Privacy Policy

MoshiMosh is a gamified Japanese-learning app made by Shinka: lessons, a learning journey, mini-games, streaks, leagues, a shop, and a chat with friends. Because it has user accounts and social features, it stores some information on a server. This policy explains precisely what we collect, where it’s kept, and which third parties are involved.

What we collect

• Your account, the email and password you sign up with (passwords are hashed by Supabase Auth, we never see them in plain text) and a username you choose. No real name, no date of birth, no phone number. Your avatar is a preset icon and color, not an uploaded photo.
• Your learning and gameplay, XP, streaks, hearts, crystals, lesson and vocabulary progress, reading and language preferences, and your device’s time zone (used to time your daily reminders).
• Your social activity, the people you follow, friend streaks, blocks, and the messages you send in direct and group chats. A public profile (username, avatar, XP, streak) is visible to other players and the leaderboard; your email is never shown to other users.
• A push token, a device identifier issued by Apple or Google so we can deliver notifications. It is stored with your account.
• Support and bug reports, if you send one, the comment you write, basic device info, and any screenshot you choose to attach.

Where it’s stored

All server-side data lives in Supabase, our backend provider (a hosted Postgres database, authentication, and file storage). Access is protected by row-level security, which means the database only ever returns rows that belong to your own account. Connections use HTTPS.

Who else processes your data

These are the only third parties involved, and only for the functions noted:

• Supabase, our backend: database, account authentication, and storage for bug-report screenshots.
• Firebase Cloud Messaging (Google), push-notification delivery. It receives your device push token and the reminder content (such as your username, time zone, and streak) needed to send the notification.
• RevenueCat, manages subscriptions and purchases. It identifies you by your MoshiMosh account ID, never by your name or card. Payment itself is handled by Apple or Google, so we never receive your card details.

Pronunciation audio is streamed from our own content server at audio.moshimosh.ca.

What we do not do

• No third-party analytics SDKs (no Firebase Analytics, Mixpanel, Amplitude, PostHog).
• No crash-reporting SDKs (no Crashlytics, no Sentry).
• No advertising, no ad identifier (IDFA), and no cross-app tracking.
• No access to your microphone, camera, photos, location, or contacts. The app declares no such permissions.
• We never sell or rent your personal information.

Payments

MoshiMosh is free to play. The optional Shinka Plus subscription and crystal (gem) packs are sold through Apple’s and Google’s in-app purchase systems and managed with RevenueCat. We never see or store your payment-card information.

Notifications

With your permission, MoshiMosh sends reminders and social alerts through Firebase Cloud Messaging. You can turn them off at any time in the app or in your device settings.

Children

MoshiMosh is intended for users aged 13 and over (16 and over where local law requires). We do not knowingly collect personal information from children under 13. If you believe a child has created an account, contact us at shinkayoubi@gmail.com and we will remove it.

Your rights and choices

You can view and edit your profile and preferences in the app, block other users, and disable notifications. You can request a copy of your data or ask us to delete your account and everything tied to it by emailing shinkayoubi@gmail.com. Depending on where you live, you may have rights under the GDPR, UK GDPR, CCPA and CPRA, PIPEDA, or Quebec’s Law 25, including access, correction, portability, and erasure. We honour those requests. Your data may be processed in Canada and the United States.

Security

Passwords are hashed, every connection uses HTTPS, and row-level security isolates your data from other accounts. No system is perfect, but we keep the surface small on purpose: no analytics, no ad networks, and no data brokers.

Changes to this policy

If our data practices change, we’ll update this page and the “last updated” date above, and note material changes in the app’s release notes.

Contact

Privacy questions or data requests: shinkayoubi@gmail.com.