Privacy Policy

At KanaMastery, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at kanamastery.com or use our services.

Data Controller: KanaMastery is the data controller responsible for your personal data. We are based in Portugal and operate under the General Data Protection Regulation (GDPR) and Portuguese data protection laws.

By using KanaMastery, you agree to the collection and use of information in accordance with this policy. We will not use or share your information with anyone except as described in this Privacy Policy.

We collect several types of information for various purposes to provide and improve our service to you:

We collect this information when you voluntarily provide it (account creation, profile updates) or automatically when you use our Service (analytics, logs).

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

We use the information we collect for the following purposes:

• Provide the Service: Create and manage your account, authenticate you, track your learning progress, and deliver personalized learning experiences.
• Process Payments: Handle subscriptions, process refunds, and provide purchase receipts.
• Send Transactional Emails: Email verification, password resets, payment confirmations, subscription updates, and security notifications via Postmark.
• Send Marketing Communications: If you opt-in, send you learning tips, feature updates, and promotional offers.
• Display Leaderboards: If you enable a public profile, display your username and scores on public leaderboards.
• Improve the Service: Analyze usage patterns to enhance features, fix bugs, and develop new content.
• Ensure Security: Detect and prevent fraud, abuse, and unauthorized access through rate limiting and security monitoring.
• Provide Support: Respond to your inquiries and resolve issues with your account or service.
• Comply with Law: Meet legal and regulatory requirements, including financial record-keeping.

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

We use the following third-party services to operate KanaMastery. These providers only have access to your personal information to perform specific tasks on our behalf and are obligated to protect your data:

We do not sell your personal information to any third parties for advertising or marketing purposes.

KanaMastery is operated from Portugal (EU). However, some of our third-party service providers process data in the United States and other countries outside the European Economic Area (EEA).

When we transfer your data outside the EEA, we ensure appropriate safeguards are in place:

• EU-US Data Privacy Framework: Google (Firebase, Analytics) and other US-based providers have certified under the EU-US Data Privacy Framework.
• Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses with service providers that process data outside the EEA.
• Adequacy Decisions: Where applicable, we transfer data to countries that have received an adequacy decision from the European Commission.

You can request more information about the safeguards we use for international transfers by contacting us.

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Right of Access (Article 15): You can request a copy of the personal data we hold about you.
• Right to Rectification (Article 16): You can ask us to correct inaccurate or incomplete data. You can also update most information directly in your account settings.
• Right to Erasure (Article 17): You can request deletion of your personal data. You can delete your account directly from your dashboard settings.
• Right to Restriction (Article 18): You can ask us to restrict processing of your data in certain circumstances.
• Right to Data Portability (Article 20): You can request a copy of your data in a structured, machine-readable format.
• Right to Object (Article 21): You can object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

How to Exercise Your Rights: You can exercise most of these rights directly through your account settings (update profile, delete account, change marketing preferences) or by contacting us at [email protected].

We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you, the sources, purposes, and third parties with whom we share it.
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You can request correction of inaccurate personal information.
• Right to Opt-Out of Sale: We do not sell your personal information. We do not share your data for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Categories of Personal Information Collected: Identifiers (email, name), account information, commercial information (purchase history), internet activity (usage data), and inferences (learning progress).

How to Submit a Request: Email us at [email protected] with the subject line "California Privacy Request." We will verify your identity and respond within 45 days.

Do Not Sell My Personal Information: KanaMastery does not sell personal information as defined by the CCPA/CPRA.

KanaMastery features leaderboards that can publicly display user rankings, usernames, and scores.

Opt-In Required: Your profile is private by default. To appear on public leaderboards, you must explicitly enable the "Public Profile" setting in your account preferences.

What's Displayed: If you opt into public leaderboards, the following information may be visible:

• Your display name (username)
• Your profile picture (if set)
• Your XP, level, and scores
• Your KanaMember status (premium badge)

Opting Out: You can disable your public profile at any time through your account settings. Your data will be removed from public leaderboards, though this may take a few minutes to propagate.

Privacy Recommendation: We recommend using a pseudonym rather than your real name if you wish to participate in leaderboards while maintaining privacy.

We use cookies and similar tracking technologies to operate and improve our Service. Cookies are small text files stored on your device.

Managing Cookies: You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using certain features of the Service.

Opting Out of Analytics: You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Learn more about how Google uses data: https://policies.google.com/technologies/partner-sites

Our Service may contain links to other websites that are not operated by us, including affiliate links to Japanese learning resources and products.

If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Security Measures Include:

• Encryption: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS.
• Password Security: Passwords are hashed using industry-standard algorithms and never stored in plain text.
• Two-Factor Authentication (2FA): Optional but recommended additional security layer for your account.
• CSRF Protection: We protect against cross-site request forgery attacks.
• Rate Limiting: We implement rate limiting to prevent brute-force attacks and abuse.
• Security Headers: We use HSTS and Content Security Policy headers in production.
• Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Reporting Security Issues: If you discover a security vulnerability, please report it responsibly to [email protected].

Our Service is not intended for use by children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personally identifiable information from children under 16.

If you are a parent or guardian and you are aware that your child has provided us with personal information without your consent, please contact us at [email protected]. If we discover that a child under 16 has provided us with personal information, we will delete this information from our servers promptly.

For Users Aged 16-18: If you are between 16 and 18 years old, we recommend reviewing this Privacy Policy with a parent or guardian.

We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Notification of Changes: If we make material changes to this Privacy Policy, we will notify you by:

• Sending an email to your registered email address
• Displaying a prominent notice on our website
• Updating the "Last Updated" date at the top of this policy

Material changes include modifications to how we collect, use, or share your personal data, or changes that affect your rights.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes indicates your acceptance of the updated policy.

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your privacy rights, please contact us:

Response Time: We aim to respond to all privacy-related inquiries within 30 days. For urgent matters or to report security issues, please indicate this in your email subject line.

For EU/EEA Residents: If you are not satisfied with our response, you have the right to lodge a complaint with the Portuguese CNPD or your local supervisory authority.