This English text is a reference translation of the Japanese original. In the event of any discrepancy, the Japanese version prevails.
Knightage ("we," "us," or "our") respects Japan's Act on the Protection of Personal Information (the "APPI"), the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA) of the United States, and other laws applicable to Users regarding the handling of information in the iOS English-learning application "Braino" (the "App"), and will act appropriately in accordance with this Privacy Policy (this "Policy"). This Policy covers the handling of information through the App and the website of the App operated by us (including the contact form; the "Website"), and does not apply to any other site or app that we separately operate.
The controller of information obtained in relation to the App (including where it corresponds to a data controller under the GDPR) is us. For contact details, please see Section 21.
The App has no account-registration mechanism and does not ask Users to enter identifying information such as name, email address, or telephone number in the App (for information entered in the contact form, please see Section 13). This Policy explains, on this premise, the scope of information handled by the App and our handling policy.
The App handles the following information, all of which is stored only within the User's device and is not transmitted to our servers or any other external destination.
| Type of information | Words and phrases, meanings and notes, mastery status (not mastered / mastered), test answer history (date and time of the test and self-reported results), and various setting values saved by the User |
|---|---|
| Storage location | Within the User's device |
| External transmission | None (we do not transmit this data externally through the App's code) |
| Management information stored on the device | Information necessary for managing the operation of the App (such as the status of agreement to the Terms). It is stored only within the device, and we do not collect it. |
We do not obtain, through the App, direct personal identifiers such as name, address, telephone number, or email address. We have also not embedded any proprietary access-analytics tool, crash-report tool, or advertising SDK in the App.
The App's dictionary search, display of example sentences and pronunciation symbols, and read-aloud are all processed within the device using data built into the App and OS functions, and the App does not communicate with any external server for these functions.
In addition, the App communicates with external servers (our Website and the hosting/CDN providers we use) in order to obtain configuration information such as the latest version of the Terms, in-app announcements, and the minimum version required for operation. This communication consists only of technical requests to obtain configuration information, and the User's recorded data is not transmitted. For technical information that may be automatically logged during such communication, please see Section 7.
The data saved by the User in the App, such as words and phrases, meanings and notes, and test history (the "Stored Data"), is stored only within the User's device, and no third party, including us, can view or obtain it. We have no means to access the Stored Data.
Stored Data may be lost due to loss, malfunction, initialization, or replacement of the device, uninstallation of the App, and the like. We assume no responsibility for the storage or backup of Stored Data. We have not implemented iCloud synchronization or any other cloud-synchronization function in the App, and there is no function to synchronize or store Stored Data to our servers or the cloud. If the User uses the iOS device-wide backup function, the handling of that backup is under the control of Apple Inc. ("Apple"), and we are not involved. Whether Stored Data is included in such a backup and whether it can be restored are matters determined by the specifications of iOS and the User's settings, and we do not guarantee them.
The App's dictionary search is executed within the device against the dictionary data built into the App (JMdict/EDICT, Tanaka Corpus / Tatoeba, CMU Pronouncing Dictionary). The search terms entered by the User are not transmitted externally.
The read-aloud function uses the speech-synthesis capability built into iOS and is processed within the device. The text to be read aloud is not transmitted to our servers. OS-level processing relating to the download of iOS voice data and speech synthesis is under Apple's control.
The App is a paid (one-time purchase) app and does not display advertisements. It does not embed any advertising SDK and does not obtain the advertising identifier (IDFA) or track Users. Accordingly, the "Allow Tracking" dialog based on iOS App Tracking Transparency (ATT) is not displayed either.
Purchase and download of the App are made through the App Store operated by Apple. Payment information associated with the purchase procedure (Apple ID, payment information, purchase history, etc.) is obtained and managed by Apple, and we do not obtain such information (such as the User's name or Apple ID).
In addition, if the User has enabled sharing of analytics information with Apple in the iOS settings, Apple may provide developers with app crash information and usage statistics in anonymized form. Whether such information is obtained and shared can be managed by the User in the iOS settings (Privacy & Security > Analytics & Improvements), and its handling is subject to Apple's privacy policy.
