P

Privacy Policy

Last updated: 2026-05-03

Data We Collect

Practicehanzi collects the minimum data necessary to provide our service: your email address, authentication credentials, learning preferences (HSK level, primary device, interface language), and study progress (SRS card states, review history, writing sessions, lists, gift code redemptions).

How We Use Your Data

Your data is used solely to power your learning experience: scheduling reviews, tracking progress, personalising content, and processing your subscription. We do not sell your personal data. We do share narrowly with the processors listed below.

Payments & Subscription Data

Payments are processed by Stripe, Inc. (United States). When you start a Premium trial, subscribe, or buy Lifetime, Stripe receives the data needed to charge your card and produce an invoice (email, billing address, IP, payment method). We receive a customer ID, subscription status, period dates, and price ID — never your full card number.

Stripe's privacy notice: stripe.com/privacy. We retain Stripe-derived metadata for as long as your account exists plus 7 years for tax compliance, then delete.

Email & Transactional Communications

Authentication, password reset, invite, and trial-end emails are sent via 02switch SMTP (France). We do not send marketing emails. You cannot opt out of transactional emails while your account is active.

Speech & Pronunciation

Audio playback uses Microsoft Azure Cognitive Services. When you use pronunciation scoring, your microphone audio is sent to Azure for assessment and not retained server-side once the response is returned. OCR for image-to-text runs entirely on your device via Tesseract.js — no images leave your browser.

Data Storage & Hosting

Your data is stored in our self-hosted Supabase (PostgreSQL) instance on a VPS in France with row-level security policies ensuring data isolation between users. Daily encrypted backups are retained for 14 days. Pre-migration snapshots are pinned indefinitely.

Your Rights

EU/UK/Swiss residents: you have rights of access, rectification, erasure, portability, restriction, and objection under GDPR. California residents: similar rights under CCPA. Email privacy@practicehanzi.com to exercise. Account deletion via Settings → Danger Zone wipes every row you own (cascade through lists, reviews, subscriptions, gifts, audit log).

Children

Practicehanzi is not directed at children under 13. We do not knowingly collect data from minors under 13.

Changes

Material changes will be announced via email at least 7 days before they take effect.

Contact

Privacy questions: privacy@practicehanzi.com. Operator: Bram Agency (France).