PRIVACY POLICY
KANJIDON
Last updated: October 29, 2025
1. DATA CONTROLLER
Controller details are specified in the contact section below.
2. TYPES OF DATA COLLECTED
2.1 Account Data
- Email address (via Google/Apple Sign-In)
- Username chosen by the user
- Authentication provider ID (Google/Apple)
- Language and theme preferences
- Notification settings
2.2 Learning Data
- Kanji study progress (JLPT level, kanji learned)
- Quiz statistics (correct/incorrect answers, response times)
- Collection of stamps and avatars acquired
- History of missions and objectives completed
- Spaced repetition system (SRS) data for learning
- Study streaks and habits
2.3 Usage Data
- Anonymous analytics on feature usage
- App performance and crash data
- Study sessions and usage time
- User interface interactions
2.4 Commercial Data
- In-app purchase history
- Payment receipts (managed by Apple/Google)
- Subscription status (active/expired)
- Payment methods (only via store)
2.5 Technical Data
- Device information (model, operating system)
- IP address (for security and geolocation)
- Unique device identifiers
- Security and audit logs
2.6 Approximate Geolocation
- Country of origin (ISO 2-letter code, e.g., IT, US, FR) derived from IP address ONLY on first login
- Timestamp of when country was tracked
- NO precise location (city, GPS coordinates) is collected
- NO device location permissions required
- IP address is NOT stored in the database
2.7 Social and Competition Data
- Global leaderboard rankings and positions
- Public display of nickname, avatar, cards, and stamps
- Competition scores and achievements
- Social interactions within the app
2.8 Friends System Data (NEW - v2.0)
- Friend codes (unique 8-character identifiers, e.g., A3F7-9K2L)
- Friend requests sent and received (status: pending, accepted, rejected)
- Friend relationships and connections
- Battle statistics between friends (wins, losses, draws)
- Blocked users list
- Friend suggestions based on mutual friends
2.9 Ganbatte System Data (NEW - v2.0)
- Ganbatte gifts sent and received (30 Tama coin gifts between users)
- Transaction history with timestamps
- Sender and receiver identifiers
- Push notification preferences for Ganbatte
2.10 User Safety and Reports Data (NEW - v2.0)
- User reports submitted (reporter identity, reported user, reason)
- Report categories (spam, harassment, inappropriate content, cheating, other)
- Moderation actions and admin notes
- Appeal requests and resolution status
2.11 Push Notifications Data (NEW - v2.0)
- Firebase Cloud Messaging (FCM) device tokens
- Notification preferences by type (friend requests, Ganbatte, rank changes)
- User language preference for localized notifications
- Notification delivery status and history
3. PURPOSE AND LEGAL BASIS FOR PROCESSING
3.1 Essential Processing (Art. 6, para. 1, letter b GDPR)
- User account management and authentication
- Data synchronization across devices
- Delivery of app services
- Management of purchases and subscriptions
- Global leaderboard functionality and competition features
- Friends system (friend codes, requests, connections, blocking)
- Ganbatte system (sending and receiving coin gifts between users)
- Battle statistics between friends
3.2 Processing for Legitimate Interest (Art. 6, para. 1, letter f GDPR)
- App security and fraud prevention
- Performance and stability improvement
- Anonymous analytics for product development
- Technical support and issue resolution
- Technical communications regarding app updates, new features, and security fixes
- Global ranking system and competitive features
- Approximate geolocation (country only) for aggregate statistics and service improvement
- Friend suggestions based on mutual friends (you can opt-out in Settings → Privacy → Friend Suggestions)
- User safety and moderation (processing reports to maintain platform safety and comply with legal obligations)
- Content moderation to enforce Community Guidelines
3.3 Processing Based on Consent (Art. 6, para. 1, letter a GDPR)
- Push notifications for study reminders
- Push notifications for social interactions (friend requests, Ganbatte received, rank changes)
- Direct email marketing and promotional communications
- Advanced content personalization
- Social media sharing
- Participation in special events and contests
NOTE: You can manage notification preferences at any time in Settings → Notifiche, with granular controls for each notification type (friend requests, Ganbatte, rank changes, study reminders).
