DAYWIKAUnder U.S. Law

Privacy Policy

v1.2 | Effective: February 25, 2026

Exydos ("Company," "we," "us," or "our") provides this Privacy Policy to describe how we collect, use, disclose, and otherwise process personal information in connection with our multilingual language learning application Daywika (the "Service"), and to explain the rights and choices available to individuals with respect to their personal information.

1. Information We Collect

1-1. Information You Provide

Category Specific Data Source Purpose
Account Information Email address, name (nickname), profile picture URL Google/Apple social login Account creation, authentication
Login Method Google or Apple identifier Automatically recorded at login Authentication processing
Device Platform iOS or Android Automatically detected Service compatibility
Country Code App Store / Play Store region App Store / Play Store Region identification
Age Verification (is_adult) Whether user is 14 or older (boolean only; date of birth is not stored) User input at registration Age restriction compliance

1-2. Information Collected Automatically

Category Specific Data Purpose
Device Information OS version, device model, screen resolution, app version Service compatibility, usage analytics
Learning Data Vocabulary lists, quiz records, review schedules, memorization status, correct/incorrect history, level test results Core service delivery
Character Learning Progress Completed stages, current position, challenge mode records Learning continuity
Learning Statistics Streak count, experience points (XP), daily completion status, session records Growth analysis
Learning Settings Daily learning volume, learning mode, notification settings Personalization
Subscription Status Free/paid tier, store type Premium feature access
Error Logs Error content, email, nickname (only upon error occurrence) App stability improvement
IP Address Automatically collected upon server connection Security, access log recording

1-3. Automatic Collection of IP Addresses

We automatically collect your IP address when you access our Service. IP addresses are used for approximate geolocation, security monitoring, access log recording, and analytics purposes. We do not use IP addresses to determine precise geolocation.

1-4. Information We Do NOT Collect

We do not collect: location data (GPS), contacts, photos, camera access, or passwords.

Advertising Identifiers (IDFA/GAID): We collect advertising identifiers only with your explicit consent through iOS App Tracking Transparency (ATT) or equivalent Android mechanisms. See Section 9 for details. We never collect advertising identifiers from users under 14.

1-5. Information Collected During Customer Support

Email correspondence to [email protected] may result in collection of your email address and support content (including text and images).

2. How We Use Your Information

We use personal information for the following purposes:

  1. Account Management: Identity verification, fraud prevention, account administration
  2. Service Delivery: Language learning features, data synchronization, AI-powered learning optimization
  3. Paid Services: Subscription status verification, premium feature access, payment/refund processing
  4. Service Improvement: Error detection and stability, usage analytics, new feature development
  5. Notifications: Push notifications including learning reminders and streak maintenance alerts
  6. Advertising Performance Measurement: Analysis of user acquisition channels and measurement of advertising effectiveness through advertising platforms

3. How We Share Your Information

We do not sell your personal information. We share personal information only in the following circumstances:

3-1. Service Providers

Provider Location Data Shared Purpose
Supabase, Inc. United States Account information, all learning data Cloud data sync and backup
Functional Software, Inc. (Sentry) United States Error content, email, nickname App error monitoring
RevenueCat, Inc. United States Subscription status, payment platform Subscription management
Amplitude, Inc. United States Usage event data, device information, advertising identifiers (ATT consent only), IP address App usage analytics and ad attribution measurement
Google LLC (Google Ads) United States Advertising identifiers (ATT consent only), app install/conversion events Ad attribution measurement
PowerSync (JourneyApps) United States Learning data (for offline sync) Offline-first data synchronization

We contractually require all service providers to process personal information only for the specified purposes, implement technical and administrative safeguards, restrict re-delegation, and accept liability for any breach of these obligations.

3-2. Authentication Partners

Provider Data Shared Purpose
Google LLC Email, name, profile picture Social login authentication
Apple Inc. Email, name, profile picture Social login authentication

3-3. Other Disclosures

We may also disclose personal information when required by law, to protect our rights or safety, or in connection with a merger, acquisition, or sale of assets.

4. Data Retention

We retain personal information for the periods described below, after which data is deleted or anonymized. Retention periods vary by data category to reflect differing legal requirements and business purposes.

