Kotoba (コトバ) Privacy Policy
tovin Labs (“the Company”, “we”, “us”) has adopted this Privacy Policy in accordance with Article 30 of Korea’s Personal Information Protection Act (PIPA) and other applicable laws to protect the personal information of data subjects (“Users”) and to handle related concerns promptly and effectively. This Privacy Policy applies to the Japanese-language learning mobile application “Kotoba (コトバ)” (the “Service”) provided by the Company.
- Effective Date:
[YYYY-MM-DD — to be set on launch] - Last Updated:
[YYYY-MM-DD — to be set on launch]
1. Person Responsible for Processing
The Company has designated the following person to oversee personal information processing for the Service and to handle matters relating to data subject rights and remedies.
- Person Responsible for Personal Information Processing: tovin Labs Representative
- Contact (email): privacy@tovinlabs.com
2. Categories of Personal Information We Collect
The Company collects only the minimum personal information necessary to provide the Service. We do not collect information that is not specified in this section.
2.1 Information Collected at Sign-Up and Sign-In
| Authentication Method | Items Collected |
|---|---|
| Email / Password | Email address, password (hashed value), display name (optional) |
| Sign in with Google (OAuth 2.0) | Email address, Google account identifier (sub), display name |
| Sign in with Apple | Email address (or the anonymous relay address issued by Apple’s “Hide My Email” feature), Apple user identifier, display name (collected only on first sign-in) |
We never store passwords in plaintext; passwords are kept only as one-way hashes generated by Supabase Auth. If a User signs in with Apple and uses the “Hide My Email” feature, we receive and store only the anonymous relay address Apple issues (@privaterelay.appleid.com); we do not learn the User’s actual email address.
2.2 Information Collected Automatically Through Use of the Service
- Learning activity logs: study session duration, accuracy rate, IDs of words studied, consecutive-day streaks, accumulated experience points (XP), user level
- Daily usage counters (tracked separately for overall features and AI features)
- Subscription expiry date (
subscription_expires_at) - Gamification data: coin balance, owned items, achievements unlocked, coin transaction history
- User reports and inquiries (customer support tickets, word reports)
2.3 Information Processed When Using AI Features
When a User uses our AI tutor, grammar correction, study plan generation, or example sentence generation features, the following information is processed:
- Japanese or Korean sentences or words entered by the User
- Text submitted for grammar correction
- A summary of learning statistics used to generate a study plan (e.g., current JLPT level, target exam date, study progress)
- The word and meaning selected for example sentence generation
The Company does not transmit any directly identifying information — such as email addresses, names, or OAuth identifiers — to its AI processor (Anthropic, PBC).
2.4 Data Stored Locally on the Device (AsyncStorage)
The Service stores the following data only in the device’s local storage (AsyncStorage). This data is not transmitted to our servers and is removed when the app is uninstalled.
| Key | Purpose |
|---|---|
ai_chat_messages | Up to 30 most recent AI chat messages (temporary on-device cache) |
ai_chat_level | The User’s selected AI chat difficulty |
ai_study_plan | Cache of the AI-generated study plan |
jlpt_target_date | The User’s chosen JLPT target exam date |
target_jlpt_level | The User’s chosen target JLPT level |
saved_email | Email used to auto-fill the sign-in screen (only if the User opts in) |
ADMIN_AUTH_KEY | Administrator-only authentication key (not used by regular Users) |
2.5 Information We Do Not Collect
The Company does not collect any of the following information:
- Government-issued unique identifiers, such as resident registration numbers or alien registration numbers
- Location data (GPS or Wi-Fi-based location)
- Address book or contacts, photo or media library, microphone, or camera
- Advertising identifiers (IDFA, GAID) or third-party SDK data used for behavioral analytics
- Separate analytics or crash-reporting SDK data (no such SDKs are currently integrated)
3. Purposes of Collection and Use
The Company uses the personal information it collects only for the purposes set out below. If we ever change these purposes, we will obtain separate consent or take other measures as required by Article 18 of Korea’s Personal Information Protection Act (PIPA).
| Items Collected | Purpose of Use |
|---|---|
| Email address, OAuth identifier, display name | Account identification, sign-in, identity verification, responding to inquiries |
| Learning activity logs, daily usage counters | Displaying learning progress, providing statistics, managing free and paid usage limits |
| Subscription expiry date | Verifying entitlement to paid features |
| Coin transactions, items, achievements, etc. | Providing gamification features |
| AI input text, learning statistics summary | Generating AI responses through the Anthropic Claude API |
| Customer support tickets, word reports | Responding to inquiries and improving content quality |
4. Retention and Use Periods
As a general rule, the Company retains and uses a User’s personal information from the date of sign-up until the User withdraws membership. When a User requests withdrawal, information is handled as follows.