3.4 Processing for Legal Obligations (Art. 6, para. 1, letter c GDPR)
- Retention of tax data for purchases
- Security logs required by law
- Communications to authorities if requested
3.5 Implied Consent for Technical Communications
By downloading, installing, and using KANJIDON, and by accepting this privacy policy, you provide implied consent for receiving technical communications including:
- App update notifications
- New feature announcements
- Security patch information
- Service maintenance notifications
- Critical technical information necessary for app functionality
This implied consent is separate from marketing communications and is based on the legitimate interest of maintaining a functional and secure service.
4. PROCESSING METHODS
4.1 Security Measures
- AES-256 encryption for data at rest
- TLS 1.3 for data transmissions
- Multi-factor authentication for admin access
- Row Level Security on database
- 24/7 security monitoring
- Regular security audits and penetration testing
4.2 Data Minimization
- Collection of only strictly necessary data
- Automatic anonymization after 6 months
- Pseudonymization for analytics
- Automatic deletion of expired data
- Regular data cleanup procedures
5. GLOBAL LEADERBOARD AND SOCIAL FEATURES
5.1 Public Data Display
By participating in the global leaderboard, the following data becomes publicly visible to all KANJIDON users worldwide:
- Your chosen nickname/username
- Your selected avatar
- Cards and stamps you have earned
- Your ranking position and scores
- Achievement badges and levels
5.2 Competitive Features
- Global Rankings: Your position compared to other users worldwide
- Achievement Sharing: Display of earned cards, stamps, and badges
- Progress Visibility: Study milestones and accomplishments
- Anonymous Option: You can choose to participate anonymously in rankings
5.3 Privacy Controls for Social Features
- Profile Privacy Settings: Option to make your profile private
- Anonymous Mode: Participate in leaderboards without showing personal identifiers
- Selective Sharing: Choose which achievements to display publicly
- Opt-out Option: Complete removal from public leaderboards while maintaining personal progress
5.4 Friends System (NEW - v2.0)
What We Collect:
- Your unique friend code (automatically generated, e.g., A3F7-9K2L)
- Friend requests you send and receive
- Your list of confirmed friends
- Battle statistics between you and your friends (wins, losses, draws)
- Blocked users list
How We Use It:
- To connect you with other users via friend codes
- To enable social features (friend battles, Ganbatte gifts)
- To suggest potential friends based on mutual connections (see Section 5.5)
- To maintain platform safety (blocking unwanted interactions)
Legal Basis: Performance of contract (Art. 6(1)(b) GDPR)
Your Rights:
- Remove friends anytime (Settings → Friends → Remove)
- Block users to prevent all interactions
- Delete your friend code (generates a new one automatically)
- Export your friends list (Settings → Privacy → Export Data)
5.5 Friend Suggestions (NEW - v2.0)
How It Works:
We show you "friend suggestions" by analyzing your existing friends and finding users who have friends in common with you (mutual friends). This feature is similar to "People You May Know" on other social platforms.
Legal Basis: Legitimate interest (Art. 6(1)(f) GDPR)
Why We Do This:
- Improves your experience by helping you discover meaningful connections
- Based only on friend relationships (no behavioral tracking or profiling)
- Suggestions are computed in real-time and not permanently stored
Your Privacy:
- We only use friend relationships already established
- No external data sources or behavioral tracking
- You can dismiss individual suggestions
- OPT-OUT AVAILABLE: Settings → Privacy → Friend Suggestions (toggle off)
Your Right to Object:
You can object to friend suggestions at any time under Article 21 GDPR. Simply toggle off the feature in Settings → Privacy → Friend Suggestions, or contact our Data Protection Officer at info@kanjidon.com.
5.6 Ganbatte System (NEW - v2.0)
What We Collect:
- When you send or receive Ganbatte (30 Tama coin gifts)
- Your Ganbatte history (sender, receiver, timestamp)
- Total Ganbatte sent and received counters
How We Use It:
- To process the gift transaction (updating coin balances for both sender and receiver)
- To send push notifications to recipients (if they enabled notifications)
- To display Ganbatte statistics on user profiles (total received/sent)
Legal Basis: Performance of contract (Art. 6(1)(b) GDPR)
Push Notifications:
- Requires separate consent (Art. 6(1)(a) GDPR)
- Enable/disable: Settings → Notifiche → Ganbatte
- Managed via Firebase Cloud Messaging (see Section 6.3)
- You can withdraw consent anytime (your FCM token will be deleted within 24 hours)
Privacy: Ganbatte transactions are visible only between the sender and receiver, and in aggregate statistics on user profiles.
