Privacy Policy

1. Introduction

Kaku is a desktop application that helps you write better Japanese in the apps you already use. This Privacy Policy explains what information Kaku ("Kaku", "we", "us", or "our") collects when you use Kaku, how we use it, who we share it with, and the choices you have.

This policy covers:

The Kaku desktop application for macOS and Windows.
The Kaku landing page and any related marketing pages at the kaku.pro domain.
The Kaku backend services (authentication, billing, and cloud tone conversion).

It does not cover third-party services that we integrate with — Google for sign-in, Stripe for payments, and our underlying large language model provider. Each of those services operates under its own privacy policy, which we link to below.

If you do not agree with this policy, please do not install or use Kaku.

2. Information we collect

Kaku is designed to collect as little personal information as possible, and to keep most processing on your device.

2.1 Account information

When you sign in to Kaku with your Google Account, we receive from Google:

A unique Google subject identifier (sub) that anchors your Kaku account.
Your email address.
Your name and Google profile picture URL (used to show "Signed in as ..." in Settings).

We do not receive your Google password, your Google contacts, your Google Drive contents, or any Google scopes beyond basic profile and email.

2.2 Session information

When you are signed in, Kaku stores a session token in your operating system's secure storage on your device. Our servers store only a SHA-256 hash of that token; the raw token never appears in our database. Each session record includes the user account it belongs to, the time it was created, the time it expires, and the time it was last used.

2.3 Subscription and payment information

If you upgrade to a paid plan, our payment processor, Stripe, Inc., collects and processes your payment details directly. Stripe stores your payment instrument on its own infrastructure; we do not see or store full card numbers or security codes. For the payment-card data it collects, Stripe acts as an independent data controller under its own privacy policy, not as our processor. Because card data never reaches our servers, our PCI-DSS responsibility is limited to the applicable SAQ-A scope.

We store, in our own database:

Your current plan ("free" or "pro"), billing period start and end, and Stripe customer / subscription identifiers.
An append-only audit log of plan change events (upgrade, downgrade, cancel, renew), with Stripe event identifiers used to reconcile against Stripe's records.

2.4 Tone conversion data

When you use the Tone Converter to rewrite a selected passage, the selected passage is sent over an encrypted connection to our backend, which forwards it to our large language model provider for rewriting. The rewritten text is returned to your device.

On the server side, we store one metadata record per tone conversion call. This record contains:

A reference to your user account.
The target register you selected (casual, polite, or business-formal).
The character length of the source and result.
The timestamp of the call.

We do not store the source passage or the result text in this metadata record. These records are retained for 30 days for usage analytics and operational debugging, then deleted.

2.5 Quality feedback (only if you submit it)

Each tone conversion result includes a thumbs-up / thumbs-down rating. If — and only if — you voluntarily submit a rating, we store:

A SHA-256 hash of your user ID (not the user ID itself).
The target register you selected.
The source passage you sent.
The converted passage that was returned.
Your rating (👍 or 👎).
The timestamp.

This feedback is used to improve the quality of our tone conversion model. Kaku surfaces an explicit disclosure the first time you submit feedback, and again in the onboarding flow.

This record is linked to a SHA-256 hash of your user ID. Hashing reduces but does not eliminate the link to you, so this data remains personal (pseudonymized) data under applicable law and is protected accordingly. Only fully aggregated statistics that cannot be linked to any individual are treated as anonymous.

2.6 Correction analytics (no source text)

When you accept or dismiss an inline correction suggestion in the desktop app, we record an action event containing:

A SHA-256 hash of your user ID.
The correction type (for example, "grammar", "particle", "vocabulary", "style").
The severity of the correction.
Whether you applied or dismissed the suggestion.
The timestamp.

We do not record the original text, the corrected text, or anything else that would allow us to reconstruct your writing. We use these events only to measure how well our correction rules are working in aggregate. Because each event is linked to a SHA-256 hash of your user ID, it remains personal (pseudonymized) data under applicable law until it is fully aggregated.

