← Back to Home

Privacy Policy

Effective Date: January 10, 2026 | Last Updated: January 10, 2026

1. Introduction

Welcome to Hanziflow, a Chinese language learning mobile app. We are committed to protecting your privacy while providing a high-quality learning experience. This Privacy Policy explains how we collect, use, and protect your information, including how we handle AI-powered features and international data transfers.

2. Data Controller

The data controller responsible for your personal data is: Marcin Zurek, based in Poland Email: mz.mzurek@gmail.com

3. Information We Collect

a) Account & Profile Information

To personalize your experience (such as the "你好, [Name]" greeting) and sync your progress, we collect:

  • Identity Data: Name/Nickname and email address.
  • Authentication: We use Apple Sign-In (managed via Supabase Auth) to securely authenticate your account.

b) Flashcard & Learning Data

  • Progress Tracking: Which cards are "Learning" or "Memorized," daily streaks (🔥), and activity history.
  • User-Generated Content: Custom flashcards you create manually.

c) Image Data (AI Flashcard Generation)

When you use the "Create from Image" feature:

  • The app sends the photo to a Supabase Edge Function.
  • The image is processed via the OpenAI API to extract Chinese characters.
  • No Retention: We do not store your photos. They are used solely for the transient duration of the extraction process and are discarded immediately after processing.

d) Subscription and Payment Information

Payments are processed by the Apple App Store. We do not store payment details. We use RevenueCat to manage subscription status and validate receipts.

e) Technical & Analytics Data

  • Crash Reporting: Sentry collects technical logs to fix bugs.
  • Product Analytics: PostHog tracks app usage to improve functionality.

4. How We Use the Information

We use your data to maintain your learning progress, process AI-powered flashcard generation, manage subscriptions, and analyze app performance. We never sell your personal information.

5. Data Storage & International Transfers

Hanziflow is based in the European Union, but some of our service providers operate globally. Specifically, our data storage provided by Supabase is hosted on servers located in Asia.

As a result, your personal data may be processed outside the EU/EEA. When this happens, we ensure that appropriate safeguards are in place to protect your data in accordance with applicable data protection laws, such as the use of Standard Contractual Clauses (SCCs) approved by the European Commission.

6. Third-Party Services

We rely on the following third parties to deliver our service:

  • Supabase: Data storage, Authentication, and Edge Functions.
  • OpenAI: AI character extraction.
  • RevenueCat: Subscription management.
  • Apple: Payment processing and authentication.
  • Sentry: Error tracking and debugging.
  • PostHog: Product analytics.

7. Data Retention and Deletion

Your account and progress data are retained as long as your account remains active. You may request the deletion of your account and all associated data at any time by contacting mz.mzurek@gmail.com.

8. Your Rights (GDPR)

Under the GDPR, you have the right to access, correct, delete, or restrict the processing of your data, as well as the right to data portability. You may also lodge a complaint with the UODO (Polish Data Protection Authority).

9. Children's Privacy

Hanziflow is intended for users aged 13 and older. We do not knowingly collect personal data from children under 13.

10. Contact Us

Questions regarding this Privacy Policy can be sent to: mz.mzurek@gmail.com