Privacy Policy

Last updated: January 2026

1. Information We Collect

We collect minimal information necessary to provide the Service:

Account Information (when you sign in):

  • Email address
  • Display name (if provided by your sign-in method)
  • Profile picture URL (if provided by your sign-in method)

Study Data:

  • Items you add to your study collection
  • Review history and SRS progress
  • Custom notes and associations
  • Settings and preferences

2. How Your Data Is Stored

Local-First Approach: Your study data is primarily stored in your browser's local storage (IndexedDB). This means your data stays on your device by default.

Cloud Sync (paid users): If you have a Pro or Lifetime account, your study data is securely stored on our servers (hosted on Supabase). This data is encrypted in transit and at rest, and is associated with your account for seamless sync across devices.

3. Third-Party Services

We use the following third-party services:

  • Authentication providers: Google, GitHub, and Discord OAuth for sign-in (you choose which to use)
  • Supabase: For authentication, cloud sync, user data storage, and backend services
  • Cloudflare: For content delivery and security
  • Paddle: Our Merchant of Record for payment processing, billing, and tax collection (we do not store payment details)
  • Azure Cognitive Services: For neural text-to-speech (paid users)
  • OpenAI: For AI-powered study features (optional)

4. Data We Do NOT Collect

  • We do not use tracking cookies or analytics trackers
  • We do not sell your data or share it for marketing purposes
  • We do not store your payment details (handled by our payment processor)
  • We do not access any data beyond what is necessary to provide the Service

5. Data Retention

Your local data remains on your device until you clear it. Cloud-synced data is retained on our servers as long as you maintain an active account. Upon account deletion, your cloud data will be permanently removed within a reasonable period. You can export your data at any time using the Export feature, and request account deletion by contacting support.

6. Your Rights

You have the right to:

  • Access: Export all your study data at any time
  • Portability: Export your data in JSON format for use elsewhere
  • Rectification: Correct any inaccurate data in your account
  • Delete: Clear your local data or request complete account deletion

To exercise these rights, contact us at support@kanjios.com.

7. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process your data based on:

  • Contract: Processing necessary to provide the Service you signed up for
  • Consent: For optional features like AI-powered assistance
  • Legitimate Interest: To improve and secure the Service

8. Security

We implement security measures including:

  • HTTPS encryption for all data transmission
  • Secure token-based authentication via OAuth
  • Cloud data encrypted at rest on our servers
  • Row-level security ensuring you can only access your own data

9. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes at least 14 days in advance through the application or email.

11. Contact

For privacy-related questions or data requests, please contact us at support@kanjios.com.

Terms of Service Refund Policy