Privacy Policy

Last updated: March 2026

1. Data Controller

Yu Kinoshita
Roseggergasse 33-35/2/51
1160 Wien, Austria
Email: kanjimastery@gmail.com

2. What data we collect & legal basis

  • Account data (email address, display name) — collected when you register. Legal basis: performance of a contract (GDPR Art. 6(1)(b)).
  • Learning progress (mastery scores, test results, review history) — stored to provide the learning service. Legal basis: performance of a contract.
  • Forum content (posts and threads you create) — stored to operate the community forum. Legal basis: performance of a contract.
  • Payment data — processed exclusively by our payment provider LemonSqueezy. We do not store your credit card or payment details. Legal basis: performance of a contract.
  • Authentication tokens — a JWT stored in your browser's localStorage. Legal basis: legitimate interest (GDPR Art. 6(1)(f)) in maintaining your session.
  • Anonymous analytics — page views, referrer, device type, and country via Umami (no cookies, no IP storage, no personal data). Legal basis: legitimate interest in understanding site usage.

We do not collect IP addresses beyond what is transiently needed for rate-limiting, and we do not use tracking cookies.

3. How we use your data

  • To provide and personalise the learning experience.
  • To send transactional emails (password resets, email verification).
  • To display your posts in the community forum.
  • To process your subscription payment (via LemonSqueezy).

We do not sell, rent, or share your data with third parties for marketing purposes.

4. Third-party services

  • Google Sign-In (optional) — if you choose to log in with Google, Google's OAuth service processes your Google account details. See Google's Privacy Policy.
  • LemonSqueezy (payment processor) — handles subscription billing. They process your name, email, and payment details. See LemonSqueezy's Privacy Policy.
  • Umami Analytics — collects anonymous, aggregated site visit data (pages visited, referrer, device type, country). Umami uses no cookies and stores no personal data or IP addresses. See Umami's Privacy Policy.
  • WaniKani / Tatoeba links — kanji detail pages link to WaniKani and display example sentences from Tatoeba. No personal data is shared with these services.

5. Data retention & your rights

You can delete your account at any time from your Settings page. This permanently removes your email, progress data, and forum posts.

Under the GDPR you have the right to:

  • Access — request a copy of your personal data.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your data (or use the account deletion feature).
  • Portability — receive your data in a structured, machine-readable format.
  • Restriction & Objection — restrict or object to certain processing activities.

To exercise these rights, email us at kanjimastery@gmail.com.

6. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Austrian Data Protection Authority:

Österreichische Datenschutzbehörde
Barichgasse 40–42, 1030 Wien, Austria
www.dsb.gv.at
Email: dsb@dsb.gv.at

7. Security

Passwords are stored as bcrypt hashes and are never stored in plain text. Communication between your browser and the server uses HTTPS in production. JWT tokens expire after 7 days.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the email associated with your account. The "Last updated" date at the top indicates the latest revision.

9. Contact

Questions or requests: kanjimastery@gmail.com