AI Tutor

Privacy Policy

Effective date: May 16, 2026

Last updated: May 16, 2026

This Privacy Policy explains how GokuGoku ("GokuGoku", "we", "us", or "our") collects, uses, shares, stores, protects, and deletes personal data when you use the GokuGoku mobile application, website, backend services, AI-assisted Japanese learning features, subscriptions, notifications, and related services (together, the "Service").

This policy is intended to satisfy privacy-disclosure requirements for the Apple App Store and Google Play Store, including disclosures about account data, user content, subscriptions, diagnostics, AI processing, retention, deletion, and third-party service providers. It is written using a GDPR-led global standard. Depending on where you live, you may have additional rights.

1. Controller

The controller of personal data processed by GokuGoku is Sandro Maglione, ditta individuale, Partita IVA 03994990137, with registered/business address at Corso Unità d'Italia 10, Cantù, Italy.

Privacy and deletion contact: [email protected]

Support contact: [email protected]

We have not appointed a Data Protection Officer.

2. Summary

GokuGoku collects data needed to provide a personalized Japanese learning app. This includes account identifiers, authentication data handled by Clerk, learning content you submit, AI-generated learning content, profile preferences, saved items, sentence history, subscription entitlement data, support communications, notification settings stored on your device, technical logs, and diagnostics.

We use this data to authenticate you, provide the Service, generate and review learning content with AI, manage subscription access, send optional local reminders, secure and debug the Service, respond to support requests, prevent abuse, and comply with law.

We do not sell your personal information. We do not use your data for third-party advertising or cross-app tracking. We do not knowingly collect personal data from children under 16.

3. Personal Data We Collect

3.1 Account and authentication data

Authentication is provided by Clerk and supported sign-in providers such as Google. Clerk may process data such as your email address, sign-in credentials, authentication tokens, session information, third-party sign-in identifiers, and security data.

In GokuGoku's own application database, we primarily store the account reference needed to associate your learning data with your account, such as a Clerk-provided user ID.

3.2 Profile, learning, and user content

We collect and store data you provide or create while using learning features, including:

  • onboarding level, selected topics, input language, and output language
  • practice sentences, prompt responses, and other text you submit
  • generated prompts, dialogue turns, examples, review results, corrections, explanations, grammar-pattern feedback, and suggestions
  • saved words, grammar patterns, custom expressions, scores, status, history, and progress
  • AI content reports and sentence reports
  • app version and feature compatibility information needed to operate the app

Free-form text fields may contain personal data if you choose to enter it. Please do not submit sensitive personal data unless necessary for your use of the Service.

3.3 Subscription and purchase data

Subscriptions are purchased through Apple App Store In-App Purchase or Google Play Billing. We do not receive your full payment card details.

To verify and manage access, we may receive, create, or store:

  • store name, product ID, plan ID, subscription status, renewal status, expiration date, and environment
  • Apple transaction IDs, original transaction IDs, app account tokens, and server notification metadata
  • Google Play purchase tokens, order IDs where available, obfuscated account identifiers, base plan IDs, and server notification metadata
  • purchase validation results, cancellation, refund, revocation, billing retry, grace period, pause, expiration, and entitlement records

Apple and Google separately process payment, tax, billing, refund, and account data under their own terms and privacy policies.

3.4 Notifications and local device settings

If you enable reminders, the app may ask for notification permission and schedule local prompt reminders on your device. Reminder preferences, scheduled notification identifiers, and local draft data may be stored on your device using platform storage such as AsyncStorage or secure storage.

Notification permission status is read from your device. Prompt content for a reminder may be requested from our server and stored locally so the notification can be shown. You can disable reminders in the app or through your device settings.

3.5 Technical, security, and diagnostic data

We and our providers may process technical data needed to operate, secure, monitor, and debug the Service, including:

  • IP address, request metadata, device and browser information, operating system, app version, timestamps, and server logs
  • authentication and session metadata
  • error logs, traces, performance data, and crash or diagnostic data
  • security, abuse-prevention, fraud-prevention, and rate-limit records

The backend uses Sentry for production diagnostics and may use infrastructure logs from Cloudflare and other providers.

3.6 Support communications

If you contact us, we collect the information you send, such as your email address, message content, attachments, and related support metadata.

