Skip to main content

Privacy Policy

Last updated: July 1, 2026

Protecting your personal data is a matter I take seriously. This privacy policy describes which data is processed when you visit kanjiru.app and when you use the mobile app Kanjiru, for which purpose, on which legal basis — and which rights you derive from this.

This website is intentionally cookie-free and works without a consent banner: there are no tracking cookies and no advertising profiles. The only thing stored is a single technically necessary entry in your browser’s local storage: if you dismiss the notice about the upcoming iOS version, that choice is remembered so the notice does not reappear. This entry holds only that yes/no information and no personal data; the legal basis is Section 25 (2) TDDDG (strictly necessary for the function you requested).

1. Controller

Responsible for the data processing within the meaning of the General Data Protection Regulation (GDPR) is:

Marius Schmidt
Marius Schmidt Webdesign — sole proprietorship (Einzelunternehmen)
Holzsteigweg 10
78166 Donaueschingen
Germany

Email: support@kanjiru.app
Phone: +49 179 1622748

There is no obligation to appoint a data protection officer; the criteria of Art. 37 GDPR and Section 38 BDSG are not met.

2. Principles of processing

I collect and process personal data exclusively to the extent necessary for the operation of the website and the app. Data is never processed for advertising or profiling purposes.

3. Data collected automatically when accessing the site

Each time a page is called up, your browser transmits technically necessary information to the web server. This data is briefly stored in access logs to ensure secure and stable operation, to analyse technical errors and to defend against abusive access.

In particular, the following is logged:

  • IP address of the requesting device
  • date and time of the request
  • URL called up and HTTP status code
  • volume of data transferred
  • referrer URL (the previously visited page, if transmitted)
  • browser and operating system identifier (user agent)

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in the secure and functional operation of the website).

Storage period: logs are deleted automatically after 7 days. Log data is not combined with other data sources.

The transmission of this data is technically necessary and required to access the website. Without this data, the website cannot be displayed.

4. Cookies and local browser storage

This website uses no cookies. Language selection is based on the URL structure and requires no storage. The colour scheme preference (light/dark/system) is read from browser-local storage (localStorage) on each page load and stored there when you actively change the colour scheme.

Consent pursuant to Section 25 (1) TDDDG is not required: this storage is strictly necessary to provide the display mode you have chosen (Section 25 (2) no. 2 TDDDG). Therefore, no consent banner is displayed.

You can clear local browser storage at any time via your browser settings.

5. Audience measurement with Umami

To understand how the site is used, I operate the open-source analytics tool Umami Analytics. Umami is self-hosted on the same server as this website — no analytics data is shared with third parties. Umami uses no cookies whatsoever and no form of personal identification. To distinguish repeat visits within a single day, a technical fingerprint is derived from the IP address, the user agent, and a rotating random key. The original IP address or any specific person cannot be reconstructed from it.

Only aggregated metrics are recorded: URL called up, referrer, screen resolution (used to derive a device class), browser family, operating system, language and country. No cookies are set and no information is read from your browser’s local storage.

In addition, individual anonymous interaction events — such as clicks on the download, contact, language or iOS-interest buttons, as well as expanding sections — are recorded as aggregated counters. Each event may carry anonymous context information, such as the placement of the button, the target address of an external link that was clicked, or the selected language or JLPT level. This information contains no personal data and allows no conclusions about individual people.

Do Not Track: If your browser sends a Do Not Track (DNT) signal, audience measurement is omitted entirely for your visit; no statistical data about your visit is collected in that case. You can enable this setting in your browser’s privacy settings.

Storage period: The aggregated statistics are stored indefinitely. No personal reference can be established at any point.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in audience measurement and in the technical optimisation of the website). In the balancing of interests, this interest prevails: the measurement works without cookies, without device-related identifiers, without profiling and without sharing data with third parties; the data is processed exclusively on my own server in aggregated form, and no personal reference can be established at any point. Given this design, no overriding legitimate interests of visitors are apparent. Umami does not store information on your device and does not read information stored there; Section 25 (1) TDDDG is, in our view, not applicable — the processing is governed exclusively by the GDPR. No consent is required.

6. Contact by email

If you contact me by email (e.g. at support@kanjiru.app), I process the data you provide (email address, name — if given — and message content) in order to handle and respond to your enquiry. Providing this data is neither legally nor contractually required and is voluntary; however, your enquiry cannot be answered without your email address.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in responding to user enquiries) or Art. 6 (1) (b) GDPR if your enquiry relates to the conclusion or performance of a contract.

Storage period: Emails and associated data are deleted once they are no longer needed to handle the enquiry — typically after the communication has concluded, unless statutory retention obligations apply.

7. Data processing in the app

The Kanjiru app processes only data stored locally on the device. All learning data is encrypted with AES-256 on the device and never leaves it. The Android backup system (Google cloud backup and device transfer) is also fully disabled for the app — learning data is not backed up to Google servers. The app does not collect any telemetry or analytics data. There are no user accounts, no registration and no login.

The app offers the option to submit a rating on the Google Play Store (In-App Review). This process is handled entirely by Google Play Services on the device. I have no access to the data transmitted in this process. Processing by Google is governed by Google’s privacy policy. In the course of this, personal data may be transferred to Google LLC in the United States. Google LLC is certified under the EU-US Data Privacy Framework (DPF); the transfer is based on the adequacy decision of the European Commission of 10 July 2023 (Art. 45 GDPR).

The app is distributed via the Google Play Store. During installation and updates, your device communicates directly with Google servers; in doing so, Google LLC processes data (e.g. device, installation and version information) under its own responsibility, including in the United States. Here, too, Google LLC is certified under the EU-US Data Privacy Framework. Details are governed by Google’s privacy policy.

8. Hosting

This website is hosted with Hostinger International Limited (61 Lordou Vironos Street, LUMIEL BUILDING, 4th Floor, 6023 Larnaca, Cyprus; operational headquarters: Jonavos g. 60C, 44192 Kaunas, Lithuania). The servers used for this website are located in the Frankfurt am Main (Germany) data centre; no processing outside the EU takes place in the hosting path. A data processing agreement pursuant to Art. 28 GDPR is in place with Hostinger (Data Processing Addendum).

The hosting provider automatically collects information in server log files (IP address, time of access, requested page). This data is used exclusively to ensure smooth operation.

Storage period: The retention periods stated in section 3 apply (automatic deletion after 7 days).

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in reliable website operation).

9. No automated decision-making

Automated decision-making including profiling within the meaning of Art. 22 GDPR does not take place.

10. Your rights as a data subject

In relation to the personal data processed about you, you have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restrict processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)

As far as the website and the app are concerned, these rights are generally moot, since no personal data is collected beyond server log files. However, if you have contacted me by email (section 6), you have these rights without restriction with regard to the data processed in that context (email address, name, message content). To exercise your rights or for any other enquiries, contact me at support@kanjiru.app.

11. Right to object

You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6 (1) (f) GDPR (Art. 21 GDPR).

You can file the objection informally by email to support@kanjiru.app.

12. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The authority responsible for me is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (State Commissioner for Data Protection and Freedom of Information Baden-Württemberg)
Heilbronner Straße 35
70191 Stuttgart
Germany

Phone: +49 711 61 55 41-0
Email: poststelle@lfdi.bwl.de
Web: baden-wuerttemberg.datenschutz.de

13. Changes to this privacy policy

I update this privacy policy whenever data processing changes or when legal requirements make it necessary. The current version is always available here.