| Category | Retention Period |
|---|---|
| Account information (email, OAuth identifier, display name) | Deleted immediately upon withdrawal (kept in segregated storage where Section 4.1 requires statutory retention) |
| Learning records (sessions, vocabulary statistics, coin transactions, etc.) | Same as account information |
| AI input text (server side) | Discarded immediately after processing. Edge Function ai-proxy may briefly retain it in logs for debugging purposes; such logs are automatically deleted within 30 days |
| AI input text (Anthropic side) | Subject to the policies of Anthropic, PBC (see Section 5 below) |
| On-device AsyncStorage data | Until the User uninstalls the app or clears the data manually |
4.1 Statutory Retention Obligations
Where laws such as Korea’s Act on Consumer Protection in Electronic Commerce impose retention obligations, the Company retains the following items in segregated storage for the periods indicated.
| Item Retained | Retention Period | Legal Basis |
|---|---|---|
| Records of contracts or withdrawal of subscription | 5 years | Article 6 of the Enforcement Decree of the Act on Consumer Protection in Electronic Commerce (Korea) |
| Records of payment and supply of goods or services | 5 years | Article 6 of the Enforcement Decree of the Act on Consumer Protection in Electronic Commerce (Korea) |
| Records of consumer complaints or dispute resolution | 3 years | Article 6 of the Enforcement Decree of the Act on Consumer Protection in Electronic Commerce (Korea) |
Account information beyond the items above is deleted immediately upon withdrawal.
5. Disclosure to Third Parties
The Company does not disclose Users’ personal information to third parties, except in the following cases:
- Where the User has given prior, separate consent
- Where required or permitted by applicable law, or in response to a lawful request from a law enforcement authority
6. Outsourced Processing (Sub-processors)
To provide the Service smoothly, the Company entrusts certain personal information processing tasks to the following sub-processors.
| Sub-processor | Outsourced Task | Items Processed | Retention / Use Period |
|---|---|---|---|
| Supabase, Inc. (US company; data hosting region: AWS Tokyo, ap-northeast-1) | User authentication, database hosting, Edge Function execution | All items listed in Sections 2.1, 2.2, and 2.3 of this Privacy Policy | Until the User withdraws or the processing agreement ends |
| Anthropic, PBC (United States) | Generating AI responses via Claude models (claude-haiku-4-5, claude-sonnet-4-6) | Text submitted by the User to AI features, learning statistics summary (no email, name, or other identifiers are included) | Discarded immediately after processing as a rule. Anthropic may retain data short-term under its own policies (e.g., for abuse prevention) |
Google LLC (Sign in with Google) and Apple Inc. (Sign in with Apple) act as Identity Providers with whom the User authenticates directly upon their own consent; they are not sub-processors engaged by the Company. Their handling of personal information is governed by their respective privacy policies.
When entering into outsourcing agreements, the Company specifies — in writing, in line with Article 26 of Korea’s Personal Information Protection Act (PIPA) — that personal information may not be processed for any purpose other than the outsourced task, along with technical and managerial safeguards, restrictions on sub-outsourcing, supervision of sub-processors, and liability for damages. The Company supervises whether sub-processors handle personal information securely.
7. International Data Transfers
In accordance with Article 28-8 of Korea’s Personal Information Protection Act (PIPA), the Company transfers personal information overseas as set out below. By agreeing to this Privacy Policy at sign-up, the User is deemed to consent to these international transfers.
| Recipient | Country | Date and Method of Transfer | Items Transferred | Retention / Use Period |
|---|---|---|---|---|
| Supabase, Inc. | Japan (AWS Tokyo region, data storage) / United States (administrative and operational access) | At sign-up and during use of the Service, transmitted over HTTPS (TLS 1.2 or higher) | Items in Sections 2.1, 2.2, and 2.3 | Until the User withdraws or the processing agreement ends |
| Anthropic, PBC | United States | At the time the User invokes an AI feature, transmitted over HTTPS via the Supabase Edge Function ai-proxy | AI feature input text, learning statistics summary | Per Section 4 above and Anthropic’s own policies |
Recipient contacts:
- Supabase, Inc.: privacy@supabase.io
- Anthropic, PBC: privacy@anthropic.com
8. User Rights and How to Exercise Them
Users may exercise the following rights with respect to the Company under Articles 35 through 37 of Korea’s Personal Information Protection Act (PIPA):
- The right to request access to their personal information
- The right to request correction or deletion of their personal information
- The right to request suspension of processing
- The right to data portability (download)
Rights may be exercised by either of the following methods:
- In-app: tap “Settings > Delete Account” to request deletion of your account and all associated personal information in a single action.
