Privacy Policy

Effective date: May 17, 2026

Last updated: May 17, 2026

This Privacy Policy explains how GokuGoku ("GokuGoku", "we", "us", or "our") collects, uses, shares, retains, and deletes personal data when you use the GokuGoku mobile app, website, backend services, AI-assisted Japanese learning features, notifications, subscriptions, and related services (the "Service").

1. Who We Are

The controller of personal data processed by GokuGoku is Sandro Maglione, ditta individuale, Partita IVA 03994990137, with registered/business address at Corso Unità d'Italia 10, Cantù, Italy.

Privacy and deletion contact: [email protected]

Support contact: [email protected]

We have not appointed a Data Protection Officer.

2. Summary

GokuGoku collects the data needed to provide an account-based Japanese learning app. This includes account identifiers, learning preferences, text you submit, AI-generated learning content, saved items, learning history, subscription entitlement data, support messages, local reminder settings, and technical data needed to operate and secure the Service.

We do not sell personal data. We do not use personal data for third-party advertising or cross-app tracking. The Service is not intended for children under 16.

3. Data We Collect

Account and Authentication Data

We collect or receive data needed to create, authenticate, secure, and manage your account, such as your email address, sign-in method, account ID, authentication/session data, and security metadata. Authentication may be provided by third-party identity providers.

Learning Data and User Content

We collect data you provide or create while using learning features, including:

onboarding level, selected topics, and language settings
practice sentences, prompt responses, and other text you submit
generated prompts, examples, dialogue context, corrections, explanations, scores, review feedback, and grammar-pattern feedback
saved words, saved grammar patterns, custom expressions, history, status, and progress
reports of prompts, sentences, or other content

Free-form text may contain personal data if you choose to enter it. Please do not submit sensitive personal data unless it is necessary for your use of the Service.

Subscription and Purchase Data

Paid subscriptions are purchased through the app store available on your device. We do not receive your full payment card details.

To verify and provide subscription access, we may receive or store purchase and entitlement data such as store, product, plan, subscription status, renewal status, expiration date, transaction identifiers, purchase tokens, refund/cancellation/revocation status, and related notification metadata.

The relevant app store separately processes payment, tax, billing, refund, and store account data under its own terms and privacy policy.

Notifications and Local Device Data

If you enable reminders, the app may request notification permission and schedule local reminders on your device. The app may store reminder preferences, scheduled notification information, and unsent drafts locally on your device.

Notification content may include learning prompts. You can disable reminders in the app or through your device settings.

Technical, Security, and Diagnostic Data

We and our service providers may process technical data needed to operate, secure, monitor, and debug the Service, including IP address, request metadata, timestamps, app version, device or operating-system information, server logs, authentication/session metadata, error reports, performance data, and security or abuse-prevention records.

Support Communications

If you contact us, we collect the information you send, such as your email address, message content, attachments, and related support metadata.

4. Data We Do Not Intend to Collect

The Service is not designed to collect precise location, contacts, photos, videos, voice recordings, biometric data, health data, government identifiers, financial account details, or official documents.

If we add features that require new sensitive data, we will update this policy and request consent where required.

5. How We Use Data

We use personal data to:

create, authenticate, secure, and manage accounts
provide prompts, dialogue practice, sentence review, corrections, explanations, saved items, history, progress, and related learning features
personalize learning content based on your level, topics, language settings, saved items, and recent practice
process AI requests and generate learning content
verify trial and subscription access
enforce usage limits, subscription access, safety controls, and anti-abuse protections
schedule and manage optional reminders
process reports and reduce unsafe, offensive, or incorrect content
provide support and respond to requests
debug errors, monitor reliability, secure infrastructure, and improve the Service
comply with law and enforce our Terms

6. Legal Bases

Where the GDPR applies, we rely on:

contract necessity to provide accounts, learning features, AI processing, subscriptions, support, and requested Service functionality
legitimate interests to secure, debug, maintain, improve, and protect the Service; prevent abuse and fraud; enforce terms; and understand basic reliability
legal obligation where retention or disclosure is required by law
consent where legally required, such as notification permission or future optional processing that requires consent

You may withdraw consent where processing is based on consent, without affecting processing that happened before withdrawal.

7. AI Processing

GokuGoku uses external AI service providers to generate and review language-learning content. Data sent to AI providers may include your submitted text, generated prompts, recent learning context, saved suggestions, profile settings, and technical request data needed to provide the feature.

AI output may be inaccurate, incomplete, offensive, unsafe, or unsuitable. GokuGoku is a learning aid only and does not provide official translation, legal, immigration, employment, medical, financial, professional, certification, or exam-assessment advice.