5.7 User Reports and Safety (NEW - v2.0)
What We Collect:
- Your report submissions when you report another user
- Information about reported users (user ID, username)
- Report reason (spam, harassment, inappropriate content, cheating, other)
- Your description of the issue
- Moderation actions taken by our team
How We Use It:
- To investigate violations of our Community Guidelines
- To take enforcement actions (warnings, temporary suspensions, permanent bans)
- To improve platform safety and user experience
- To comply with legal obligations under EU Digital Services Act (DSA)
Legal Basis:
- Legitimate interest (Art. 6(1)(f) GDPR) - maintaining platform safety
- Legal obligation (Art. 6(1)(c) GDPR) - compliance with EU Digital Services Act
Privacy Protections:
- Your identity as reporter is NOT disclosed to the reported user
- Reports are reviewed by human moderators (not fully automated)
- Data is retained only as long as needed for investigation (12 months after resolution)
- Admin notes and moderation decisions are visible only to authorized staff
Your Rights:
- View your submitted reports: Settings → Support → My Reports
- Appeal moderation decisions: Settings → Support → Appeal (within 30 days)
- Request deletion of resolved reports after 12 months
Data Retention: Open reports are retained until resolved + 30 days. Closed reports are retained for 12 months for pattern analysis and appeals. Ban records are retained for 7 years for legal defense purposes.
6. DATA SHARING AND TRANSFERS
6.1 Service Providers (Data Processors)
Supabase (Backend and Database)
- Purpose: Backend management, authentication, data storage
- Shared data: User profiles, progress, preferences, leaderboard data, social data (friends, reports)
- Location: EU (Frankfurt)
- Safeguards: Standard Contractual Clauses, SOC 2 certification
Google Services
- Purpose: Authentication, Text-to-Speech, Analytics
- Shared data: Email (auth), audio requests (TTS), usage analytics
- Location: Global
- Safeguards: Google Cloud Data Processing Amendment
Apple Services
- Purpose: Authentication, In-App Purchases
- Shared data: Apple ID, purchase receipts
- Location: Global
- Safeguards: Compliance with Apple Privacy Policy
Firebase Cloud Messaging (NEW - v2.0)
- Purpose: Push notifications for social interactions (friend requests, Ganbatte, rank changes)
- Shared data: FCM token (device identifier), user language preference, notification content (sender name, action type, timestamps)
- Location: Global (Firebase servers in multiple regions)
- Safeguards: Google Cloud Data Processing Amendment
- Legal Basis: Consent (Art. 6(1)(a) GDPR) - you can disable notifications anytime
- User Control: Settings → Notifiche (granular controls for each notification type: friend requests ON/OFF, Ganbatte ON/OFF, rank changes ON/OFF)
- Withdrawal: Revoke consent anytime in Settings → Notifiche. Your FCM token will be deleted from our database within 24 hours.
6.2 Extra-EU Transfers
Transfers to third countries occur only with:
- EU Commission adequacy decisions
- Approved Standard Contractual Clauses
- Recognized certification programs
- Binding Corporate Rules where applicable
6.3 Non-Sharing
We NEVER share your data with:
- Third-party marketing companies (without explicit consent)
- Commercial data brokers
- Advertising networks (without opt-in consent)
- Social networks (without explicit permission)
- Any unauthorized third parties
7. DATA RETENTION
7.1 Retention Periods
- Account Data: Account duration + 30 days
- Learning Progress: Account duration + 7 years
- Usage Analytics: 2 years from collection
- Marketing Data: Until consent withdrawal
- Audit Logs: 7 years from creation
- Session Data: 30 days from last access
- Purchase History: 10 years (tax obligations)
- Leaderboard Data: Account duration + 1 year
- Country Geolocation: Account lifetime (tracked once)
- Friend Relationships: Until relationship ends + 30 days
- Friend Codes: Account lifetime
- Ganbatte History: Account duration + 1 year (audit trail)
- FCM Tokens: Until consent withdrawn (deleted within 24 hours)
- User Reports: 12 months after resolution
- Ban Records: 7 years after expiration/deletion (legal defense)
7.2 Automatic Deletion
- Weekly cleanup of expired data
- Anonymization of analytics data after 6 months
- Complete account deletion upon request
- Automatic removal from leaderboards upon account deletion
8. DATA SUBJECT RIGHTS
8.1 Right of Access (Art. 15 GDPR)