When the User browses this Website, the access logs of the hosting/CDN providers we use may automatically record the IP address, date and time of access, and user agent (browser and OS information, etc.). These are automatically recorded by such providers for the purposes of stable operation of the service and prevention of unauthorized access, and we do not use them for the purpose of identifying individuals.
In addition, when the App communicates with external servers to obtain the configuration information described in Section 2 (the latest version of the Terms, in-app announcements, the minimum version required for operation, etc.), the access logs of the hosting/CDN providers we use may automatically record the IP address, date and time of access, and user agent (device, OS, and app version information, etc.). These are automatically recorded by such providers for the purposes of stable operation of the service and prevention of unauthorized access, and we do not use them for the purpose of identifying individuals. Moreover, we ourselves do not store anonymous identifiers (such as UUIDs) or consent history on our servers.
The purposes of use of the information handled in relation to the App and this Website, and (where the GDPR, etc. applies) the legal bases for processing, are as follows:
| Processing activity | On-device storage and display of Stored Data (the core function of the App) |
|---|---|
| Purpose / legal basis | Provision of the Service to the User (performance of a contract / GDPR Article 6(1)(b)). We do not access this data. |
| Processing activity | Recording of access logs relating to browsing of this Website and to App communication (see Section 7) (by the hosting/CDN providers) |
|---|---|
| Purpose / legal basis | Stable operation and security of this Website and the Service (legitimate interests / GDPR Article 6(1)(f)) |
| Processing activity | Responding to inquiries (information entered in the contact form) |
|---|---|
| Purpose / legal basis | Responding to inquiries and to requests to exercise rights (disclosure, correction, deletion, suspension of use, etc.) (legitimate interests or performance of a contract) |
Because we do not obtain the User's Stored Data through the App's code, we do not provide it to third parties. We do not sell the User's personal information to third parties.
Except where required by law, where necessary to protect the life, body, or property of a person, or where the User's consent has been obtained, we do not provide personal data to third parties. The personal data we hold on our servers is limited to information obtained through the contact form and the like.
We do not obtain the User's Stored Data and do not transmit it abroad.
Technical information associated with browsing this Website, and technical information generated when the App communicates to obtain configuration information (in both cases such as the IP address; see Section 7), is processed via the hosting/CDN providers we use. Such providers may have servers around the world, and this technical information may be processed outside Japan. In such cases, the providers handle the information based on appropriate safeguards such as standard contractual clauses (SCCs).
In addition, information transmitted through the contact form on this Website may be processed and stored on Zoho Forms' servers, as described in Section 13. Zoho Corporation has implemented safeguards for international data transfers based on standard contractual clauses (SCCs).
Stored Data and setting values, as well as the management information described in Section 2 (information necessary for managing the operation of the App), are stored within the User's device until the User deletes them within the App or uninstalls the App. Because they are not stored on our servers, we do not set or manage a retention period.
Information provided to us through the contact form is deleted within a reasonable period after the inquiry is resolved (as a guide, up to one year from our reply). However, this does not apply where there is a statutory retention obligation.
The App is a native app and does not use web-browser cookies or similar identifiers.
This Website does not currently use Google Analytics or any other third-party analytics tool. The contact form (Zoho Forms) page may set cookies necessary for Zoho's own functionality. For details, please refer to Zoho's cookie policy. If we introduce a web-analytics tool in the future, we will update this Policy to inform you.
The contact form on this Website uses "Zoho Forms" provided by Zoho Japan Co., Ltd. (the Japanese subsidiary of Zoho Corporation Pvt. Ltd.). When you submit the form, the name, email address, and inquiry content you enter are transmitted to and stored on Zoho's servers.
Submission of the form is voluntary, but if you submit it, entry of the information necessary to respond to the inquiry (your name, email address, and the relevant app) is required. Information obtained through the form is used only for the purpose of responding to inquiries and providing support, and is not used for any other purpose. Zoho Corporation provides a GDPR-compliant Data Processing Addendum (DPA) and has implemented safeguards for international data transfers based on standard contractual clauses (SCCs).
We do not obtain or hold retained personal data through the App that can identify the User. Therefore, if you make a request under the APPI for disclosure, correction, addition, deletion, suspension of use, erasure, or suspension of provision to third parties, we will promptly review and respond within the scope of the data we hold; please note in advance that Stored Data exists only within the User's device and cannot be verified by us. With respect to the name, email address, and the like provided through the contact form, we will respond to requests for disclosure, correction, deletion, suspension of use, and the like within the scope of what we hold.
