Data Controller
For the purposes of applicable data protection law, the controller of the personal data described in this Privacy Policy is the publisher and operator of HiraKata.
Contact: enzo.guilmer+hirakata@gmail.com
Scope of This Privacy Policy
This Privacy Policy applies to personal data processed in connection with your use of the app, including data processed locally on your device and data processed by service providers on our behalf or, where applicable, under their own privacy policies.
Third-Party Services and Recipients
We use third-party service providers to support certain features of the app. Depending on how you use the app and which services are enabled, personal data may be processed by the following categories of recipients.
- RevenueCat. Used to manage in-app purchases and premium entitlements, including anonymous app user IDs, purchase history, entitlement information, product identifiers, locale information, and transaction-related records needed to validate and restore purchases.
- Apple App Store / Google Play. If you make purchases through Apple or Google, those platform providers process payment and transaction data under their own roles and policies.
- PostHog. Used for product analytics. Depending on configuration, this may include screen views, feature events, app variant, device and platform information, and session replay data.
- Sentry. Used for crash reporting and diagnostics, including app-specific identifiers, logs, stack traces, device and environment information, and network-related context where available.
- Expo Updates. Used to check for and deliver over-the-air updates, including technical request data such as app version, runtime version, platform, and device metadata.
- Other service providers and legal recipients. This may include hosting, infrastructure, support providers, professional advisers, authorities, regulators, courts, or law enforcement where disclosure is required or reasonably necessary.
Categories of Personal Data We Process
The categories of personal data we process depend on how you use the app and which services are enabled in the version of the app you are using.
- Learning and app data stored locally on your device, including quiz results, kana statistics, drawing attempts, lesson progress, app preferences, and an app-generated analytics identifier.
- Purchase and premium access data, including anonymous RevenueCat app user IDs, entitlement status, subscription or purchase status, product identifiers, offering information, restore status, and transaction-related metadata required to validate, manage, or restore purchases.
- Usage, analytics, and diagnostics data such as screen views, feature interactions, app version and app variant, runtime version, platform and device information, crash diagnostics, logs, stack traces, analytics metadata, update request metadata, network context, and IP-related or approximate location information to the extent made available by a provider.
- Support communications such as your email address, the contents of your message, and any attachments, screenshots, or other materials you send us.
Purposes of Processing
We process personal data for the following purposes:
- to provide the app and its learning features;
- to save progress and personalize the learning experience;
- to process purchases and restore premium access;
- to manage subscriptions, entitlements, and related account state;
- to monitor reliability, performance, and stability;
- to diagnose crashes, bugs, and technical issues;
- to understand feature usage and improve the app;
- to deliver, validate, and secure app updates;
- to respond to support requests and communicate with users;
- to detect, prevent, and address misuse, fraud, abuse, or security issues, and to comply with legal obligations and enforce legal rights.
Legal Bases for Processing
Where the GDPR or similar laws apply, we rely on one or more of the following legal bases:
- Performance of a contract, where necessary to provide the app and the features you request.
- Legitimate interests, including maintaining, securing, and improving the app, understanding how the app is used, diagnosing technical issues, preventing misuse, and defending legal claims.
- Consent, where required by applicable law, for example for certain analytics or similar tracking technologies.
- Compliance with legal obligations, where processing is necessary to comply with laws, regulations, lawful requests, or court orders.
How We Share Personal Data
We do not sell your personal data. We share personal data only where reasonably necessary for the purposes described in this Privacy Policy, including to operate the app, process purchases, provide analytics and diagnostics, deliver updates, comply with the law, or protect rights and safety.
Retention
We retain personal data for no longer than is reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
- Learning and progress data stored locally on your device generally remains there until you reset it, clear app data, or uninstall the app.
- Purchase, analytics, diagnostics, session replay, and update-related data may be retained by the relevant provider in accordance with that provider's retention settings, policies, and legal obligations.
- Support communications may be retained for as long as necessary to respond to your request, maintain records, resolve disputes, or comply with legal obligations.
International Transfers
Service providers may process personal data in countries outside your country of residence, including outside the European Economic Area or the United Kingdom.
Where required by applicable law, we rely on appropriate safeguards for such transfers, such as adequacy decisions or approved contractual safeguards.
Your Data Protection Rights
Depending on your location and subject to applicable law, you may have the right to:
- obtain confirmation as to whether personal data concerning you is being processed;
- access personal data concerning you;
- request correction of inaccurate or incomplete personal data;
- request deletion of personal data;
- request restriction of processing;
- object to certain processing, including processing based on legitimate interests;
- receive personal data in a portable format, where applicable;
- withdraw consent at any time where processing is based on consent;
- lodge a complaint with a competent data protection authority;
- manage certain data directly in the app, for example by resetting local progress data or by uninstalling the app.
To exercise your rights, contact enzo.guilmer+hirakata@gmail.com. We may need to verify your identity before responding.
Children's Privacy
HiraKata is not intended to knowingly collect personal data from children where parental or guardian consent is required under applicable law.
If you believe that a child has provided personal data in violation of applicable law, contact us and we will review the request and, where appropriate, take steps to delete the relevant data.
Security
We implement reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.
However, no method of transmission, storage, or processing can be guaranteed to be completely secure.
Third-Party Services and External Policies
The app may integrate with or rely on third-party services or platforms. Those third parties may process personal data under their own privacy policies and terms. You should review those policies where relevant.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in the app, processing practices, service providers, or legal requirements.
When we do, we will update the effective date at the top of this Privacy Policy and publish the updated version through the app or another appropriate channel.
Contact
If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact enzo.guilmer+hirakata@gmail.com.