- By email: send your request, together with proof of identity, to privacy@tovinlabs.com.
This Service is intended for users aged 14 or over. We confirm that the User is at least 14 years old at sign-up. If we discover that a User under 14 has registered, we will delete that account without delay. For children under 14, a legal representative may exercise the rights above on the child’s behalf, and we will respond to any such request — whether from the User or from a legal representative — without delay.
8.1 Additional Rights for EEA and UK Residents (GDPR Supplement)
If you reside in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following additional rights under the GDPR and equivalent laws:
- The right to object to processing and the right to withdraw consent at any time
- Rights relating to automated decision-making
- The right to lodge a complaint with a supervisory authority (for example, the data protection authority in your country of residence)
The legal bases on which we process your personal data are: (i) performance of the service contract (Article 6(1)(b) GDPR), (ii) your consent (Article 6(1)(a) GDPR), and (iii) our legitimate interests (Article 6(1)(f) GDPR). For transfers to the United States and Japan, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards.
9. Procedures and Methods for Destroying Personal Information
When personal information is no longer needed — for example, because the retention period has expired or the purpose of processing has been achieved — the Company destroys it without delay.
- Destruction procedure: When a User withdraws or a retention period expires, we identify the personal information to be destroyed and destroy it after any segregated storage period required by our internal policy or applicable law.
- Destruction method: Personal information stored electronically is securely deleted in a manner that prevents recovery (database records are permanently deleted and backups are progressively expired). Personal information recorded on paper is shredded or incinerated.
10. Automatic Data Collection: Operation and Opt-Out
Because the Service is a mobile application, it does not use web browser cookies. To provide the Service, however, we store the items listed in Section 2.4 of this Privacy Policy in the device’s local storage (AsyncStorage). You can remove this data at any time by clearing the app’s data through your device’s operating system or by uninstalling the app.
11. Security Safeguards
In accordance with Article 29 of Korea’s Personal Information Protection Act (PIPA), the Company implements the following technical, managerial, and physical safeguards.
- Managerial safeguards: establishment and operation of an internal management plan; minimizing the number of staff who handle personal information and providing them with regular training.
- Technical safeguards:
- HTTPS (TLS 1.2 or higher) encryption on all communication paths
- One-way hashing of passwords
- Per-user data access controls enforced via Supabase Row Level Security (RLS) policies
- Secure storage and expiry management of authentication and authorization tokens
- Physical safeguards: reliance on the data center physical security controls (access control, 24/7 monitoring, etc.) provided by Supabase and the AWS Tokyo region.
12. Data Protection Officer and Department
The Company has designated the following Data Protection Officer (DPO) to oversee personal information processing and to handle data subject rights and remedies.
- Data Protection Officer: tovin Labs Representative
- Contact: privacy@tovinlabs.com
- Department: tovin Labs Operations Team
You may contact the DPO with any inquiry, complaint, or remedy request relating to personal information that arises during your use of the Service. We will respond to and act on your inquiry without undue delay.
13. Remedies for Infringement of Rights
If you wish to seek remedies for an infringement of your personal information rights, you may apply to the following Korean bodies for dispute resolution or consultation. These are independent of the Company; please contact them if you are not satisfied with the Company’s handling of a complaint or remedy request, or if you would like more detailed assistance.
- Personal Information Dispute Mediation Committee (Korean dispute mediation body): 1833-6972 (within Korea, no area code) / www.kopico.go.kr
- Personal Information Infringement Report Center, KISA (Korea Internet & Security Agency): 118 (within Korea, no area code) / privacy.kisa.or.kr
- Cyber Investigation Division, Supreme Prosecutors’ Office (Korea): 1301 (within Korea, no area code) / www.spo.go.kr
- Cyber Bureau, Korean National Police Agency: 182 (within Korea, no area code) / ecrm.police.go.kr
In addition, anyone whose rights or interests have been harmed by an action or omission of the head of a public institution in connection with a request made under Article 35 (access), Article 36 (correction or deletion), or Article 37 (suspension of processing, etc.) of Korea’s Personal Information Protection Act (PIPA) may file an administrative appeal in accordance with Korea’s Administrative Appeals Act.
14. Notice of Changes
If this Privacy Policy is amended — by addition, deletion, or modification — we will give notice in the app or on tovinlabs.com at least 7 days before the changes take effect. For changes that materially affect User rights, we will give notice at least 30 days in advance and may, where necessary, request fresh consent.