Deletion of Stored Data can be performed by the User at any time by deleting items within the App or uninstalling the App.
Users residing in the European Economic Area (EEA), the UK, or Switzerland have the following rights with respect to their personal data under applicable data-protection laws:
Because we do not hold the User's Stored Data, the User can directly exercise the rights relating to Stored Data on their own device (deleting items, uninstalling the App, etc.). For other requests or questions, please contact us at the point of contact in Section 21.
We do not carry out automated decision-making, including profiling, that produces legal effects concerning Users.
Where the California Consumer Privacy Act (CCPA/CPRA) applies, Users residing in California have the right to know the categories of personal information collected and the purposes of use, the right to request deletion, the right to request correction, the right to opt out of the "sale" or "sharing" of personal information (provision for cross-context behavioral advertising purposes), and the right not to be discriminated against for exercising these rights.
We do not sell the User's personal information and do not "share" it for cross-context behavioral advertising purposes. The personal information we collect is limited to the information in the contact form voluntarily submitted by the User (corresponding to category (A) identifiers under California law) and the access logs of this Website (corresponding to category (F) internet or other activity information). Even during the 12-month look-back disclosure period defined by the CCPA, we have not collected, sold, or shared any categories of personal information other than the above.
Users to whom other state privacy laws (such as Virginia's VCDPA or Colorado's CPA) apply may also have similar rights under those laws. Requests to exercise rights should be directed to the point of contact in Section 21. We do not discriminatorily change the contents of the service on the ground of exercise of rights.
Stored Data is stored within the User's device under the standard security mechanisms of iOS (device encryption, app sandboxing, etc.). In developing and maintaining the App, our basic policy is not to obtain or retain unnecessary information (data minimization) and to follow the OS's standard recommendations. However, we cannot assume responsibility for risks arising from factors beyond our control, such as loss or theft of the device itself or vulnerabilities in the OS. We recommend making use of device-side security functions, such as setting a device passcode.
Information transmitted through the contact form is subject to appropriate technical and organizational security measures by Zoho Japan Co., Ltd. However, no method of transmission over the internet can be guaranteed to be 100% secure.
The App is not intended for use by children under the age of 13 (in the EU, EEA, and the UK, persons under the digital-consent age set by the GDPR—generally 16, or 13 to 16 depending on national implementing law; and persons under a higher reference age set by the laws of your country or region of residence), and we do not intentionally collect personal information from such children. If we become aware that personal information of a child under the applicable age has been collected, we will promptly take appropriate measures such as deletion. Guardians who believe their child may be using the App should contact us at the point of contact in Section 21. Because Stored Data is stored only within the child's device, if you contact us, we will respond by deleting information we hold (such as inquiry information) and will guide you on how to delete the on-device data (such as by uninstalling the App).
We may add or change features in the future. If the addition or change of features results in a change to the types or scope of information handled, we may revise this Policy and inform you on this Website. In particular, where a material change to the handling of information occurs, such as synchronizing Stored Data with a server outside the device, we will revise this Policy at that time, separately explain such handling, and obtain the User's consent where required by law.
We may change the contents of this Policy due to amendments to laws, the addition or change of features of the App, or other circumstances. Where we make a material change, we may inform you through an announcement on this Website or the like. The revised Policy takes effect from the time it is posted on this Website. For changes that require the User's consent under the law, we will obtain consent by a method we designate.
For questions regarding this Policy, requests for disclosure and the like, requests to exercise rights, and other inquiries regarding the handling of personal information, please contact us through the contact form below. We may ask for additional information for the purpose of identity verification and the like. Our supported language is Japanese only. For statutory requests to exercise rights, we will respond within the period prescribed by applicable law. For other general inquiries, we will respond according to their content, but we do not guarantee a response to all inquiries.
If you are not satisfied with our response regarding the handling of personal information, you may also consult Japan's Personal Information Protection Commission or (for residents of the EEA and the UK) the data-protection supervisory authority of your country.
Established: July 11, 2026