Privacy Policy

HSK Anywhere ("Service Provider") establishes this Privacy Policy ("Policy") regarding the handling of user information in connection with the Chinese-learning service HSK Anywhere and all related applications, websites, content, account features, cloud sync and backup, subscriptions, and other related services (collectively, the "Service").

By using the Service, you are deemed to have agreed to this Policy. For the terms governing use of the Service, please also review the Terms of Use.

The Service is intended as a study-support service. The Service Provider handles user information only to the extent necessary under applicable law and for operational purposes. However, external authentication, billing, cloud, audio generation, and other third-party services chosen by users are also subject to the policies and terms of those service providers.

1. Scope

This Policy applies to the Service app itself, the official website, support communications, billing management, authentication, backup, restore, audio playback features, and other related functions operated or provided by the Service Provider.

However, for the handling of information by services independently provided by Apple, Google, RevenueCat, Firebase, Amazon Web Services, and other third parties, the terms and policies of those third parties apply, and this Policy does not directly apply.

2. Information We Collect

The Service Provider may collect or handle the following information:

Account information: email address, Firebase Authentication user ID, email verification status, and information about the login method
External authentication information: identifiers, email address, display name, and other information provided by Google, Apple, or the applicable authentication platform when signing in with a Google account or Apple ID
Learning data: vocabulary learning progress, learning status for each word, level check results, estimated level, learning history, data subject to restore or backup, and the last backup timestamp
Test-related data: vocabulary score, estimated level, next target level, acquired vocabulary information, question history, and test date and time
Questionnaire and survey response data: whether the user has taken the HSK, target HSK level, whether the user wants to take a level check, questionnaire answers, response timestamps, app language, platform, installation identifier, and Firebase Authentication user ID when the user is signed in
Data stored on the device: language settings, theme settings, study mode, question format, local learning history, daily study status, subscription display state, and other settings needed to use the app
Subscription-related information: plan type, billing cycle, product identifiers, purchase, restore, and entitlement status, in-app user ID, email address when set, and other information needed to manage subscriptions
Inquiry information: emails, requests, bug reports, information needed for identity verification, UID values optionally included by users, and other content submitted to the Service Provider
Audio playback-related information: words, example sentences, or similar text to be converted into audio, playback speed information, and temporary audio cache stored on the device when external voice generation is used
In-app analytics and review prompt information: installation identifier, event names, event parameters, platform, language, client-side timestamps, Firebase Authentication user ID when the user is signed in, subscription screen and purchase-related interaction events, questionnaire events, and review prompt display, acceptance, dismissal, or request status
Website usage information: IP address, browser type, operating system, referrer, viewed pages, access date and time, and cookies or similar identifiers when using the official website
Technical information automatically processed by external services: device type, OS version, app version, language, store transaction status, purchase tokens or receipts, logs, connection information, and other technical data needed to provide the Service or operate external services

At this time, the Service does not request permissions for the purpose of collecting a user's precise location information.

The Service Provider does not directly store payment details such as credit card numbers or bank account information on its own servers. Such information is primarily processed by Apple App Store, Google Play, RevenueCat, or other payment-related service providers.

Users may be able to restrict or delete cookies through their browser settings. If they do so, this may affect certain website displays, convenience features, or website analytics.

3. Purposes of Use

The Service Provider primarily uses collected information for the following purposes:

To provide the Service, authenticate users, verify identity, and maintain login status
To provide learning history, level check results, backup and restore functions, sync functions, and related features
To manage user settings, learning status, daily usage status, and similar data on the device or in the cloud
To understand users' learning goals, improve onboarding, analyze usage trends, and improve the Service based on questionnaire responses and in-app analytics
To provide paid plans, confirm purchases, synchronize entitlement status, restore purchases, and support billing-related inquiries
To create and manage audio playback, external voice generation, and related cache
To respond to user inquiries, support requests, and identity verification requests
To send verification emails, important notices, service change notices, and other necessary communications
To prevent misuse, maintain security, respond to incidents, and address violations of the Terms of Use
To maintain and improve the Service, manage quality, conduct statistical analysis, investigate incidents, and consider future features
To comply with laws, protect rights, resolve disputes, and handle related matters

Except where permitted by law, the Service Provider will not use personal information beyond the scope reasonably related to the purposes specified at the time of collection without the user's consent.

4. Third-Party Services and Contractors

The Service uses the following types of external services. User information may be transmitted to, stored by, or processed by these external services to the extent necessary to provide the Service.

