Privacy Policy
1. Introduction
Merry Mandarin (“we”, “us”, “our”) is a Chinese-language spaced-repetition learning app available on Android, iOS, and the web. This Privacy Policy explains what personal data we collect, why we collect it, how we protect it, and what rights you have over it.
By using the app or website you agree to the practices described here.
2. Information We Collect
2.1 Account Data
- Email address (via Google Sign-In or email/password registration)
- Display name (from your Google account or set manually in the app)
- Firebase User ID (system-assigned; never shown to other users)
2.2 Learning Data
Stored locally on your device in an encrypted database and optionally backed up to your private cloud storage:
- Spaced-repetition review history (words and sentences reviewed, ratings, timestamps)
- Mastery levels and review intervals for each item
- “Quick unlock” word list (words you have marked as already known)
- Personal decks you create
2.3 Classroom Data classroom users only
If you join or create a classroom:
- Enrollment status in a classroom
- Per-deck progress metrics (cards mastered, total cards, reviews in the last 7 days, last review date) — shared with your classroom teacher
- Assignment submission results
2.4 Crash and Diagnostic Data
Collected automatically only if the app crashes (release builds only):
- Crash stack trace and app version
- Device model, brand, manufacturer, Android SDK version or iOS version
2.5 Microphone and Audio
When you use speech practice or voice search, your audio is recorded and processed entirely on your device using local AI models (Sherpa-ONNX). No audio is ever transmitted to us or any third party.
2.6 Camera and Smart Scan
When you use Smart Scan (OCR), images captured or selected from your photo library are processed entirely on your device by Google ML Kit. No images or recognised text are transmitted to Google or to us.
2.7 Feedback You Submit
You can submit feedback through the in-app drawer at any time. Submitting feedback requires being signed in so we can follow up if needed; it is always optional and the app works fully without it.
When you tap Suggest Missing Word, we collect:
- The Chinese characters you typed
- The English (or other-language) translation you optionally provided
- Your explicit consent (a checkbox) for whether you wish to receive a follow-up email when your suggestion is added to our dictionary — see §4.5 for how that email is sent
When you tap Report a Bug, we collect:
- The description text you write
- An optional category label (e.g. “Crash”, “Audio issue”)
- An optional screenshot you attach from your photo library
To help us reproduce issues and prioritise fixes, both kinds of submission automatically include:
- The same device information described in §2.4 (model, brand, manufacturer, OS version)
- Your app version
- The language/locale your app is set to
- Your email address and display name (so we can email you back, where consented)
Bug-report screenshots are stored in private Cloudflare R2 object storage and are accessible only by us through a private admin dashboard.
2.8 Usage Analytics Events
To help us understand how the app is used and where to invest engineering time, the app sends a small set of usage events:
- App opened
- Drawer feature opened (e.g. Mandarin Match, Smart Scan, Stories, Courses, Games)
- Review session started and completed (with deck card count, duration, and the count of Again/Hard/Good/Easy ratings — never the words themselves)
- Onboarding step completed
Each event is tagged with your Firebase user ID so we can compute aggregate metrics like daily active users. Events contain no learning content, no audio, no images, no personal messages, and no information about which specific words you studied. They are stored in private Cloudflare R2 object storage and are used only by us for aggregated product analytics.
3. How We Use Your Information
| Data | Purpose |
|---|---|
| Email & display name | Account identification and sign-in; optional follow-up email when a missing-word suggestion you submitted is added to the dictionary (only if you opted in) |
| Learning data | Driving the SRS scheduling algorithm; backup and restore |
| Classroom progress | Teacher progress dashboard; assignment results |
| Crash reports | Diagnosing and fixing app crashes |
| Feedback submissions (§2.7) | Reviewing your missing-word suggestions to expand the dictionary; diagnosing bugs you report; replying to you where applicable |
| Usage events (§2.8) | Aggregated product analytics — understanding which features are used so we can prioritise improvements |
We do not sell your data, use it for advertising, or share it with third parties for their own purposes.
4. Third-Party Services
4.1 Google / Firebase
Firebase is our backend platform, operated by Google LLC (USA).
| Service | Purpose | Data sent |
|---|---|---|
| Firebase Authentication | Sign-in | Email, display name, Google ID |
| Cloud Firestore | User profile, classroom data, encrypted backups, feedback submission records (text + metadata, no screenshots) | See §2.1, §2.3, §2.7 |
| Firebase Crashlytics | Crash reporting | See §2.4 |
| Firebase App Check | Anti-abuse — verifies genuine app builds | Device attestation token only |
| Google Sign-In | OAuth login | Email, display name |
Google’s privacy policy: policies.google.com/privacy
4.2 Cloudflare
We use Cloudflare, Inc. (USA) for:
- Delivering encrypted course content. Your Firebase auth token is verified server-side; no content data is retained by Cloudflare beyond standard access logs.
- Storing your review log and quick-unlock snapshot in private Cloudflare R2 object storage (data keyed by your Firebase UID; only you can access it through our server).
- Storing bug-report screenshots you attach (§2.7) in private Cloudflare R2 object storage, accessible only to us through a private admin dashboard.
- Storing the usage analytics events described in §2.8 in private Cloudflare R2 object storage.
