English Thinking Gym
JA|EN
Back to top

Privacy Policy

This Privacy Policy describes how "English Thinking Gym" (the "Service") collects, uses, and handles your personal information and other data. By using the Service, you agree to this policy.

1. Information We Collect

  • Account Information
    • Name or display name (optional)
    • Email address
    • User ID maintained by Supabase Auth
  • Usage Data
    • English text and notes entered during training
    • A/B decision content
    • AI feedback (scores and text)
    • Daily session information (dates used, cycle/day progress, consecutive usage days, etc.)
  • Technical Information
    • Browser type and version
    • Timezone information
    • Access dates/times and IP addresses (may be included in logs automatically collected by Supabase, Vercel, Stripe, OpenAI, Google Analytics, etc.)
  • Cookies and Similar Technologies
    • We may use cookies and similar technologies to maintain login status and understand usage. For details, see our Cookie and Tracking Policy.
  • Payment Information
    • Payment and subscription information is held by Stripe. We do not store full credit card numbers.

2. Purposes of Use

We use collected information for the following purposes:

  • To provide, operate, and improve the Service
  • To display, store, and review training results and feedback
  • To analyze usage (Google Analytics, Vercel Analytics, etc.)
  • To investigate issues and implement security measures
  • To manage subscription billing (via Stripe)
  • To respond to user inquiries
  • To send important notices about service changes

We will obtain explicit consent before using your information for marketing emails.

3. Third-Party Services

The Service integrates with the following third-party services:

  • Supabase (Authentication and Database)
    • Stores user information, training data, and progress data.
    • Row Level Security (RLS) ensures only the user can access their own data.
  • Stripe (Payment)
    • Manages subscription billing.
    • Credit card information is managed by Stripe; we do not store card numbers.
  • OpenAI API (AI Feedback and Scenario Generation)
    • We send your English input and some context to generate feedback and scenarios.
    • We design our requests to avoid including direct identifiers such as names or email addresses.
  • Google Analytics and Vercel Analytics (Usage Analysis)
    • We collect page views, device and browser information, etc., for service improvement and marketing insights.
    • For cookie usage and opt-out options, see our Cookie and Tracking Policy.

These third-party services handle data according to their respective privacy policies.

4. International Data Transfer

The Service uses cloud services located outside Japan for authentication (Supabase), payment (Stripe), AI processing (OpenAI), and analytics (Google Analytics, etc.). Your data may be stored or processed on servers outside your country of residence. We use these providers after confirming they have appropriate security and privacy measures, but please note that applicable laws may differ from those in your jurisdiction.

5. Legal Basis for Processing

We process personal data based on one or more of the following:

  • Contract performance: As necessary to provide the Service and manage billing
  • Legitimate interests: Service improvement, fraud prevention, and security
  • Your consent: Agreement to this policy and our Terms of Use, or separate consent where required

Where your local laws (e.g., GDPR in the EU) require consent or other bases, we comply with those requirements.

6. Data Retention

  • We retain training and progress data while your account is active.
  • If you delete your account, we will delete related training data, progress data, and profile information. Any active subscription will be cancelled on Stripe. Some backups may be deleted after a period due to technical constraints.
  • We may retain certain payment records or logs as required by law.

7. Your Rights

Users of the Service have the following rights:

  • To export (download) your training data, feedback, and progress from the settings page
  • To request deletion of your account and related data via the account deletion feature
  • To request correction of your information (e.g., email address changes)

For other data-related inquiries or deletion requests, please contact us using the information below.

8. Security

  • Supabase Row Level Security helps prevent unauthorized access to user data.
  • We use HTTPS to encrypt data in transit.
  • We apply minimal necessary permissions and manage API keys appropriately.

However, we cannot guarantee complete security for data transmitted or stored over the internet.

9. Minors

The Service is primarily intended for business professionals, and we assume users are 18 years or older. If you are under 18, please use the Service only with consent from a parent or legal guardian.

10. Policy Changes

We may update this Privacy Policy from time to time. We will notify you of significant changes via the Service or email.

11. Contact

For questions about privacy, or to request access, correction, or deletion of your data, please contact us at:

  • Email: englishthinkinggym@gmail.com