This policy explains how HanziMemo collects, uses and protects your personal data, in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act.
1. Data controller
Alice Hitchon (sole trader), publisher of HanziMemo. Contact: hanzimemo.contact@gmail.com.
2. Data collected
Data you provide
- Email address and password (hashed) at sign-up
- Username and interface language
- Your custom review lists and preferences (voice, algorithm)
Data generated by your usage
- Learning progress (words seen, success rate, FSRS intervals)
- Mock exam results and scores
- Login stats (streak, XP, leaderboard)
Technical data
- Minimal server logs (truncated IP, browser) for security
3. Purposes and legal bases
- Providing the service (account, progress, sync) — basis: contract performance
- Security (fraud prevention, backups) — basis: legitimate interest
- Product improvement (aggregated, anonymous stats) — basis: legitimate interest
HanziMemo does no targeted advertising and never sells your data.
4. Retention
- Active account: as long as you use the app
- Inactive account: automatic deletion after 3 years without sign-in
- Data deleted on request: within 30 days maximum
5. Your rights (GDPR)
At any time you have the following rights:
- Access: obtain a copy of your data
- Rectification: correct inaccurate data
- Erasure: delete your account and all your data
- Portability: receive your data in a readable format
- Objection and restriction of processing
To exercise these rights, write to hanzimemo.contact@gmail.com. You can also delete your account directly from the app settings.
In case of a dispute, you may file a complaint with the CNIL (French data protection authority): www.cnil.fr.
6. Sub-processors
HanziMemo relies on technical providers bound by data processing agreements (DPA):
- Supabase (database, authentication) — EU infrastructure
- Cloudflare (hosting, CDN) — data processed in EU when possible
- Microsoft Azure (speech synthesis for pronunciation) — EU region
7. Security
TLS encryption for all exchanges, hashed passwords, data access restricted by Row Level Security at the database layer. As no transmission is 100% secure, you are encouraged to use a strong password.
8. Minors
The app is open from age 15. Users under 15 must obtain authorization from a parent or legal guardian.
9. Changes
This policy may be updated. Any substantial change will be notified within the app.