Legal

Privacy Policy

Last updated: June 2026 · Effective: June 2026

This Privacy Policy explains how My Tomodachi ("we", "us", or "our") collects, uses, and protects information when you use our app and website. We have written this in plain English — if anything is unclear, please email us at hello@mytomodachi.app.

1. Who We Are

My Tomodachi is a Japanese language conversation practice app. We are an independent developer based in Australia. You can contact us at hello@mytomodachi.app.

2. What Information We Collect

Information you provide directly

Email address — if you join our waitlist or create an account
Name or username — if you create an account
Messages you type or speak during conversations in the app

Information collected automatically

Voice input — captured temporarily to convert speech to text. Not stored permanently.
Conversation history — stored to allow your AI conversation partner to remember context. Automatically deleted after 90 days.
Streak and session data — stored locally on your device (not on our servers) to track your daily practice streak
Basic usage analytics — which features you use, session length, which personas you practice with. This data is anonymous and contains no personal information.
Device information — device type, operating system version, app version. Used for bug fixing and compatibility.

Information we do NOT collect

We do not collect your precise location
We do not access your contacts, photos, or other apps
We do not collect financial information directly (payments handled by Apple)
We do not sell your personal information to anyone, ever

3. How We Use Your Information

To power AI conversation responses via Anthropic Claude
To synthesise speech audio via Google Cloud Text-to-Speech
To transcribe your voice via Google Speech-to-Text (on-device on iOS)
To send you early access or launch notifications if you joined the waitlist
To improve the app — understanding which features are used helps us build better ones
To diagnose bugs and technical issues
To process subscription payments via Apple's in-app purchase system

4. Third-Party Services

My Tomodachi uses the following third-party services. Each has its own privacy policy.

Anthropic (Claude AI)

Your conversation messages are sent to Anthropic's API to generate responses. Anthropic processes this data to return a reply. We do not send your name, email, or account information to Anthropic — only the conversation text. Anthropic's privacy policy is at anthropic.com/privacy.

Google Cloud

We use Google Cloud Text-to-Speech to convert AI responses to audio. Text is sent to Google's servers to generate audio and is not retained. Google's privacy policy is at policies.google.com/privacy.

Apple

If you purchase a subscription, payment is processed entirely by Apple through their App Store. We do not see or store your payment details. Apple's privacy policy is at apple.com/privacy.

RevenueCat

We use RevenueCat to manage in-app subscriptions. RevenueCat receives your Apple subscriber ID and subscription status to verify your access level. RevenueCat's privacy policy is at revenuecat.com/privacy.

Mixpanel (Analytics)

We use Mixpanel to collect anonymous usage analytics — which features are used, session length, and similar metrics. No personally identifiable information is included in analytics events. Conversation content is never sent to analytics services. Mixpanel's privacy policy is at mixpanel.com/legal/privacy-policy.

Render and Vercel

Our backend server runs on Render and our web app is hosted on Vercel. These services may process data as part of normal server operations. Both are GDPR-compliant infrastructure providers.

5. Data Storage and Security

Conversation history is stored on our secure servers and automatically deleted after 90 days
Streak and session data is stored locally on your device only — we cannot access it
All data transmission uses HTTPS encryption
Our API is protected by Cloudflare and rate limiting
We do not store voice recordings — audio is processed in real time and discarded
We do not store payment information — this is handled entirely by Apple

6. Data Retention

Conversation history — automatically deleted after 90 days of inactivity
Account data — retained while your account is active, deleted within 30 days of account deletion request
Waitlist email addresses — retained until you unsubscribe or request deletion
Analytics data — retained in aggregate anonymous form for up to 2 years

7. Children's Privacy

My Tomodachi is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided personal information, we will delete it immediately.

Users aged 13–17 may use the app with parental consent. Certain content (including references to alcohol by AI characters) is restricted regardless of age, as we cannot verify user ages.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access — request a copy of the data we hold about you
Correction — request correction of inaccurate data
Deletion — request deletion of your account and all associated data
Portability — request your data in a machine-readable format
Objection — object to certain types of processing
Withdrawal of consent — withdraw consent at any time where processing is based on consent

To exercise any of these rights, email hello@mytomodachi.app. We will respond within 30 days.

9. Account and Data Deletion

You can delete your account and all associated data at any time:

In the app (once available)

Settings → Account → Delete Account. This permanently deletes your account, conversation history, and all personal data from our servers within 30 days.

By email

Email hello@mytomodachi.app with the subject "Delete My Account" and we will delete your account and all associated data within 30 days.

Note: Streak and session data stored locally on your device can be cleared by deleting the app. We do not have access to locally stored data.

10. International Data Transfers

My Tomodachi is operated from Australia. Our servers are located in the United States (Render, Vercel). By using the app, you consent to your information being transferred to and processed in the United States and other countries where our service providers operate.

Where we transfer data outside Australia or the EEA, we ensure appropriate safeguards are in place in accordance with applicable privacy laws.

11. Australian Privacy Act

We comply with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). If you are located in Australia and have a complaint about our handling of your personal information, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

12. GDPR (European Users)

If you are located in the European Economic Area or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR. Our legal basis for processing your personal data is:

Contract performance — to provide the service you signed up for
Legitimate interests — to improve the app and ensure security
Consent — for marketing emails, which you can withdraw at any time

As a data subject in the EU or EEA, you also have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your personal data in accordance with GDPR. A full list of EU supervisory authorities is available at ec.europa.eu. UK users may contact the Information Commissioner's Office (ICO) at ico.org.uk.

We will respond to GDPR-related requests within 30 days. In complex cases we may extend this by a further 60 days with notice.

13. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you specific rights regarding your personal information:

Right to know — you may request disclosure of the categories and specific pieces of personal information we have collected about you
Right to delete — you may request deletion of your personal information, subject to certain exceptions
Right to opt out of sale — we do not sell your personal information to third parties, and have not done so in the preceding 12 months
Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights

To exercise your California privacy rights, email hello@mytomodachi.app with the subject "California Privacy Request". We will respond within 45 days.

14. Other International Users

My Tomodachi is available globally. While our primary compliance framework is Australian privacy law and GDPR, we have designed our data practices to be consistent with broadly accepted international privacy principles:

Canada (PIPEDA) — we collect only what is necessary, are transparent about our practices, and allow access and correction of personal data
Brazil (LGPD) — Brazilian users have rights equivalent to those described in Section 8 of this policy and may exercise them by contacting us
Japan (APPI) — we handle personal information with care consistent with Japan's Act on the Protection of Personal Information
South Korea (PIPA) — we apply appropriate safeguards for Korean users consistent with the Personal Information Protection Act

Regardless of your location, you may always contact us at hello@mytomodachi.app to exercise any privacy rights applicable to you under your local laws.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify you via email or in-app notification. Continued use of the app after changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: hello@mytomodachi.app
Website: mytomodachi.app
Response time: within 30 days for privacy requests, usually much sooner