# Privacy Policy & Legal Notice — Changelog This log tracks material changes to the Privacy Policy, Terms of Use, and related notices at https://mastermindjapanese.com/legal. ## v1.0 — 2026-04-18 (effective) Initial versioned release of the Privacy Policy & Legal Notice. Notable content posture: - **Operator identity**: Jason Kobayashi, Tokyo, Japan (natural person; JP corporate entity planned). Full postal address on request. - **Data controller contact**: single privacy-contact email reserved for formal data-protection requests required by law. - **Lawful bases (GDPR)**: performance of contract (account + study features); legitimate interest (security logs); consent (product-update emails, withdrawable in Settings). - **Processors**: Render (US, API hosting), Supabase (US, PostgreSQL), Google (US, optional Sign-In/One Tap — controller-to-controller share), Resend (transactional + opt-in product-update email). - **Cross-border transfers**: disclosed. Formal GDPR Chapter V transfer memo + APPI Art. 28 memo are tracked as post-beta follow-ups in the internal compliance plan. - **Retention**: logs per Render plan tier (7–30 days); DB backups per Supabase plan tier; email subscriptions while opted in with separate consent-audit record. - **Age clause**: general-audience service, not directed to children under 13; teen learners welcome with parental awareness; under 13 requires parental consent. - **Liability / governing law**: `$0` cap during free beta, cap tied to "amount paid in preceding 12 months" at monetization; Japanese law default with mandatory consumer-protection rights preserved for EU/UK/JP/other jurisdictions that provide them. - **Attributions**: KanjiVG (CC BY-SA 3.0, adapted bundle also released under CC BY-SA 3.0 ShareAlike), AivisSpeech Engine (LGPL-3.0, used offline only, not redistributed), にせ voice model (ACML 1.0, used offline, not redistributed), with no-endorsement disclaimers on both KanjiVG and Aivis. - **Support**: general questions will route to an in-app support form (planned). The privacy-contact email is reserved for formal privacy requests until that form ships. ## Upcoming Changes that will trigger a new version + effective-date entry: - Incorporation of a Japanese company → controller identity update (personal → company) - First real paid customer → liability cap tied to actual paid amount, 特定商取引法 page added - First serious EU user growth → EU representative appointment + named - Any vendor swap, addition, or removal affecting cross-border processing - Any expansion of OAuth scopes beyond `openid profile email` --- For the currently effective policy text, see https://mastermindjapanese.com/legal.