Privacy policy

1. What we collect

Anonymous browsing

On your first visit we set a first-party cookie named yam_sid — a random UUID with no link to your identity. It scopes the kanji you tap into the SRS deck so your collection survives a refresh without an account. The cookie expires after 12 months of inactivity.

Account data (optional)

If you sign in, we store your Clerk user id and tie your existing anonymous deck rows to it on your next visit. Email, password, OAuth tokens, and verification flows are handled entirely by Clerk, our auth subprocessor — we never see your password and we do not store your email server-side beyond what Clerk returns in the session JWT (id only, no email by default).

Learning activity

We log which articles you read, which kanji you tap, and which translations you reveal so we can prioritise content that helps learners progress. Events are aggregated by anonymous session id; signed-in events also carry your Clerk user id.

Email captures (optional)

If you submit your email to the "Notify me" form on the landing page or the SRS page, we store the address + a free-text variant label so we can send one launch email when reviews ship. We never share the list with third parties.

Network metadata

Our hosting provider Cloudflare receives standard request metadata (IP, user agent, country) for DDoS protection. We do not store raw IP addresses — only a coarse country code passed through the CF-IPCountry header so we can understand where learners come from in aggregate.

Local storage

We store your UI preferences (theme, furigana toggle, hidden JLPT levels) and a deck-claim flag in your browser's localStorage. This data never leaves your device.