Speech, Analytics
• Shared data: Email (auth), audio requests (TTS), usage analytics
• Location: Global
• Safeguards: Google Cloud Data Processing Amendment

Apple Services

• Purpose: Authentication, In-App Purchases
• Shared data: Apple ID, purchase receipts
• Location: Global
• Safeguards: Compliance with Apple Privacy Policy

Firebase Cloud Messaging (v2.0)

• Purpose: Push notifications for social interactions (friend requests, Ganbatte, rank changes)
• Shared data: FCM token (device identifier), user language preference, notification content (sender name, action type, timestamps)
• Location: Global (Firebase servers in multiple regions)
• Safeguards: Google Cloud Data Processing Amendment
• Legal Basis: Consent (Art. 6(1)(a) GDPR) - you can disable notifications anytime
• User Control: Settings → Notifiche (granular controls for each notification type)
• Withdrawal: Revoke consent anytime in Settings → Notifiche. Your FCM token will be deleted from our database within 24 hours.

6.2 Extra-EU Transfers

Transfers to third countries occur only with:

• EU Commission adequacy decisions
• Approved Standard Contractual Clauses
• Recognized certification programs
• Binding Corporate Rules where applicable

6.3 Non-Sharing

We NEVER share your data with:

• Third-party marketing companies (without explicit consent)
• Commercial data brokers
• Advertising networks (without opt-in consent)
• Social networks (without explicit permission)
• Any unauthorized third parties

7. Data Retention

7.1 Retention Periods

7.2 Automatic Deletion

• Weekly cleanup of expired data
• Anonymization of analytics data after 6 months
• Complete account deletion upon request
• Automatic removal from leaderboards upon account deletion

8. Data Subject Rights

8.1 Right of Access (Art. 15 GDPR)

You can request a copy of all your data via:

• In-app export function
• Email request to info@kanjidon.com
• Response time: Maximum 30 days

8.2 Right to Rectification (Art. 16 GDPR)

You can correct inaccurate data via:

• App settings for profile data
• Specific email request
• Response time: Maximum 30 days

8.3 Right to Erasure (Art. 17 GDPR)

You can request complete deletion via:

• In-app "Delete Account" function
• Email request with identity verification
• Response time: Maximum 30 days

Exceptions: When you delete your account, all personal data is removed within 30 days, EXCEPT:

• Open user reports (retained until resolved)
• Ban records (7 years for legal defense)
• Payment receipts (10 years - tax law)
• Data required for ongoing legal proceedings

What Gets Deleted Immediately:

• All friend relationships and friend codes
• Ganbatte history (transactions visible to recipients remain for audit, but your identity is anonymized)
• Your FCM token (push notifications)
• Battle statistics
• Community posts (if you published any)
• All profile data and learning progress

8.4 Right to Data Portability (Art. 20 GDPR)

You can export your data in formats:

• JSON (full format)
• CSV (tabular data)
• XML (structured format)
• Delivery: Direct in-app download

Social Data Included in Export:

• Friend list (usernames, friend codes, connection dates)
• Ganbatte history (sent/received transactions with timestamps)
• Battle statistics with friends
• User reports submitted (your reports, not others' reports about you)
• Notification preferences
• All learning data and progress

8.5 Right to Object (Art. 21 GDPR)

You can object to processing for:

• Direct marketing (always possible)
• Legitimate interest (with valid motivation)
• Leaderboard participation (opt-out available)
• Friend suggestions based on mutual friends (opt-out: Settings → Privacy → Friend Suggestions → OFF)

Effect: Immediate cessation of processing (we will stop within 30 days unless we have compelling legitimate grounds)

How to Object:

1. Use in-app privacy controls (Settings → Privacy)
2. Contact our Data Protection Officer: info@kanjidon.com
3. We will respond within 30 days and stop processing unless legally required to continue

8.6 Right to Restriction (Art. 18 GDPR)

You can request restriction of processing in case of:

• Contested data accuracy
• Unlawful processing
• Pending objection evaluation

8.7 Exercise of Rights

• Email: info@kanjidon.com
• In-app: Privacy section in Settings
• Identification: Request from registered email or identity verification
• Free of charge: First exercise always free
• Support: Dedicated privacy rights assistance

9. Cookies and Similar Technologies

9.1 Essential Cookies

• User session: Authentication and security
• App preferences: Language, theme, settings
• Shopping cart: Ongoing transaction management
• Legal basis: Contractual necessity