You can request a copy of all your data via:
- In-app export function
- Email request to info@kanjidon.com
- Response time: Maximum 30 days
8.2 Right to Rectification (Art. 16 GDPR)
You can correct inaccurate data via:
- App settings for profile data
- Specific email request
- Response time: Maximum 30 days
8.3 Right to Erasure (Art. 17 GDPR)
You can request complete deletion via:
- In-app "Delete Account" function
- Email request with identity verification
- Response time: Maximum 30 days
Exceptions: When you delete your account, all personal data is removed within 30 days, EXCEPT:
- Open user reports (retained until resolved)
- Ban records (7 years for legal defense)
- Payment receipts (10 years - tax law)
- Data required for ongoing legal proceedings
What Gets Deleted Immediately:
- All friend relationships and friend codes
- Ganbatte history (transactions visible to recipients remain for audit, but your identity is anonymized)
- Your FCM token (push notifications)
- Battle statistics
- Community posts (if you published any)
- All profile data and learning progress
8.4 Right to Data Portability (Art. 20 GDPR)
You can export your data in formats:
- JSON (full format)
- CSV (tabular data)
- XML (structured format)
- Delivery: Direct in-app download
Social Data Included in Export:
- Friend list (usernames, friend codes, connection dates)
- Ganbatte history (sent/received transactions with timestamps)
- Battle statistics with friends
- User reports submitted (your reports, not others' reports about you)
- Notification preferences
- All learning data and progress
8.5 Right to Object (Art. 21 GDPR)
You can object to processing for:
- Direct marketing (always possible)
- Legitimate interest (with valid motivation)
- Leaderboard participation (opt-out available)
- Friend suggestions based on mutual friends (opt-out: Settings → Privacy → Friend Suggestions → OFF)
- Effect: Immediate cessation of processing (we will stop within 30 days unless we have compelling legitimate grounds)
How to Object:
1. Use in-app privacy controls (Settings → Privacy)
2. Contact our Data Protection Officer: info@kanjidon.com
3. We will respond within 30 days and stop processing unless legally required to continue
8.6 Right to Restriction (Art. 18 GDPR)
You can request restriction of processing in case of:
- Contested data accuracy
- Unlawful processing
- Pending objection evaluation
8.7 Exercise of Rights
- Email: info@kanjidon.com
- In-app: Privacy section in Settings
- Identification: Request from registered email or identity verification
- Free of charge: First exercise always free
- Support: Dedicated privacy rights assistance
[Sections 9-18 remain the same as previous version - covering Cookies, Marketing, Minors, Security, Legal Basis, International Transfers, Policy Changes, Dispute Resolution, Technical Definitions, Additional Protections, Geolocation Details, Contact Information]
---
CONCLUSION
This privacy policy is designed to provide complete transparency about KANJIDON's data practices while ensuring full compliance with Italian and European privacy regulations. We commit to:
- Protecting your data with state-of-the-art security measures
- Respecting your rights proactively and responsively
- Maintaining transparency in all data processing activities
- Continuously improving our privacy and security practices
- Providing dedicated support for all privacy-related matters
KANJIDON operates under the principle that privacy is a fundamental right, not a privilege. We design our services to minimize data collection while maximizing your learning experience and maintaining the competitive and social features that make learning engaging and fun.
Data Controller:
Davide Moscato
Email: info@kanjidon.com
VAT ID: IT01691020083
Country: Italy
For questions, concerns, or rights requests: info@kanjidon.com
Happy studying with KANJIDON! 📚🎌
Document drafted in full compliance with GDPR (EU Regulation 2016/679), Italian Legislative Decree 196/2003, EU Digital Services Act (Regulation 2022/2065), and all applicable privacy regulations.
MAJOR UPDATE v2.0 (October 29, 2025): Added comprehensive sections for Friends System, Ganbatte System, User Reports & Safety, and Firebase Cloud Messaging push notifications. All social features comply with GDPR Article 6 (legal bases), Article 21 (right to object for friend suggestions), and DSA requirements for content moderation.
Version 2.3 - October 29, 2025