Open Menu
eevy Logo
Sign in Join

Filters

Settings

Choose a color theme for the interface

Adjust the text size throughout the application

Control the spacing and padding of interface elements

Account

Your unique username cannot be changed

Email

Email is managed through your .

Profile Settings

Privacy Policy

Effective Date: October 30, 2025

1. Introduction

Welcome to eevy ("we", "us", "our"), a Japanese language learning tool. This Privacy Policy outlines how we collect, use, and protect your personal information when you use our web application (the "Service").

We are committed to protecting your privacy. We do not use any third-party analytics, tracking, or marketing services.

2. Information We Collect

  • Account Information: When you create an account, we collect your email address, username, password (securely hashed), and display name. If you sign in with Google or Apple, we also receive and store your profile picture URL from those providers (Google only - Apple does not provide profile pictures).
  • Marketing Preferences: During registration, you may opt-in to receive educational content, feature announcements, and other marketing communications from eevy via email. This preference is stored with your account and can be updated at any time in your account settings.
  • Login History and Authentication Tracking: For security purposes, we maintain a login audit log that records: the date and time of each login attempt, the authentication method used (email/password, Google Sign-In, Apple Sign-In), your IP address, your browser's user agent string, and whether the login attempt succeeded or failed. This data is used to detect unauthorized access attempts, prevent account takeover, and investigate security incidents.
  • User Preferences: For logged-in users, we store your user-configurable preferences (like your preferred theme) in our database as part of your account.
  • Usage Data: We may collect pseudonymous information about how you interact with our Service, such as the features you use and the time you spend on the site. This data is not linked to your personal email address and is used only to understand user behavior and improve our Service.
  • Cookies and Local Storage: We use cookies and local browser storage for essential functions like user authentication and session management. For users who are not logged in, we may use a cookie to remember preferences, subject to your consent. For more details, please see our Cookie Policy.
  • Security and Anti-Spam Information: When you submit forms on our Service (such as our contact form or registration), we use Cloudflare Turnstile to verify that you are a human user and not an automated bot. This process may temporarily process your IP address and browser characteristics. Turnstile tokens are single-use and expire after 5 minutes. This data is processed by Cloudflare and is subject to Cloudflare's Privacy Policy.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service.
  • Personalize your experience by remembering your settings.
  • Communicate with you about your account or our services (e.g., email verification, password resets).
  • Send marketing emails and feature announcements (only if you opted in during registration or in your account preferences).
  • Ensure the security and integrity of our Service.
  • Detect and prevent unauthorized access and account takeover attempts.
  • Investigate security incidents and suspicious account activity.
  • Maintain an audit trail for account security purposes.
  • Protect against spam, abuse, and automated attacks through anti-bot verification.

4. Our Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal information on the following legal bases:

  • Performance of a Contract: When you create an account, we process your Account Information and User Preferences to provide the Service you requested, as outlined in our Terms of Service.
  • Legitimate Interest: We process pseudonymous Usage Data to understand how our service is used, to improve it, and to ensure its security. We also process Security and Anti-Spam Information through Cloudflare Turnstile to protect our Service and users from spam, abuse, and automated attacks. This processing is necessary for our legitimate interest in maintaining the security and integrity of our Service.
  • Consent: For any non-essential cookies (as detailed in our Cookie Policy), we will process your data based on your explicit, opt-in consent.

5. Information Sharing

We do not sell, share, trade, or otherwise transfer your personal information to any third parties for marketing, advertising, or analytics purposes.

We only disclose your information to the essential service providers (Data Processors) who assist us in operating our Service, including:

  • Web hosting and database providers: For storing and serving our Service.

  • Cloudflare: For security services including Turnstile anti-bot verification. Cloudflare processes verification data (IP address, browser characteristics) solely for the purpose of distinguishing human users from automated bots. This data is not used for tracking or advertising.

  • Resend: For sending transactional and marketing emails (account verification codes, welcome emails, password resets, and optional marketing communications if you opted in). When you register or request verification, Resend receives your email address and temporarily processes the verification code to deliver the email. Verification codes expire after 15 minutes and are not stored by Resend. Resend's privacy practices are governed by their Privacy Policy.

  • Google and Apple (OAuth Providers): When you sign in using Google or Apple Sign-In, we receive your profile information directly from those providers:

    • Google: We receive your email address, name, and profile picture from Google. The profile picture URL is stored in our database to display your avatar.
    • Apple: We receive your email address and name from Apple. Apple does not provide profile pictures.

    Google and Apple act as identity providers in this context. Their use of your data is governed by their respective privacy policies: Google's Privacy Policy and Apple's Privacy Policy.

These parties are contractually bound to keep this information confidential and are prohibited from using it for any purpose other than providing these essential services to us.

6. Data Security

We implement a variety of security measures to maintain the safety of your personal information when you create an account, enter, submit, or access your information.

7. Data Retention

We retain your Account Information for as long as your account is active. If you delete your account, we will permanently delete your personal information within 30 days. We may retain fully anonymized, aggregated Usage Data indefinitely.

Login History: Login history records (including IP addresses, user agents, and timestamps) are retained for a maximum of 30 days, with most records typically retained for 14 days. All login history is automatically deleted when your account is deleted.

Session Tokens: Access tokens expire after 15 minutes. Refresh tokens expire after 30 days or when explicitly revoked (e.g., when you log out). Expired tokens are periodically cleaned from our database.

Turnstile verification data (IP addresses and browser characteristics) is processed in real-time by Cloudflare and is not stored by us. Turnstile tokens expire after 5 minutes and are single-use only.

8. International Data Transfers

eevy is operated in the United States. If you are located outside of the U.S. (such as in the EU or UK), please be aware that your information will be transferred to, stored, and processed in the United States. We rely on Standard Contractual Clauses as the legal mechanism for such transfers to ensure your data is adequately protected.

9. Your Data Protection Rights (GDPR & CCPA)

You have specific rights regarding your personal information.

  • Right to Access: You have the right to request a copy of the personal information we hold about you.
  • Right to Rectification: You have the right to request the correction of inaccurate personal information.
  • Right to Erasure (Deletion): You have the right to request the deletion of your personal information.
  • Right to Object/Restrict Processing: You have the right to object to or request the restriction of our processing of your personal information.
  • Right to Data Portability: You have the right to request a copy of your personal data in a common, machine-readable format.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

Your California Privacy Rights (CCPA)

We do not "sell" or "share" your personal information as defined by the CCPA. California residents have the right to:

  • Know, Access, Correct, and Delete their information, as described above.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise any of these rights, please contact us.

10. Changes to this Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Any changes will be posted on this page, and the "Effective Date" at the top of the policy will be updated. We encourage you to check this page regularly for updates.

11. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us with our Online Contact Form.
eevy looking curious

Collection limit reached

Free includes 5 owned collections.

Unlock unlimited with Pro — or remove one you've outgrown to make room.

See Pro Manage collections

Help

Help content not available.

Share