9.2 Analytics Cookies

• Usage statistics: Anonymous behavioral data
• Crash Analytics: App error detection
• Performance Monitoring: Performance optimization
• Legal basis: Legitimate interest (with opt-out)

9.3 Marketing Cookies

• Email Marketing: Email open tracking
• Retargeting: Personalized advertising
• Social Media: Content sharing
• Legal basis: Consent (always revocable)

9.4 Consent Management

• Clear notification on first access
• Preference center in settings
• Granular consent by category
• Easy revocation at any time

10. Marketing and Communications

10.1 Technical Communications (Legitimate Interest)

We may send technical communications without additional consent for:

• App updates and version releases
• New feature announcements
• Security patches and fixes
• Service maintenance notifications
• Critical functionality updates

These communications are essential for service delivery and are based on legitimate interest.

10.2 Marketing Communications (Consent Required)

• Newsletter subscriptions: Only with explicit consent
• Promotional offers: Opt-in required
• Special events: Separate consent needed
• Frequency: Maximum 2 emails per week
• Unsubscribe: Link in every email + in-app settings

10.3 Push Notifications

• Study reminders: Based on your preferred times
• Technical updates: Critical app information
• Marketing messages: Only if authorized
• Control: Can be disabled at any time in device settings

10.4 Profiling

• User level: To suggest appropriate content
• Study habits: To optimize learning experience
• Competitive ranking: For leaderboard positioning
• Opt-out: Always possible while maintaining core functionality

11. Minors and Special Protection

11.1 Users Under 16

• Parental consent required for registration
• Parent identity verification via email
• Additional controls for sensitive data
• Parental rights to access and deletion
• Special restrictions on social features

11.2 Special Protections for Minors

• NO direct marketing to users under 16
• NO behavioral profiling for commercial purposes
• Restricted leaderboard participation options
• Parental controls for all social features
• Enhanced privacy settings by default

11.3 Educational Data

• Academic progress handled with utmost care
• Limited sharing only for app functionality
• Educational retention for learning continuity
• Deletion possible upon parental request

12. Security and Breach Management

12.1 Technical Measures

• End-to-end encryption for sensitive data
• Encrypted backups with separate keys
• Multi-layer authentication systems
• Real-time intrusion detection and monitoring
• Regular security assessments and updates

12.2 Organizational Measures

• Comprehensive security training for all staff
• Regular code and infrastructure security audits
• Documented incident response procedures
• Privacy by design in all development processes
• Access controls and activity monitoring

12.3 Breach Management

• Automated breach detection systems
• Notification to supervisory authority within 72 hours if required
• User communication within 72 hours for high-risk breaches
• Immediate containment and corrective measures
• Post-incident analysis and prevention improvements

13. Legal Basis and Compliance

13.1 Applicable Regulations

• GDPR (EU Regulation 2016/679)
• Italian Legislative Decree 196/2003 (Privacy Code)
• Legislative Decree 101/2018 (GDPR Adaptation)
• Italian Data Protection Authority Guidelines
• ePrivacy Directive and national implementations

13.2 GDPR Principles Compliance

• Lawfulness: All processing based on valid legal grounds
• Fairness: Transparent data collection practices
• Transparency: Clear and understandable information
• Purpose limitation: Data used only for declared purposes
• Data minimization: Collection of only necessary data
• Accuracy: Maintaining current and correct data
• Storage limitation: Appropriate retention periods
• Integrity and confidentiality: Robust security measures
• Accountability: Demonstrable compliance

13.3 Privacy by Design and Default

• Maximum privacy settings as default
• End-to-end data protection throughout processing lifecycle
• Complete documentation of all processing activities
• Data Protection Impact Assessments for high-risk processing
• Regular compliance monitoring and updates

14. International Data Transfers

14.1 Adequacy and Safeguards

For any data transfers outside the EU/EEA, we ensure:

• Adequacy Decisions: Transfers only to countries with EU adequacy status
• Standard Contractual Clauses: EU-approved transfer mechanisms
• Binding Corporate Rules: Where applicable for service providers
• Certification Schemes: Recognized international privacy certifications

14.2 Transfer Impact Assessments

We conduct regular assessments of:

• Destination country privacy laws
• Service provider security measures
• Additional safeguards implementation
• Ongoing transfer necessity evaluation

15. Changes to Privacy Policy

15.1 Notification Process

• Prior notification: Email and in-app notice before changes
• Notice period: Minimum 30 days for substantial changes
• Version control: All previous versions archived
• Update tracking: Clear indication of modification dates

15.2 Significant Changes Requiring New Consent

• New processing purposes beyond original scope
• Additional data sharing with third parties
• New international data transfers
• Changes to legal basis for processing
• Material changes to user rights

