Privacy Policy

Last updated: 2026-04-28

Kioku Brain ("we", "us", "the service") is operated as part of the Kioku product family. This policy explains what we collect, why, and how we protect it.

1. What we collect

• Account info: email, display name, language preference (via Clerk).
• Card content: the text, source URL, and AI-generated cards you create.
• Review history: timestamps, ratings (1–4), and FSRS state for each review.
• Usage metrics: feature counts (anonymized), AI generation token usage, error logs (no PII).
• Payment info: handled exclusively by Stripe. We store only the Stripe customer ID and subscription status.

2. What we do NOT do

• We do not sell your personal data to anyone.
• We do not train AI models on your content (Anthropic and Cloudflare AI both contractually prohibit this).
• We do not use your card content for advertising or profiling.

3. Where data is stored

• Cloudflare D1 (SQLite at edge), KV, R2, Vectorize — multi-region with edge replication.
• Clerk (authentication) — US data center.
• Stripe (payments) — global, PCI-DSS compliant.
• Resend (email delivery) — US data center.
• Anthropic API (Claude Haiku) — US, no training on your data.

4. AI sub-processors

When you trigger an AI feature (card generation, replay, embedding), the relevant text is sent to:

• Anthropic Claude Haiku 4.5 for Pro users.
• Cloudflare Workers AI (Llama 8B / BGE-M3) for Free users and embeddings.

Neither provider stores prompts or trains on user data per their commercial agreements.

5. Data retention & deletion

• You can delete any card or your entire account at any time from your dashboard.
• Account deletion removes all cards, reviews, links, and embeddings within 7 days.
• Backup logs are anonymized and retained 90 days for diagnostics.
• Stripe payment records are retained 7 years per Japanese tax law (we cannot delete these).

6. Cookies & analytics

We use a single first-party session cookie (Clerk) for authentication. We do not use Google Analytics, Facebook Pixel, or third-party tracking. We may use Cloudflare Web Analytics, which is fully cookieless.

7. Your rights

• Access: download all your cards as JSON anytime.
• Correction: edit any card in-app.
• Deletion: delete account in-app or by emailing support@kio-ku.com.
• Portability: full JSON export.
• Opt-out of email: 1-click unsubscribe in every email.

8. Children

The service is not intended for users under 13 (under 16 in the EU). If you are a parent/guardian and believe a child has used the service, contact us for immediate deletion.

9. Changes

We will notify users by email at least 14 days before any material change to this policy.

10. Contact

support@kio-ku.com