kashi — Privacy Policy

1. Introduction

This Privacy Policy describes what information kashi collects, how we use it, and the choices you have. It applies only to the kashi mobile app.

2. Information We Collect

From Sign in with Apple

• A stable Apple-issued user identifier (the sub claim)
• Your name, if you choose to share it with kashi at sign-in
• Your email, if you choose to share it (Apple's relay email is acceptable)

We never receive your Apple ID password.

From your Apple Music library (with your explicit permission)

• Song titles, artist names, album names, genre tags, ISRCs
• Whether each song has lyrics
• Apple Music catalog and library identifiers

We do NOT collect or transmit audio. We do not retain song lyrics themselves on your account — only the matched song's classification.

From your use of the App

• Anonymous usage state (e.g., which Premium tier you have)
• Standard server logs (IP address, timestamps, requested endpoints)

From your purchases

• App Store-issued transaction identifiers for purchase verification
• We do NOT see your payment card or full Apple ID

3. How We Use Your Information

• To match Japanese songs in your library against the lrclib.net community lyric corpus
• To generate study cards (vocabulary picks, translations, learner notes)
• To verify your Premium entitlement and unlock paid features
• To diagnose problems and operate the service

We do NOT sell your information, do NOT use it for advertising, and do NOT share it with advertisers or data brokers.

4. Third-Party Services

kashi sends data to these third parties only to provide its features:

• Supabase (authentication, database) — US East
• Render (backend hosting) — US Oregon
• Apple Music API — Apple Inc., for library reads with your permission
• lrclib.net — receives only song title + artist name when we look up a match; does not receive your identity
• Azure OpenAI — receives lyric lines for translation/learner note generation; data is processed under Microsoft's "no data used to train models" enterprise terms; does not receive your identity

5. Data Retention

• Account data: kept while your kashi account is active
• Library snapshot: kept until you delete the App or re-sync
• Logs: typically 30–90 days, then rotated
• Cancelled Premium: entitlement records are retained for accounting, but library/snapshot data follows the rules above

6. Your Rights

You may:

• Stop using the App at any time by uninstalling it
• Request deletion of your kashi account and associated data by emailing support@memoirji.com
• Request a copy of the data we hold about you
• Manage or revoke Apple Music access in iOS Settings → Privacy & Security
• Manage your subscription in iOS Settings → Apple ID → Subscriptions

EU/UK users: GDPR rights apply (access, rectification, erasure, portability, restriction, objection). California users: CCPA rights apply (right to know, delete, opt-out of sale — note we do not sell data).

7. Children's Privacy

kashi is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe we have, contact us and we will delete it.

8. Security

We use industry-standard transport encryption (HTTPS) and authenticated storage. No system is perfectly secure; we cannot guarantee absolute protection against unauthorized access.

9. International Transfers

If you use kashi from outside the United States, your data is transferred to and processed in the United States.

10. Changes to This Policy

We may update this Privacy Policy; the effective date above will be revised when we do. Material changes will be highlighted in the App or on this page.

11. Contact

Privacy questions: support@memoirji.com