Cloudflare’s privacy policy: cloudflare.com/privacypolicy
4.3 Google ML Kit
The Smart Scan (OCR) feature uses Google ML Kit running entirely on your device. No images or recognised text are sent to Google.
4.4 System Text-to-Speech
Word pronunciation on Android uses your device’s built-in TTS engine. Audio is synthesised locally and is not transmitted anywhere.
4.5 Resend (transactional email)
If you opted in when submitting a missing-word suggestion (§2.7), we use Resend, Inc. (USA) to send the follow-up email letting you know your suggestion has been added to the dictionary. Only your email address, your name, and the list of accepted words are sent to Resend for the purpose of delivering that message. We do not use Resend for marketing or for any other communications. If you did not opt in, no data about you is ever sent to Resend.
Resend’s privacy policy: resend.com/legal/privacy-policy
5. Data Storage and Security
- Local data is stored in an AES-256 encrypted SQLite database. The encryption key is held in hardware-backed secure storage (Android Keystore / iOS Secure Enclave).
- Cloud backups are compressed with gzip and encrypted with AES-256-CBC before upload. Only you can decrypt them.
- All network traffic uses HTTPS / TLS.
- Firebase App Check (Play Integrity on Android, App Attest on iOS) ensures only genuine builds of the app can reach our backend.
6. Data Retention
| Data | Retention period |
|---|---|
| Account and profile | Until you delete your account |
| Learning data (local) | Until you uninstall the app or delete your account |
| Cloud backups | 3 most recent backups kept; older ones are auto-deleted |
| Review log / quick-unlock (Cloudflare R2) | Until you delete your account |
| Classroom progress | Until the classroom is deleted by the teacher, or you delete your account |
| Crash reports | Up to 90 days (Firebase Crashlytics default) |
| Feedback submissions (text + screenshots) | Retained for as long as necessary to act on the suggestion or resolve the bug, typically up to 24 months. Upon account deletion the submitter identifiers (email, user ID) are removed; the suggestion text itself may be retained in de-identified form for dictionary curation. |
| Usage analytics events | Up to 90 days, after which the raw event log is deleted; aggregated, non-identifying metrics derived from it (e.g. daily active user counts) may be retained indefinitely |
| Acceptance emails sent via Resend | Delivery logs are retained by Resend according to their own retention policy, typically up to 30 days |
7. Your Rights
GDPR — EU and UK users
You have the right to access your personal data, correct inaccuracies, erase your data (“right to be forgotten”), restrict or object to processing, and receive your data in a portable format. To exercise any of these rights, contact us at the address in §14. You also have the right to lodge a complaint with your local supervisory authority.
CCPA — California users
You have the right to know what personal information is collected about you, request its deletion, and opt out of its sale. We do not sell personal data. To exercise your rights, contact us at the address in §14.
8. Account Deletion
You can delete your account at any time from Settings → Account → Delete Account. Deletion will permanently and irreversibly:
- Delete your Firebase Authentication account
- Delete all data stored in Firestore under your user ID
- Delete your review log and quick-unlock snapshot from Cloudflare R2
- Erase the local encrypted database on your device
- Remove the submitter identifiers (email, user ID) from any feedback submissions you made — see §6 for how the underlying submission text is then handled
- Delete bug-report screenshots you uploaded
- Delete the personal-identifier link on usage analytics events; the events themselves age out per §6
Re-authentication with Google (or email/password) is required before deletion to confirm your identity.
9. International Data Transfers
Your data is stored on Google Cloud (Firebase), Cloudflare, and Resend infrastructure, which may be located outside your country of residence. These providers comply with applicable international data transfer frameworks, including the EU Standard Contractual Clauses and the EU–U.S. Data Privacy Framework where relevant.
10. Children’s Privacy
Merry Mandarin is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via an in-app notice or email. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of the app after changes are posted constitutes your acceptance of the updated policy.
12. Subscriptions and Billing
Merry Mandarin offers optional premium subscriptions on Android and iOS. The following applies when you purchase a subscription:
- Auto-renewal: Subscriptions renew automatically at the end of each billing period unless cancelled at least 24 hours before the renewal date.
- Cancellation: You can cancel at any time through your Google Play account settings (Android) or Apple ID account settings (iOS). Cancellation takes effect at the end of the current billing period; you retain premium access until then.
- Free trial: Where a free trial is offered, you will not be charged until the trial period ends. Cancel before the trial ends to avoid being charged.
- Purchase data: When you subscribe, we store your subscription status (product ID, expiry date, and platform) in your account record in Firestore. This data is deleted when you delete your account.
- Refunds: Refund requests are handled by Google Play or the App Store according to their respective refund policies. We are unable to process refunds directly.
- Web app: The Merry Mandarin web app does not offer in-app purchases or subscriptions. Web users operate under the free-tier usage limits.
- Price changes: If subscription prices change, we will notify you in advance. Continued use after a price change constitutes acceptance of the new price.
13. Language
This Privacy Policy is drafted in English. We may provide translations into other languages for your convenience, but the English-language version is the authoritative original. In the event of any inconsistency, ambiguity, or discrepancy between the English version and any translation, the English version shall prevail and govern your rights and our obligations under this Privacy Policy.
14. Contact Us
For questions or requests regarding your personal data:
Email: support@merrymandarin.com