Sign InSign Up

Privacy Policy

Information about how NIHONGO-AI handles personal data and privacy.

Last Updated: 2026-03-25

1. Basic Policy

We recognize the importance of users' personal information and strive to handle and protect it appropriately in compliance with the Personal Information Protection Act and other related laws and regulations.

2. Definition of Personal Information

In this Privacy Policy, personal information refers to personal information as defined in Article 2, Paragraph 1 of the Personal Information Protection Act, namely information about living individuals that can identify specific individuals through names, birth dates, and other descriptions contained in such information (including information that can be easily cross-referenced with other information to identify specific individuals).

3. Information We Collect

We may collect the following information:

3.1 Basic Information

  • Name, email address
  • Information provided when creating an account
  • Profile information

3.2 Payment Information

💳 About Payment Information Handling

  • Processed via Stripe: Credit card information is not stored on our servers but is securely processed by PCI DSS-compliant Stripe Inc.
  • Saved Information: We only store Stripe customer IDs, subscription information, and payment history
  • Security: Payment data is protected using industry-standard encryption technology
  • Access Restrictions: Access to payment information is restricted to the minimum necessary personnel

3.3 Usage Information

  • Service usage history
  • Access logs, IP addresses
  • Device information, browser information
  • Technical information such as cookies

4. Purpose of Use of Personal Information

We use the collected personal information for the following purposes:

  • Service provision, operation, and improvement
  • User support and inquiry response
  • Billing and payment processing
  • Sending important notifications
  • Usage analysis and statistics creation
  • Security assurance and fraud prevention
  • Legal compliance

5. Third-Party Sharing

We do not provide personal information to third parties except in the following cases:

  • With user consent
  • When required by law
  • When necessary for the protection of life, body, or property
  • When providing to business partners necessary for service provision (under appropriate management)

5.1 Business Partners

Main business partners:

  • Google LLC (USA) - Authentication Service (Google OAuth), AI Analysis (Google Gemini), Access Analytics (Google Analytics), Ad Delivery (Google AdSense)
  • Stripe, Inc. (USA) - Payment Processing Service
  • Vercel Inc. (USA) - Hosting and Performance Analysis
  • Supabase Inc. (Australia) - Database Hosting
  • Upstash Inc. (USA) - Rate Limiting Processing

5.2 Data Transmission in AI Processing

This service uses the Google Gemini API to provide Japanese language learning support features.

  • Text entered by users is transmitted to the Google Gemini API for analysis and correction.
  • The Gemini API processes the input data and generates analysis results.
  • After the request is completed, the input data is not retained on the Gemini API side.
  • User input data will not be used for AI model training.

For more details, please refer to the Google Cloud Privacy Policy. Google Cloud Privacy Notice

5.3 Legal Basis for Processing Personal Information

We process personal information based on the following legal grounds (for EEA/UK residents):

  • Performance of Contract: For service provision, account management, and payment processing
  • Consent: For cookie usage, marketing communications, and voluntary information provision
  • Legitimate Interest: For service improvement, security assurance, and fraud prevention
  • Legal Obligation: For retention and disclosure of information as required by law

6. International Data Transfers

In this service, personal information may be processed on servers in the following countries and regions to provide the service.

  • United States: Google LLC (authentication, AI, analytics, advertising), Stripe, Inc. (payments), Vercel Inc. (hosting), Upstash Inc. (rate limiting)
  • Australia: Supabase Inc. (database)

These countries may have different personal information protection systems than Japan, but we will protect personal information by implementing appropriate safeguards such as Standard Contractual Clauses (SCCs).

7. Security Measures

We take the following measures for the proper management of personal information:

  • Organizational security measures: Establishment of a personal information protection officer, development of regulations
  • Human security measures: Implementation of education and training for employees
  • Physical security measures: Physical security of data centers
  • Technical security measures: Encryption, access control, firewalls, etc.

8. Cookies & Tracking Technologies

We use cookies to improve the convenience of our services. Cookie settings can be changed from your browser, but disabling them may limit some functions.

We use Google Analytics and Google Adsense to analyze site usage and serve advertisements. Please see below for details.

8.2 Google Analytics Usage

We use Google Analytics (GA4) to analyze site usage.

Data Collected

Google Analytics collects the following data:

  • Page views, visit counts
  • Session duration, bounce rate
  • Referrer URL, search keywords
  • Device information (model, OS, browser)
  • Geographic information (country, city level)
  • IP address (anonymized)

Purpose of Use

Collected data is used for the following purposes:

  • Analyzing site usage
  • Improving and optimizing content
  • Enhancing user experience
  • Measuring marketing effectiveness

Anonymization and Privacy Protection

Data collected by Google Analytics is protected through the following methods:

  • Automatic IP address anonymization
  • Exclusion of personally identifiable information
  • Control via Consent Management Platform (CMP)

Cookie Consent and Consent Mode

We use 'Consent Mode':

  • When cookies accepted: Detailed data collection
  • When cookies denied: Minimal anonymized data collection

Even if you deny cookies, anonymized data is collected, but cannot identify you personally.

Data Sharing

Collected data is shared with Google LLC. Please review Google's data processing:

Opt-Out (Refuse Data Collection)

To completely refuse Google Analytics data collection, you can opt-out using the following methods:

8.3 Google Adsense Usage

We use Google Adsense to serve advertisements.

Ad Serving Mechanism

Google Adsense uses the following information to serve ads:

  • Site content
  • User interests (when consented)
  • Browsing history (when consented)
  • Device information, geographic information

Personalized Advertising

Ad serving methods differ based on cookie consent status:

  • When accepted: Personalized ads based on interests
  • When denied: Non-personalized ads based on content

Data Sharing

For ad serving, the following information may be shared with Google LLC and advertising partners:

  • Cookie ID
  • Ad display and click information
  • Site visit information

For details, please refer to Google's Advertising Policy.

Opt-Out (Decline Ad Personalization)

If you wish to opt out of personalized advertising:

9. User Rights

Users have the following rights regarding their personal information:

  • Request for disclosure, correction, or deletion
  • Request to stop usage or erase
  • Request to stop third-party sharing

To make these requests, please contact us at the address below. We will respond within a reasonable period after appropriate identity verification.

10. Data Retention Period

Personal information will be retained for the period necessary to achieve the purpose of use and for the period stipulated by laws and regulations.

  • Account Information: Until account deletion (deleted within 30 days after deletion)
  • Usage Logs: Up to 12 months
  • Payment Records: Legal retention period (7 years)
  • AI Input Data: Immediately discarded after request completion
  • Cookies: In accordance with each cookie's retention period (refer to Cookie Policy)

10.1 Children's Personal Information

We do not intentionally collect personal information from children under the age of 13.

In the EEA (European Economic Area), parental consent is required for the processing of personal information of individuals under the age of 16.

If we become aware that personal information from a child under 13 has been collected in error, we will delete it promptly.

11. Changes to Privacy Policy

We may change this Privacy Policy from time to time. Important changes will be announced on our website in advance.

Contact

For questions or consultations regarding the handling of personal information, please contact us at:

Personal Information Protection Officer

Email: nihongo.ai.office@gmail.com

Phone: Please inquire via email