Skip to main content
TOMO

Legal

Privacy Policy

This policy explains what Tomo collects, why, and the choices you have. Tomo (“we”, “us”) is a spaced-repetition app built for Japanese learners.

Last updated May 25, 2026

Information we collect

We collect the following, most of it created by your own use of Tomo:

  • Account information: the email address you sign up with and the identifiers managed by our authentication provider. If you sign in through a third-party provider, the basic profile details they share with us.
  • Learning data: the cards you create or copy, your reviews, ratings, schedule and FSRS state, your study goal and target level, and the weak-spot diagnostics Tomo derives from your reviews.
  • Content you submit: the words and text you enter for card, sentence, and mnemonic generation.
  • Technical and usage data: device and browser type, IP address, and log, diagnostic, and basic feature-usage data needed to keep the service running, secure, and improving.

Cookies and local storage

Tomo uses cookies and local storage only to provide the service, not to advertise or track you across other sites:

  • Strictly necessary cookies set by our authentication provider keep you signed in and protect your session.
  • Local storage on your device holds app preferences and buffers offline reviews so they sync when you reconnect.

We do not use advertising or cross-site tracking cookies. Because the cookies we set are strictly necessary to deliver the service, they do not require consent in most jurisdictions; where local law requires a consent banner, it should be configured for that deployment.

How we use information

We use your information to:

  • run your spaced-repetition schedule and keep your review history accurate;
  • generate study material (readings, example sentences, mnemonics) from the Japanese you add;
  • identify the words you find difficult and suggest focused next steps;
  • maintain, secure, and improve the service, and enforce fair-use limits;
  • communicate with you about your account and material changes to the service.

We do not sell your personal information, and we do not use your learning content to train third-party models beyond producing your own study material.

Legal bases (EEA / UK)

If you are in the EEA or the UK, we process your personal data on these legal bases:

  • Performance of a contract: providing the service you signed up for.
  • Legitimate interests: securing the service, preventing abuse, and improving features, balanced against your rights.
  • Consent: where required, such as optional communications; you may withdraw consent at any time.
  • Legal obligation: where we must process data to comply with the law.

Service providers

Tomo relies on a small number of providers that act on our instructions as processors:

  • adatabase and authentication provider that stores your account and learning data;
  • alanguage-model provider that generates card content, sentences, mnemonics, and weak-spot guidance from the words you add;
  • acaching and rate-limiting provider used for performance and abuse prevention.

Text you submit for generation is sent to the language-model provider solely to produce your study material. It is not used to serve ads, and we do not permit these providers to use it for their own purposes.

International data transfers

Our providers may process data in countries other than your own, including the United States. Where we transfer personal data out of the EEA, the UK, or other regulated regions, we rely on appropriate safeguards, such as the Standard Contractual Clauses or an equivalent transfer mechanism, to protect it.

Retention and deletion

We keep your account and learning data while your account is active. You can delete your account at any time from Settings → Security; deletion removes your personal cards, reviews, and schedule, typically within 30 days, and backups are purged on a rolling cycle after that. We may retain limited records where we must to comply with the law, resolve disputes, or enforce our agreements, and we may keep aggregated or de-identified data that no longer identifies you.

Your rights and choices

Depending on where you live, you may have the right to access, correct, delete, or export your data, and to restrict or object to certain processing or withdraw consent. Residents of the EEA or UK may lodge a complaint with their supervisory authority. California residents may request to know, delete, and opt out of any “sale” or “sharing” of personal information (Tomo does not sell or share in that sense) and will not be treated differently for exercising these rights.

You can review and update much of your information in Settings, and delete your account whenever you choose. To exercise any other right, reach us through the app; we may need to verify your identity before we act.

Security

We protect your data with access controls, least-privilege access, and encryption in transit. No method of storage or transmission is perfectly secure, but we work to safeguard your information and limit who can reach it.

Children

Tomo is not directed to children under the age required by your local law (for example, 13 in the United States and as high as 16 in parts of the EEA). We do not knowingly collect their personal information; if you believe a child has provided us data, contact us and we will remove it.

Changes to this policy

We may update this policy from time to time. When we do, we will revise the date above and, for material changes, provide a more prominent notice before they take effect.