Data Category Retention Period Basis
Account Information (email, name, profile) Retained while account is active + 1 year after account deletion Service agreement; post-deletion period for account recovery and fraud prevention
Learning Data (vocabulary, quiz records, progress, statistics) Retained while account is active; deleted upon account deletion Core service delivery
Analytics Data (Amplitude) 12 months from collection Amplitude default retention policy; service improvement
Error Logs (Sentry) 90 days from collection App stability monitoring
Subscription/Payment Records 5 years after subscription end Tax law compliance and financial record-keeping requirements
Advertising Identifiers (IDFA/GAID) 12 months (via Amplitude) Advertising attribution measurement; Amplitude retention policy
Customer Support Records 1 year after resolution of inquiry Service quality and dispute resolution

5. Data Deletion

When you delete your account (via Settings > Account Management > Delete Account):

  • Supabase: All account and learning data deleted
  • RevenueCat: Anonymized (subscription itself managed by Apple/Google)
  • Device: Local database, internal storage, and authentication tokens all deleted
  • Sentry: Automatically deleted within 90 days (immediate deletion not possible)

Electronic records are permanently deleted in a manner that prevents recovery or reconstruction.

6. AI-Powered Automated Processing

Our Service uses the following automated systems to enhance your learning experience:

System Function Description
AI Operations System Daily learning volume adjustment Analyzes learning history and workload to calculate optimal daily volume
AI Operations System Review ratio optimization Automatically balances new learning and review
FSRS Algorithm Review schedule calculation Determines optimal review timing based on memory strength
MMR System Adaptive difficulty adjustment Adjusts quiz difficulty based on accuracy and response patterns
AI Operations System Learning mode recommendation Recommends optimal learning modes based on user context

You may disable automated learning optimization in Settings > Learning Settings and switch to manual configuration at any time. Disabling automated features will not restrict your access to the Service, though learning optimization effectiveness may be reduced.

If you wish to raise an objection regarding automated processing, contact [email protected]. We will review your objection within 15 days.

7. Children's Privacy (COPPA Compliance)

Our Service is not directed to children under 13 (as defined by the Children's Online Privacy Protection Act, "COPPA") or under 14 (as required by Korean law, the Personal Information Protection Act). We apply the more restrictive age limit of 14 to all users worldwide. We do not knowingly collect personal information from children under 13 in compliance with COPPA, or under 14 in compliance with Korean law.

7-1. Age Verification

During registration, users are required to enter their date of birth. We use this solely to determine whether the user is 14 or older (is_adult flag). The date of birth itself is not stored on our servers. This threshold exceeds the COPPA requirement of age 13, providing additional protection for minors aged 13.

7-2. Multi-Layered Protection for Minors

If a user is determined to be under 14, the following measures are applied:

  1. Registration Blocked: The registration screen displays an age restriction notice and halts the sign-up process.
  2. Data Anonymization: If any data is inadvertently generated, it is anonymized.
  3. Analytics Exclusion: The user is excluded from Amplitude analytics tracking.
  4. No Ad Identifier Collection: The ATT consent prompt is not displayed, and no advertising identifiers are collected.
  5. Payment Blocking: Access to in-app purchases (subscriptions) is blocked.

7-3. Post-Discovery Response

If we become aware that we have collected personal information from a child under 13 (COPPA) or under 14 (Korean law) without proper verification, we will promptly delete that information and the associated account. If you believe a child under 13 or under 14 has provided us with personal information, please contact us at [email protected].

8. Your Privacy Rights

8-1. Rights for All Users

All users may:

  • Access their personal information via Settings > Account Management
  • Request correction of inaccurate information
  • Delete their account and all associated data
  • Object to automated processing (see Section 6)
  • Contact us at [email protected] for any privacy-related request
  • Request a portable copy of their personal information

We will respond to all privacy requests within 10 business days.

While a correction or deletion request is being processed, we will suspend use of the relevant personal information until the request is resolved.