You can report unsafe, offensive, or incorrect AI-generated content in the app where reporting is available or by contacting [email protected].

We share personal data only as needed to operate the Service, comply with law, protect rights and safety, or complete a transaction you request. Current categories of recipients include:

authentication and account providers
hosting, database, security, and infrastructure providers
diagnostics and reliability providers
AI service providers
app stores and payment-related providers for subscription purchase, validation, cancellation, refund, and entitlement handling
support and communication providers where needed

Current core providers include Clerk, Cloudflare, Sentry, Google AI services, Apple, and Google.

We may also disclose personal data if required by law, court order, competent authority, legal process, safety need, security need, terms enforcement, or in connection with a merger, reorganization, asset sale, or similar transaction subject to appropriate safeguards.

9. International Transfers

We are based in Italy, and some providers may process personal data outside your country, including outside the European Economic Area.

Where required, we rely on lawful transfer mechanisms such as adequacy decisions, the EU-US Data Privacy Framework where applicable, Standard Contractual Clauses, data processing agreements, and other appropriate safeguards.

10. Retention

We retain personal data only as long as reasonably necessary for the purposes described in this policy, including providing the Service, maintaining accounts, enforcing terms, preventing abuse, resolving disputes, complying with law, and maintaining backups.

In general:

account, profile, learning, saved-item, prompt, sentence, review, history, progress, and generated-content records are retained while your account is active
local reminder settings and drafts remain on your device until changed, cleared, or removed through normal app or device controls
reports, security records, and abuse-prevention records may be retained as needed to protect the Service
server, access, diagnostic, error, and security logs are retained for a limited period unless needed longer for security, troubleshooting, legal compliance, or disputes
billing, subscription, transaction, refund, tax, and accounting records may be retained for the period required by law
backup copies may persist until deleted or overwritten through normal backup cycles

Deletion may not immediately remove data from every backup, log, provider system, or legally required record.

11. Account Deletion

You can initiate account deletion in the app settings or request deletion by emailing [email protected].

When account deletion is completed, we delete or de-identify GokuGoku-controlled account and learning records where no exception applies. This includes profile data, saved items, generated prompts, prompt sessions, sentences, reviews, subscription account links, and subscription records in our application database.

We may retain limited data where necessary for legal compliance, tax and accounting, billing records, fraud prevention, abuse prevention, security, dispute resolution, backups, or legitimate internal records.

Account deletion does not automatically cancel an app-store subscription. You must cancel active subscriptions through the relevant app store to stop future charges. Third-party providers may retain provider-controlled records under their own policies and legal obligations.

12. Your Rights

Depending on applicable law, you may have rights to access, correct, delete, restrict, object to processing of, or receive a portable copy of personal data we control. You may also have the right to withdraw consent and lodge a complaint with a supervisory authority.

To exercise rights over GokuGoku-controlled data, contact [email protected]. We may need to verify your request and may limit or deny requests where an exception applies.

If your request concerns data controlled directly by a third-party provider, you may also need to use that provider's privacy tools or contact process.

If you are in the European Union, you may lodge a complaint with your local supervisory authority. Because the controller is based in Italy, the Italian data protection authority may also be relevant: Garante per la protezione dei dati personali.

13. Cookies, Local Storage, and Similar Technologies

The Service and its providers may use cookies, local storage, secure storage, tokens, SDK storage, and similar technologies for authentication, session continuity, app functionality, reminder settings, local drafts, subscription handling, security, fraud prevention, diagnostics, and reliability.

We do not use these technologies for third-party advertising or cross-app tracking.

14. Store Privacy Disclosures

Store privacy labels and data-safety forms should be consistent with this policy. Depending on platform and app version, GokuGoku may collect or process contact information, user content, identifiers, purchases, usage data, diagnostics, and security or fraud-prevention data.

Most collected data is linked to your account because the Service stores learning history and subscription access by account. We do not use collected data for third-party advertising or cross-app tracking.

15. Children

The Service is not intended for children under 16. We do not knowingly collect personal data from children under 16. If we learn that we collected personal data from a child under 16 without appropriate authorization, we will delete it.

16. Security

We use reasonable technical and organizational measures designed to protect personal data, including access controls, transport security, provider security controls, and infrastructure safeguards.

No system can be guaranteed completely secure. You are responsible for protecting your device, account credentials, and access to your email or sign-in provider.

17. Third-Party Links and Services

The Service may link to third-party websites, app-store pages, subscription-management pages, sign-in providers, dictionary resources, or support channels. Those third parties operate under their own terms and privacy policies.

18. Changes

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy and update the date above. Where required by law, we will provide additional notice or request consent.

19. Contact

Privacy, data protection, and deletion requests: [email protected]

Support questions: [email protected]