Privacy Policy

Last updated: May 2026

1. Information We Collect

We collect minimal information necessary to provide the Service:

Account Information (when you sign in):

  • Email address
  • Display name (if provided by your sign-in method)
  • Profile picture URL (if provided by your sign-in method)

Study Data:

  • Items you add to your study collection
  • Review history and SRS progress
  • Custom notes and associations
  • Settings and preferences

Manga Reader Data:

  • A one-way cryptographic hash (SHA-256) of uploaded images — used for caching, cannot be reversed to reconstruct the image
  • Extracted text results from OCR processing
  • Image dimensions and processing metadata
  • We do not store, retain, or reproduce the uploaded images themselves

Newsletter and Email Updates:

  • If you subscribe to KanjiOS notes or email updates, we collect your email address so we can send those messages and manage unsubscribe requests
  • If you opt into marketing emails during checkout or in account settings, we store that email preference with your account
  • A human may read replies sent to KanjiOS email addresses

Advertising Measurement:

  • We use Google Ads measurement tools to understand whether ads lead to visits, signups, or purchases
  • Google may use cookies or similar technologies to attribute ad clicks and measure campaign performance, depending on your consent choices and region
  • You can change ads and analytics consent through the Privacy choices control on KanjiOS pages

WaniKani Import Data:

  • If you choose to import or sync WaniKani progress, we use the API token you provide to request your WaniKani account, assignment, and subject data
  • Manual WaniKani imports use the token to perform the import in your browser
  • Pro WaniKani auto-sync stores the token encrypted server-side so scheduled sync can continue until you disconnect it

2. How Your Data Is Stored

Local-First Approach: Your study data is primarily stored in your browser's local storage (IndexedDB). This means your data stays on your device by default.

Cloud Sync (paid users): If you have a Pro or Lifetime account, your study data is securely stored on our servers (hosted on Supabase). This data is encrypted in transit and at rest, and is associated with your account for seamless sync across devices.

3. Third-Party Services

We use the following third-party services:

  • Authentication providers: Google, GitHub, and Discord OAuth for sign-in (you choose which to use)
  • Supabase: For authentication, cloud sync, user data storage, and backend services
  • Cloudflare: For content delivery and security
  • Google Ads: For advertising measurement and campaign attribution
  • Paddle: Our Merchant of Record for payment processing, billing, and tax collection (we do not store payment details)
  • Resend: For transactional emails and newsletter/email update delivery
  • WaniKani: For optional import and sync features when you provide a WaniKani API token
  • Azure Cognitive Services: For neural text-to-speech (paid users)
  • AI providers: For AI-powered study features including text extraction (optional)

4. Data We Do NOT Collect

  • We do not share your study history for advertising purposes
  • We do not sell your data
  • We do not store your payment details (handled by our payment processor)
  • We do not access any data beyond what is necessary to provide the Service
  • We do not store uploaded manga images — only irreversible hashes and extracted text

5. Data Retention

Your local data remains on your device until you clear it. Cloud-synced data is retained on our servers as long as you maintain an active account. Upon account deletion, your cloud data will be permanently removed within a reasonable period. You can export your data at any time using the Export feature, and request account deletion by contacting support.

6. Your Rights

You have the right to:

  • Access: Export all your study data at any time
  • Portability: Export your data in JSON format for use elsewhere
  • Rectification: Correct any inaccurate data in your account
  • Delete: Clear your local data or request complete account deletion

To exercise these rights, contact us at contact@kanjios.com.

7. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process your data based on:

  • Contract: Processing necessary to provide the Service you signed up for
  • Consent: For optional features like AI-powered assistance
  • Legitimate Interest: To improve and secure the Service

8. Security

We implement security measures including:

  • HTTPS encryption for all data transmission
  • Secure token-based authentication via OAuth
  • Cloud data encrypted at rest on our servers
  • Row-level security ensuring you can only access your own data

9. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes at least 14 days in advance through the application or email.

11. Contact

For privacy-related questions or data requests, please contact us at contact@kanjios.com.

Terms of Service Refund Policy