8-2. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act, "CPRA"):

  • Right to Know: You may request the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information.
  • Right to Correct: You have the right to request correction of inaccurate personal information that we maintain about you.
  • Right to Opt-Out of Sale/Sharing: See Section 8-3 ("Do Not Sell or Share My Personal Information") below.
  • Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined under the CPRA (see Section 8-5).
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

Categories of Personal Information Collected (Past 12 Months)

The following table describes the categories of personal information we have collected within the preceding twelve (12) months, mapped to the statutory categories defined by the CCPA (Cal. Civ. Code § 1798.140(v)):

CCPA Statutory Category Specific Data Elements Collected Source Business Purpose Shared for Cross-Context Behavioral Advertising Sold
A. Identifiers Name (nickname), email address, device identifiers (device model, OS version), IP address, advertising identifiers (IDFA/GAID, with consent only) User-provided (social login); automatically collected Account management, authentication, analytics, security Advertising identifiers may be shared with Amplitude and Google Ads (see Section 8-3) No
B. Personal Information (Cal. Civ. Code § 1798.80(e)) Name, email address User-provided (social login) Account management No No
F. Internet or Other Electronic Network Activity App usage data, learning interaction history, session data, browsing/search activity within the app, error logs, app version Automatically collected Service delivery, service improvement, error monitoring Usage event data shared with Amplitude (see Section 8-3) No
G. Geolocation Data Approximate location derived from IP address; country code from App Store/Play Store region Automatically collected Region identification, security, analytics No No
K. Commercial Information Subscription status (free/paid), store type (App Store/Play Store), purchase history Automatically collected via RevenueCat Subscription management, premium feature access No No
L. Inferences Learning patterns, vocabulary proficiency levels, memory strength scores, optimal review timing, adaptive difficulty levels Derived from learning data via FSRS algorithm and AI systems Learning optimization, personalized review scheduling No No
  • Categories Sold (Past 12 Months): None. We do not sell personal information.
  • Categories Disclosed for a Business Purpose (Past 12 Months): Identifiers and internet/electronic network activity data (disclosed to service providers listed in Section 3 for the business purposes described therein).

To exercise your CCPA/CPRA rights, contact [email protected]. We will verify your identity and respond within 45 days. If we require additional time, we will inform you of the reason and extension period in writing, not to exceed an additional 45 days.

8-3. Do Not Sell or Share My Personal Information

We do not "sell" personal information as defined under the CCPA.

However, our use of certain analytics and advertising services may constitute "sharing" of personal information under the CCPA for purposes of cross-context behavioral advertising. Specifically:

  • Amplitude, Inc. receives usage event data, device information, and advertising identifiers (when ATT consent is granted) for analytics and ad attribution measurement purposes.
  • Google LLC (Google Ads) receives advertising identifiers (when ATT consent is granted) and app install/conversion events for ad attribution measurement. Google Ads is not acting as a CCPA "service provider" with respect to its use of data for behavioral advertising purposes.

These disclosures may constitute "sharing" under the CCPA because they involve the transfer of personal information (specifically, advertising identifiers and associated usage data) to third parties for cross-context behavioral advertising or advertising measurement purposes.

How to Opt Out of Sharing:

  1. Withdraw ATT Consent: On iOS, go to Settings > Privacy & Security > Tracking and disable tracking for Daywika. On Android, go to Settings > Security & Privacy > Ads > Delete advertising ID.
  2. Email Request: Contact [email protected] with the subject line "Do Not Share My Personal Information."
  3. In-App Settings: When available, use in-app privacy settings to opt out.
  4. Global Privacy Control (GPC): See Section 8-4 below.

When you opt out, we will cease sharing your advertising identifiers with Amplitude and Google Ads for cross-context behavioral advertising purposes. Anonymized, non-identifying usage data will continue to be collected for service improvement.

8-4. Global Privacy Control (GPC)

We recognize the Global Privacy Control (GPC) signal as a valid opt-out of sharing request pursuant to the CCPA and applicable state privacy laws. When we detect a GPC signal from your browser or device, we will treat it as a request to opt out of the "sharing" of your personal information as described in Section 8-3.

GPC recognition is required under the CCPA and has been mandated by twelve or more U.S. states as of January 1, 2026. For more information about GPC, visit https://globalprivacycontrol.org.

8-5. Sensitive Personal Information (CPRA)

We do not collect sensitive personal information as defined under the CPRA (Cal. Civ. Code § 1798.140(ae)), including but not limited to: Social Security numbers, driver's license or state identification numbers, financial account information (account log-in combined with access codes or passwords), precise geolocation, racial or ethnic origin, religious or philosophical beliefs, union membership, genetic data, biometric information for identification purposes, health information, information concerning sex life or sexual orientation, or the contents of mail, email, or text messages (other than communications directed to us).