Firebase / Google : authentication, cloud data storage, sync, questionnaire response storage, in-app analytics event storage, and related infrastructure
Google : Google sign-in, Google Play distribution and billing, and Google tag on the official website
Apple : Apple ID sign-in and App Store distribution and billing
RevenueCat : subscription status management, purchase restoration, and billing flow management
Amazon Web Services : Cognito and Polly for authentication support and voice generation
Expo : app runtime platform and related services

If a user chooses Google sign-in, Apple sign-in, App Store billing, Google Play billing, or similar features, those third parties may independently handle user information in accordance with their own policies.

5. Disclosure to Third Parties

The Service Provider does not provide personal information to third parties except in the following cases:

Where the user has given consent
Where required by law
Where necessary to protect life, body, or property and obtaining the user's consent is difficult
Where particularly necessary to improve public health or promote the sound growth of children and obtaining the user's consent is difficult
Where cooperation with a government body or similar authority is necessary and obtaining the user's consent may interfere with that cooperation
Where handling is entrusted to an external service provider within the scope necessary to achieve the purposes of use
Where information is transferred in connection with a business transfer, merger, company split, or similar event

The Service Provider does not sell user information.

6. Cross-Border Handling

Due to the nature of external services, user information may be handled on servers, infrastructure, or by service providers located in Japan or outside Japan. For example, Firebase, Google, Apple, RevenueCat, and similar external providers may process information in multiple countries or regions, including outside Japan, according to their operational structures.

The Service Provider selects external services that it considers reasonable in light of the purposes of use. However, it does not continuously and completely verify or guarantee the specific storage locations, retention periods, technical specifications, or details of foreign legal systems applicable to each external service.

7. Publicly Available Information Regarding Retained Personal Data

The name, address, and representative name of the personal information handling business operator will be provided without delay upon request by the individual concerned. The contact point is set out at the end of this Policy.

In accordance with applicable law, users may request disclosure, correction, addition, deletion, suspension of use, erasure, or suspension of third-party provision of personal data retained by the Service Provider. When making such a request, users may be asked to provide information necessary for identity verification.

Such requests may be made by using in-app data deletion or account deletion functions, or by contacting the contact point listed at the end of this Policy. However, the Service Provider may decline to comply in whole or in part where it has no legal obligation to comply, where the user cannot be identified, where the request is excessive or unreasonable, or where compliance would interfere with the rights, safety, or operation of the Service or other users.

To the extent permitted by law, a reasonable fee may be charged for requests for disclosure and similar requests.

8. Data Retention

The Service Provider may retain collected information for the period necessary to achieve the purposes of use, for account management, contractual needs, inquiry handling, compliance with law, dispute response, fraud prevention, and any other period reasonably necessary.

Settings and learning data stored on a device may remain until the user deletes the app or uses an in-app device data deletion function. Cloud-stored data may become subject to deletion upon account deletion, a deletion request, or when it is no longer necessary for service operation. However, the Service Provider does not guarantee immediate and complete deletion from backups, logs, caches, or disaster recovery data.

Certain information may be retained for a certain period due to legal or technical requirements. In addition, anonymized or otherwise non-identifiable statistical information may continue to be used.

9. Overview of Security Measures

The Service Provider endeavors to implement reasonable and appropriate security measures to address risks such as leakage, loss, damage, unauthorized access, and other risks relating to personal information it handles.

Limiting access privileges to the minimum necessary scope
Using third-party services for authentication, cloud infrastructure, billing infrastructure, and similar functions
Operating so that information is accessed only within the necessary scope of handling
Reviewing logs, operations, or procedures in preparation for misuse or incidents
Selecting external services that may process information outside Japan based on publicly available information and other relevant materials

However, complete security cannot be guaranteed in light of internet communications, cloud infrastructure, third-party systems, user device environments, and similar circumstances.

10. Users Under 13

The Service is not intended for use by children under 13 years of age. If the Service Provider determines that it has obtained personal information from a user under 13 without the involvement of a legal guardian, it may take reasonable steps to delete such information or otherwise respond as necessary.

11. Changes to This Policy

The Service Provider may revise this Policy due to legal amendments, changes in the Service, operational needs, or other reasons. The revised Policy will become effective when it is published or notified within the Service, on the official website, or by any other method deemed appropriate by the Service Provider.

12. Contact

For inquiries regarding this Policy, requests relating to retained personal data, deletion requests, or other matters concerning the handling of user information, please contact hskanywhere@gmail.com.