15.3 Continued Use and Acceptance

• Implied acceptance: Continued app use after notice period
• Right to object: Option to delete account if disagreeing with changes
• Grace period: 30-day decision period
• Data export: Available during transition period

16. Dispute Resolution and Legal Remedies

16.1 Internal Complaint Process

• First contact: info@kanjidon.com with subject "[PRIVACY]"
• Response time: Maximum 5 business days
• Escalation: Internal privacy officer review
• Resolution attempts: Good faith mediation efforts

16.2 Supervisory Authority Rights

You have the right to lodge complaints with:

Italian Data Protection Authority (Garante)

• Address: Piazza di Monte Citorio, 121, 00186 Rome, Italy
• Phone: +39 06 69677.1
• Email: garante@gpdp.it
• Website: www.garanteprivacy.it

16.3 Legal Remedies

• Jurisdiction: Italian courts for EU residents
• Applicable law: Italian and EU privacy law
• Alternative dispute resolution: Available upon mutual agreement
• Legal representation: Right to legal counsel in privacy matters

17. Technical Definitions and Glossary

• Data Controller: Entity determining purposes and means of personal data processing
• Data Processor: Entity processing personal data on behalf of the controller
• Data Subject: Individual person to whom personal data relates
• Personal Data: Any information relating to an identified or identifiable natural person
• Processing: Any operation performed on personal data
• Consent: Freely given, specific, informed indication of wishes
• Legitimate Interest: Legal basis allowing processing for legitimate business purposes
• Data Breach: Unauthorized access, loss, or destruction of personal data
• Pseudonymization: Processing preventing direct identification without additional information
• Anonymization: Irreversible removal of all identifying elements

18. Additional Protections and Flexibility Measures

18.1 Enhanced User Control

• Granular privacy controls: Detailed settings for each data type
• Real-time consent management: Instant preference updates
• Data processing transparency: Live dashboard of data usage
• Automated compliance: System-enforced privacy preferences

18.2 Proactive Privacy Measures

• Regular privacy audits: Quarterly internal assessments
• User privacy education: In-app privacy tips and guidance
• Minimal data collection: Continuous evaluation of data necessity
• Privacy-first development: All new features assessed for privacy impact

18.3 Future-Proofing and Adaptability

• Regulatory monitoring: Continuous tracking of privacy law changes
• Automatic compliance updates: System adjustments for new requirements
• User notification system: Proactive communication of relevant changes
• Flexible consent mechanisms: Adaptable to new regulatory requirements

18.4 Geolocation Privacy Details

Country-Only Tracking: We collect ONLY your country (2-letter ISO code like IT, US, FR) derived from your IP address when you first log in to the app.

What We DO NOT Collect:

• Your IP address (not stored in database)
• Precise location (city, region, GPS coordinates)
• Location updates when you travel or move
• Device location permissions (no popups required)

How It Works:

1. When you first log in, our server temporarily reads your IP address
2. The IP is sent to a free third-party service (country.is) to determine your country
3. Only the 2-letter country code is saved to our database
4. The IP address is immediately discarded and never stored
5. Your country is tracked ONLY ONCE and never updated, even if you travel

Default Behavior:

• Existing users before this feature: Default country set to 'US' (United States)
• New users: Country detected from first login IP address
• Next login after feature activation: Country will be updated to actual detected country

Purpose and Legal Basis:

• Purpose: Aggregate statistics to understand our user base and improve the service for different regions
• Legal Basis: Art. 6(1)(f) GDPR - Legitimate Interest (minimal data, no tracking, aggregate use only)

Your Rights:

• You can request to see your stored country code at any time
• You can request correction if the detected country is incorrect
• You can request deletion of your country data (will be set to 'XX' for unknown)

19. Contact Information and Support

19.1 Privacy-Related Inquiries

• Primary Contact: info@kanjidon.com
• Subject Line: [PRIVACY] followed by your request type
• Languages: Italian and English support available
• Response Time: Maximum 5 business days for initial response

19.2 Emergency Privacy Contacts

For urgent privacy matters (suspected breaches, immediate deletion requests):

• Email: info@kanjidon.com with subject "[URGENT PRIVACY]"
• Response Time: Within 24 hours
• Escalation: Direct contact with data protection officer

19.3 User Support Resources

• In-App Help: Privacy section in app settings
• FAQ: Comprehensive privacy questions and answers
• Video Guides: Step-by-step privacy control tutorials
• Community Support: User forum with privacy moderators