Privacy Policy

Nisatsu is a language-learning product operated by the Nisatsu team ("Nisatsu", "we", "us"). This policy explains what data we collect when you use nisatsu.app or the Nisatsu mobile app, how we use it, who we share it with, and the rights you have.

If you have questions, write to contact@nisatsu.com.

• Account identifiers. Email address and/or phone number you use to sign in, a Stytch-assigned user ID, and any profile fields you edit (display name, username, bio, avatar, learning goal, interest tags).
• Learning data. Vocabulary you add or mark, stories generated for you, read sessions, review grades, streaks, and statistics derived from these.
• Device & technical data. IP address (derived from request headers), browser/OS user-agent, approximate region inferred from IP, push-notification tokens you register with us, and error diagnostics when something breaks.
• Billing data. Stripe customer & subscription IDs, plan, status, and renewal/cancellation dates. We never see or store your card number; Stripe handles payment instruments.
• Product analytics. A fixed set of product events (e.g. story generated, word saved, onboarding completed) linked to your user ID so we can understand usage and diagnose issues.

• To operate the service: generate stories, track vocab, run review, deliver push notifications you opted into.
• To authenticate you securely and keep sessions valid.
• To bill for subscriptions and enforce entitlements.
• To debug failures and prevent abuse (rate-limiting, fraud).
• To improve the product via aggregate/event analytics.

We do not sell your personal information, run third-party advertising, or profile you for advertisers.

• Contract — to deliver the service you signed up for.
• Legitimate interests — to keep the service safe, debug it, and prevent abuse.
• Consent — for optional analytics/telemetry beyond what the service needs to function; revocable any time in Account → Privacy.
• Legal obligation — to retain records we must keep by law.

We use a small number of vetted subprocessors to run the product. A current list is maintained at /subprocessors. As of the effective date above, that list covers authentication (Stytch), payments (Stripe), AI generation and TTS (OpenAI), database hosting (Neon Postgres), rate-limiting state (Upstash Redis), error monitoring (Sentry), push delivery (Expo + Apple APNs / Google FCM), and hosting (Vercel).

We disclose data to these providers only to the extent necessary to operate the service, under contracts that restrict their use of the data. We do not share with data brokers or advertisers.

What we send to OpenAI. When you generate a story, we send a sample of your known vocabulary (up to ~120 words), your chosen target/native languages, and — if you provided one — your topic prose. The topic is run through OpenAI's moderation endpoint before generation, and the generated story is moderated again before it's shown to you. When you tap a vocab word for details we may send the word and its meaning to OpenAI to look up its part of speech. When you request a story title in your native language, we send the title and language pair. When you play audio, the sentence being spoken is sent to OpenAI's text-to-speech endpoint. We do not send your name, email, phone, IP address, or internal user ID to OpenAI in any of these calls.

Our subprocessors may process data outside the country you live in (typically the United States and the European Union). Where required, transfers rely on standard contractual clauses or equivalent safeguards offered by the subprocessor.

We keep account and learning data for as long as your account is active. When you delete your account, we remove your profile, settings, vocabulary, stories, read sessions, subscription record, and analytics events. Backup snapshots age out within 30 days. Limited records required for legal or financial reasons (e.g. invoices) may be retained longer as permitted by law.

Regardless of where you live, you can:

• Download a complete copy of your data (Account → Privacy → Download my data).
• Correct your profile and settings in the app.
• Delete your account (Account → Privacy → Delete my account). Deletion is permanent.
• Opt out of profile-based recommendations.
• Turn off optional analytics/telemetry.
• Turn off push notifications in settings or your device OS.

California residents may exercise CCPA/CPRA rights including "Do Not Sell or Share My Personal Information" — use the toggle in Account → Privacy. EU/UK/EEA residents may also lodge a complaint with their local supervisory authority.

To exercise any right we do not expose directly in the app, email contact@nisatsu.com. We respond within 30 days.

Nisatsu is not directed to children under 13 and we do not knowingly collect data from them. If you believe a child has signed up, email contact@nisatsu.com and we will remove the account.

Sessions are encrypted in transit (HTTPS), passwords are never stored (we use passwordless sign-in via Stytch), and sensitive state is kept in access-controlled databases. No system is perfectly secure; if you believe you've found a vulnerability, please follow the disclosure process in our SECURITY.md.

We will update the effective date above when this policy changes and notify active users of material changes before they take effect.