4. Data We Do Not Intend to Collect

The Service is not designed to collect health data, biometric data, government identifiers, financial account details, precise location, contacts, photos, videos, user voice recordings, or official documents.

The current app does not intentionally collect voice recordings for pronunciation analysis or shadowing. If we introduce features that collect new sensitive categories of data, we will update this policy and request consent where required.

5. How We Use Personal Data

We use personal data to:

  • create, authenticate, secure, and manage accounts
  • provide AI-assisted prompts, dialogue practice, sentence review, corrections, explanations, grammar feedback, saved items, history, and progress
  • personalize learning content based on level, topics, language settings, saved items, and recent practice
  • verify trial and subscription entitlement through Apple and Google
  • enforce usage limits, subscription access, safety controls, and anti-abuse protections
  • schedule and manage optional local reminders
  • sync app state, recover drafts, and support account deletion
  • process AI content reports and remove reported content from your app experience
  • provide support and respond to user requests
  • debug errors, monitor reliability, protect infrastructure, and improve the Service
  • comply with legal obligations and enforce our Terms

Where the GDPR applies, we generally rely on:

  • contract necessity to provide accounts, learning features, AI processing, subscriptions, support, and requested Service functionality
  • legitimate interests to secure, debug, maintain, improve, and protect the Service; prevent abuse and fraud; enforce terms; and understand basic service reliability
  • legal obligation to retain or disclose information where required by law
  • consent where required for specific features, such as notification permission or any future processing that legally requires consent

You may withdraw consent where processing is based on consent, without affecting processing that occurred before withdrawal.

7. AI Processing

GokuGoku uses external AI-enabled services, including Google Cloud and Gemini through an OpenAI-compatible interface, to process learning inputs and generate outputs such as prompts, dialogue practice, example sentences, corrections, explanations, review feedback, grammar-pattern analysis, and suggestions.

The data sent to AI providers may include your submitted text, generated prompts, recent learning context, saved suggestions, profile settings such as level and topics, and technical request data needed to provide the feature.

We use AI providers to provide the Service, not to sell your personal data or for third-party advertising. AI output may be inaccurate, incomplete, offensive, unsafe, or unsuitable. GokuGoku is a learning aid only and does not provide official translation, legal, immigration, employment, medical, financial, professional, certification, or exam-assessment advice.

You can report unsafe, offensive, or incorrect AI-generated content in the app where reporting is available or by contacting [email protected].

8. Service Providers and Recipients

We may share personal data with providers that help us operate the Service, including:

  • Clerk, for authentication, account identity, sessions, and supported sign-in flows
  • Cloudflare, for hosting, serverless infrastructure, database, security, routing, and logs
  • Sentry, for backend error monitoring, traces, logs, metrics, diagnostics, and reliability
  • Google Cloud and Gemini, for AI processing and generated learning content
  • Apple, for App Store purchases, subscription entitlement, transaction validation, refunds, and server notifications
  • Google, for Google sign-in where used, Google Play purchases, subscription entitlement, transaction validation, refunds, and server notifications
  • Expo and operating-system services, for app runtime support, notifications, secure storage, and in-app purchase integration where applicable

We may also disclose personal data if required by law, court order, competent authority, legal process, safety need, security need, terms enforcement, or in connection with a merger, reorganization, asset sale, or similar transaction subject to appropriate safeguards.

Our providers are expected to protect personal data consistently with this policy and applicable law.

9. International Data Transfers

We are based in Italy, and some providers may process personal data outside your country, including outside the European Economic Area.

Where required, we rely on lawful transfer mechanisms such as adequacy decisions, the EU-US Data Privacy Framework where applicable, Standard Contractual Clauses, data processing agreements, and other appropriate safeguards.

You may contact us for more information about relevant transfer safeguards.

10. Retention

We retain personal data only as long as reasonably necessary for the purposes described in this policy, including providing the Service, maintaining accounts, enforcing terms, preventing abuse, resolving disputes, complying with law, and maintaining backups.

