Data Security Center

Privacy Policy & Data Security

Last updated: 7/13/2026 · Transparency-first policies

1Our Commitment

Susume Nihongo is structured to prioritize learning above all. We are entirely free to use. There are no trackers, no analytics SDKs, and no advertisements embedded in this application.

Because we operate on a local-first architectural model, your database remains localized on your computer. We do not monetize, evaluate, or aggregate your learning histories, cards, or speech conversations.

2Data Storage Audit

Here is an exact audit of where each piece of data is kept and when it is transmitted.

Data Element

Gemini API Key

Your custom AI access token

Storage: LocalStorage Only
LOCAL ONLY — NEVER SYNCED

Learning History

Recent translation results & inputs

Storage: LocalStorage
LOCAL ONLY

Flashcards & Memory States

Vocabulary cards & scheduling stats

Storage: LocalStorage & Supabase
OPTIONAL CLOUD SYNC

Quizzes & Study Progress

Chapter marks, streaks, and scores

Storage: LocalStorage & Supabase
OPTIONAL CLOUD SYNC

Payment Customer Status

Stripe link (Only if subscribed to sync)

Storage: Stripe Servers
EXTERNAL PAYMENT SERVERS

3API Key Sandboxing

Your Google Gemini API Key is stored only inside the browser local sandbox. It is never routed through, processed, or logged on our servers.

API Stripping during Sync: If you activate Cloud Sync Pro, our system automatically strips your Gemini API key from the settings payload before it leaves your browser. Syncing saves your progress and metrics, but your key will always remain localized on each device.

4Authentication & Optional Cloud Sync

Signing in with a Google account is optional. All translation engines, guides, and quizzes work without an account. We offer Cloud Sync solely to back up data across devices.

  • Supabase Authentication: Authentication is handled by Supabase OAuth with Google. We store your account ID, display name, and email. We do not store passwords.
  • Row Level Security (RLS): Our database utilizes strict RLS keys, ensuring that your synced flashcards are readable and writable solely by you.
  • Stripe Checkout: Payments for Cloud Sync Pro are routed through Stripe. Stripe holds Level 1 PCI protection. We record your subscription status, but never see or store billing numbers.

5Third-Party Integrations

We connect directly with trusted services to deliver the application:

Google Gemini AICore Engine

Processes Japanese queries, grammar details, native TTS pronunciations, and Live Voice coach sessions directly.

SupabaseSync Database

Manages optional Google logins and hosts synchronized client database snapshots securely with RLS protection.

StripeBilling Gateway

Secures Stripe checkout cards. No raw credit cards are handled on Susume Nihongo servers.

Google OAuthAuthentication

Authenticates sync profiles using external redirects. Your passwords remain entirely unknown to our databases.

6Service Workers (PWA)

Susume Nihongo runs as a Progressive Web App (PWA) on your devices. We register a client service worker (sw.js) to load page shells and CSS files offline.

This script does not collect, record, or share telemetry. Its sole role is optimizing resource speeds and providing complete offline compatibility for local pages.

7Data Deletion & Extraction

You hold complete control over your local records. You can download or completely wipe your data at any time:

Delete Local Data

Wipe all cached vocab, FSRS metrics, and configurations by clearing your browser's localStorage or using the App Settings modal.

Delete Sync Profile

If you hold a logged-in account, you can request a complete profile wipe within settings. This instantly drops all Supabase cloud records.