Privacy Policy
Last updated: April 4, 2026
This Privacy Policy describes how Timur Zadvornov (“we”, “us”, or “our”) collects, uses, and handles your information when you use the Yuki mobile application (“App”).
1. Who We Are
Developer: Timur Zadvornov
Country: United Arab Emirates
Contact: [email protected]
For any privacy-related questions or requests, please contact us at the email above.
2. Information We Collect
2.1 Account Information
When you register, Supabase Auth processes your authentication credentials (email and password, or via Google Sign-In). We store only a unique user identifier (UUID) linked to your account — we do not store passwords directly.
2.2 Profile Data
- Your target language and native language
- Your language proficiency level (A1–C2)
- Your learning settings (e.g., daily new and review card limits)
2.3 Learning Content
- Flashcard decks and cards you create
- Card review history and SRS (spaced repetition) progress data
- Video URLs and raw text you submit for vocabulary extraction
- Vocabulary extraction job metadata (status, timestamps)
Note: When you submit a video URL, we fetch the subtitles externally to extract vocabulary — the full subtitle text is not persisted, only the resulting flashcard suggestions. When you submit raw text, it is stored temporarily as part of the extraction job and deleted along with the job history (see Data Retention).
2.4 Usage Analytics
We use PostHog to collect anonymized usage analytics, including screen views, feature usage, and interaction events. This helps us improve the App. PostHog data is processed in accordance with PostHog’s Privacy Policy.
2.5 Crash Reports
We use Sentry for crash reporting and error monitoring. When the App crashes or encounters an error, diagnostic information (device type, OS version, app version, stack trace) is sent to Sentry. No personal content (cards, text inputs) is included in crash reports. Sentry data is processed in accordance with Sentry’s Privacy Policy.
2.6 Local Storage
The App stores your preferences locally on your device (e.g., theme mode, interface language). This data is not transmitted to our servers.
2.7 Device Information
Standard technical information may be collected automatically: device type, operating system version, app version, and language settings.
3. How We Use Your Information
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and operate the App | Performance of a contract |
| Authenticate your account | Performance of a contract |
| Generate flashcard suggestions via AI | Performance of a contract |
| Store your learning progress | Performance of a contract |
| Improve App features and fix bugs | Legitimate interests |
| Analyze usage patterns (PostHog) | Legitimate interests |
| Monitor errors and crashes (Sentry) | Legitimate interests |
| Comply with legal obligations | Legal obligation |
4. Third-Party Services
We share data with the following third-party services to operate the App:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication | Email address, authentication tokens |
| OAuth authentication (Google Sign-In) | Google account info (email, name) used to authenticate | |
| Anthropic | AI vocabulary extraction | Video subtitles / raw text submitted by you |
| PostHog | Usage analytics | Anonymized usage events |
| Sentry | Error monitoring | Crash diagnostics, device info |
We do not sell your personal data to third parties.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account and profile data | Until account deletion + 30 days |
| Flashcard decks and cards | Until account deletion + 30 days |
| SRS progress data | Until account deletion + 30 days |
| Extraction job history | 90 days from creation |
| Analytics data (PostHog) | Per PostHog’s retention policy |
| Crash reports (Sentry) | Per Sentry’s retention policy |
After account deletion, your data is deactivated immediately (you cannot log in or access it), and permanently deleted within 30 days.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you
- Correction — request correction of inaccurate data
- Erasure — request deletion of your data (“right to be forgotten”)
- Portability — request your data in a portable format
- Objection — object to processing based on legitimate interests
- Restriction — request we limit processing of your data
California residents (CCPA): You have the right to know what personal information is collected, to delete it, and to opt out of its sale (we do not sell personal information).
EU/EEA residents (GDPR): You have the right to lodge a complaint with your local data protection authority.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
7. Account Deletion
You can delete your account from within the App (Settings → Delete Account). Upon deletion:
- Your account is immediately deactivated — you will not be able to log in or access your data.
- All personal data (profile, decks, cards, progress) is permanently deleted within 30 days.
- You may re-register with the same email address, but no previous data will be restored.
8. Data Security
We take reasonable technical and organizational measures to protect your data:
- All data is transmitted over encrypted connections (TLS/HTTPS and gRPC with TLS)
- Authentication tokens are validated using industry-standard JWT/JWKS
- Access to production systems is restricted to authorized personnel
No method of transmission or storage is 100% secure. If you believe your data has been compromised, contact us immediately at [email protected].
9. Children’s Privacy
The App is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided personal information, we will delete it promptly.
10. International Data Transfers
Your data may be processed and stored outside your country of residence, including in the United States and other countries where our service providers operate. By using the App, you consent to this transfer. We ensure appropriate safeguards are in place (such as standard contractual clauses) where required.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top. For significant changes, we will notify you through the App or via email. Continued use of the App after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:
Timur Zadvornov
Email: [email protected]