In practice:

  • account, profile, learning, saved-item, prompt, sentence, review, history, progress, and generated-content records are generally retained while your account is active
  • notification settings, scheduled notification identifiers, and local drafts may remain on your device until you change settings, delete the app, clear local data, or delete your account through the app flow
  • AI content reports and security or abuse records may be retained as needed to prevent repeated issues and protect the Service
  • server, access, and security logs are generally retained for about 30 to 90 days unless a longer period is needed for security, debugging, abuse prevention, legal compliance, or disputes
  • diagnostic, error, trace, and performance records are generally retained for the period configured with the diagnostic provider unless a longer period is needed for security, troubleshooting, legal compliance, or provider-side requirements
  • billing, subscription, transaction, invoice, tax, refund, and accounting records may be retained for up to 10 years or the longer period required by applicable law
  • backup copies may persist until deleted or overwritten through normal backup cycles

Deletion may not immediately remove data from every system, backup, log, provider system, or legally required record.

11. Account Deletion

You can initiate account deletion in the app settings or request deletion by emailing [email protected].

When account deletion is completed, we delete or de-identify GokuGoku-controlled account and learning records where no exception applies. This includes profile data, saved items, generated prompts, prompt sessions, sentences, reviews, subscription account links, and subscription records in our application database, subject to technical verification and exceptions.

We may retain limited data where necessary for legal compliance, tax and accounting, billing records, fraud prevention, abuse prevention, security, dispute resolution, backups, or legitimate internal records.

Account deletion does not automatically cancel an Apple App Store or Google Play subscription. You must cancel active subscriptions through Apple or Google to stop future charges. Apple, Google, Clerk, and other providers may retain provider-controlled records under their own policies and legal obligations.

12. Your Rights

Depending on applicable law, you may have rights to:

  • access personal data we control
  • correct inaccurate or incomplete data
  • delete personal data where applicable
  • restrict processing where applicable
  • object to processing based on legitimate interests where applicable
  • receive data portability where applicable
  • withdraw consent where processing is based on consent
  • lodge a complaint with a supervisory authority

To exercise rights over GokuGoku-controlled data, contact [email protected]. We may need to verify your request and may limit or deny requests where an exception applies.

If your request concerns data controlled directly by Clerk, Apple, Google, or another provider, you may also need to use that provider's privacy tools or contact process.

If you are in the European Union, you may lodge a complaint with your local supervisory authority. Because the controller is based in Italy, the Italian data protection authority may also be relevant: Garante per la protezione dei dati personali.

13. Cookies, SDK Storage, and Similar Technologies

The Service and its providers may use cookies, local storage, secure storage, SDK storage, tokens, and similar technologies for authentication, session continuity, app functionality, notification settings, local drafts, subscription handling, security, fraud prevention, diagnostics, and service reliability.

The mobile app uses local device storage for operational features such as reminder settings, scheduled notification information, authentication/session support, and prompt drafts.

We do not use these technologies for third-party advertising or cross-app tracking.

14. App Store and Google Play Privacy Disclosures

Store privacy labels and data-safety forms should be consistent with this policy. Depending on platform and app version, GokuGoku may collect or process the following categories:

  • Contact Info: email address and related account contact data through authentication or support
  • User Content: free-form learning text, prompts, responses, saved custom expressions, reports, and support messages
  • Identifiers: account user ID, subscription account tokens or obfuscated IDs, purchase tokens, transaction IDs, and authentication/session identifiers
  • Purchases: subscription status, product IDs, plan IDs, transaction metadata, renewal, cancellation, refund, and entitlement data
  • Usage Data: product interaction and learning progress used for app functionality, personalization, usage limits, and service improvement
  • Diagnostics: crash, error, performance, trace, log, and technical diagnostic data
  • Other Data: technical security, fraud-prevention, abuse-prevention, and rate-limit data

Most data is linked to your account because the Service stores learning history and subscription access by account. We do not use collected data for tracking as defined by Apple or for third-party advertising.

15. Children

The Service is not intended for children under 16. We do not knowingly collect personal data from children under 16. If we learn that we collected personal data from a child under 16 without appropriate authorization, we will delete it.

16. Security

We use reasonable technical and organizational measures designed to protect personal data, including access controls, transport security, provider security controls, and infrastructure safeguards.

No system can be guaranteed completely secure. You are responsible for protecting your device, account credentials, and access to your email or sign-in provider.

The Service may link to third-party websites, app-store pages, subscription-management pages, sign-in providers, dictionary resources, or support channels. Those third parties operate under their own terms and privacy policies.

18. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy and update the date above. Where required by law, we will provide additional notice or request consent.

19. Contact

Privacy, data protection, and deletion requests: [email protected]

Support questions: [email protected]