8-6. Other U.S. State Privacy Laws

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and other states with comprehensive privacy laws may have similar rights, including but not limited to the right to access, correct, delete, and obtain a copy of personal data, as well as the right to opt out of targeted advertising, the sale of personal data, and profiling. We honor all applicable state privacy law requests.

Right to Appeal: If we deny your privacy request in whole or in part, you have the right to appeal our decision. To appeal, contact us at [email protected] with "Privacy Appeal" in the subject line. We will acknowledge your appeal and respond with a written decision within 60 days of receipt. If we deny your appeal, we will provide you with information on how to contact your state's attorney general to submit a complaint.

Contact [email protected] to exercise your rights under any applicable state privacy law.

9. Cookies and Tracking Technologies

9-1. Cookies

The Daywika app does not use cookies. Our external website (policy pages, etc.) may use essential functional cookies only. You may refuse cookie storage through your web browser settings.

9-2. Advertising Identifiers (IDFA/GAID)

We collect advertising identifiers only with your explicit, informed consent through Apple's App Tracking Transparency (ATT) framework or equivalent Android mechanisms.

  1. Collection Method: Collected via the Amplitude SDK and used for ad attribution measurement (Google Ads).
  2. If You Do Not Consent: No advertising identifiers are collected. Declining consent does not affect your ability to use any features of the Service. However, anonymized app usage data (without advertising identifiers) will continue to be collected through Amplitude.
  3. Minors (Under 14): The ATT consent prompt is never displayed to users under 14, and no advertising identifiers are collected. These users are also excluded from Amplitude analytics.
  4. Withdrawing Consent: You may withdraw consent at any time via iOS Settings > Privacy & Security > Tracking, or through in-app settings. On Android, go to Settings > Security & Privacy > Ads > Delete advertising ID.

Advertising identifiers are used solely for ad attribution measurement through advertising platforms (such as Google Ads). We do not use them for targeted advertising or share them with third-party advertising networks.

10. Security

We implement the following measures to protect your information:

  1. Encryption in Transit: All data transmissions use HTTPS (TLS) encryption.
  2. Server Security: Supabase managed security (TLS) with access controls.
  3. Device Security: iOS sandbox and Android app isolation (OS-level protection).
  4. Authentication Security: JWT token-based session management; no direct password storage.
  5. Access Control: Personal information access restricted to minimum necessary personnel.

11. Data Breach Notification

In the event of a data breach that compromises the security of your personal information, we will:

  1. Notify affected individuals in accordance with applicable state breach notification laws (including but not limited to California Civil Code §1798.82), providing details of the breach, the types of information involved, and steps individuals can take to protect themselves.
  2. Notify relevant authorities as required by applicable law.
  3. Timing: Notifications will be made without unreasonable delay, and in no event later than the timeframes required by applicable state laws.

12. Do Not Track and Online Tracking Disclosure (CalOPPA)

As required by the California Online Privacy Protection Act (CalOPPA), we disclose the following regarding online tracking:

Do Not Track (DNT) Signals: Our Service does not currently respond to "Do Not Track" browser signals. There is no industry consensus on how to interpret DNT signals, and we do not alter our data collection or use practices upon receiving a DNT signal.

Global Privacy Control (GPC) Signals: However, we do honor Global Privacy Control (GPC) signals as described in Section 8-4 above. When we detect a GPC signal, we treat it as a valid opt-out request under the CCPA and applicable state privacy laws.

Third-Party Tracking: As described in Sections 3 and 8-3, certain third-party services (Amplitude and Google Ads) may receive advertising identifiers and usage data when you have granted ATT consent. This may constitute online tracking for advertising measurement purposes. You may opt out of this tracking as described in Section 8-3.

13. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices:

  • Name: Kim Doil
  • Title: CEO / Privacy Officer
  • Address: 105 Wausan-ro, 5F 174-A, Mapo-gu, Seoul, Republic of Korea
  • Phone: +82-10-8237-3410
  • Email: [email protected]
  • Customer Support Team: [email protected]

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes at least 7 days before the effective date via in-app notification or email. Changes that significantly affect your rights will be communicated at least 30 days in advance.

Change Log

Version Effective Date Summary of Changes
v1.0 February 23, 2026 Initial version
v1.2 February 25, 2026 Age verification method changed (date of birth input → is_adult only), advertising identifiers now ATT consent-based, multi-layered child protection added, service providers added (Amplitude, Google Ads, PowerSync), COPPA compliance enhanced, contact information updated