2.7 Information processed only on your device

Several categories of information are processed on your device and never transmitted to our servers:

Keystrokes. Kaku never logs keystrokes.
Background text. Kaku only observes the contents of supported input fields after you complete a sentence, and only in apps where you have granted accessibility permission.
Source text used for on-device correction. The local rule-based correction engine that produces wavy underlines runs entirely on your device. The text you type is not sent to our servers as part of that process.

These categories may be visible to other applications you have running, to your operating system, and to the input methods you have installed. They are not visible to Kaku's servers.

2.8 Diagnostic information

If the Kaku desktop app crashes or encounters an error, we may collect a crash report containing the application version, your operating system version, a stack trace, and a generated installation identifier. Crash reports do not contain the text you have written. You can disable crash reporting in Settings.

2.9 Information we do not collect

We do not collect, and do not want to receive, the following from you:

Your location.
Your contacts.
Your browsing history.
Marketing identifiers or advertising IDs.
Biometric data.

3. How we use information

We use the information described above to:

Provide the Kaku service — authenticate you, run tone conversions, render the correction overlay, and persist your settings.
Enforce plan limits for free-tier users and unlock unlimited usage for Pro subscribers.
Process payments through Stripe and keep our subscription records consistent with Stripe's.
Improve correction rule quality and large language model output quality, based on apply/dismiss event rates and explicit feedback you submit.
Investigate and fix crashes and operational issues.
Communicate with you about service-critical issues — security incidents, terms changes, planned outages. We do not send marketing email unless you opt in.

We do not sell personal information. We do not use personal information for behavioral advertising. We do not use the text content you submit for tone conversion to train models outside Kaku's own quality improvement workflow, and even then only when you explicitly submit a thumbs-up or thumbs-down rating.

3.1 Our legal bases (EEA/UK users)

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR / UK GDPR:

Processing	Legal basis
Authentication, running corrections / tone conversion, persisting your settings	Performance of a contract (Art. 6(1)(b))
Billing, subscription management, fraud prevention	Performance of a contract; legal obligation (Art. 6(1)(b),(c))
Retaining billing and subscription audit records	Legal obligation (Art. 6(1)(c))
Crash diagnostics, security, and service improvement via apply/dismiss analytics	Legitimate interests (Art. 6(1)(f))
Storing feedback text you submit with a rating	Consent (Art. 6(1)(a)), withdrawable at any time
Service-critical communications	Legitimate interests / legal obligation

Where we rely on legitimate interests, you may object at any time. Where we rely on consent, you may withdraw it at any time without affecting processing already carried out.

4. Who we share information with

We share information with the following categories of recipients, only as needed to provide the service:

Recipient	Purpose	What they receive
Google LLC	OAuth sign-in	Standard Google OAuth flow data (we receive your profile and email from Google)
Stripe, Inc.	Payment processing	Your name, email, payment instrument, and billing address (collected directly by Stripe)
Our large language model provider	Tone conversion	The selected passage you choose to convert, and the target register
A third-party cloud hosting provider	Infrastructure	All data we store, encrypted at rest in the region named in §5
Professional advisors	Legal, accounting, compliance	Only information necessary for the engagement, under confidentiality
Successor entity	Sale, merger, or restructuring	Subject to notice to you and continued protection under this policy
Law enforcement or courts	Legal obligation	Only when compelled by valid legal process, after our own legal review

Google and Stripe act as independent data controllers for the data they collect directly from you (OAuth profile data and payment-card data, respectively), each under its own privacy policy — they are not acting on our instructions for that data. Our other service providers (such as our large language model and hosting providers) act as our processors: we require each to handle information only on our instructions and to maintain appropriate confidentiality and security.

5. Where your information is stored

We store server-side data on infrastructure operated by a reputable third-party cloud hosting provider, in a secure data-center region. Data is encrypted in transit (TLS 1.2 or higher) and at rest (provider-managed encryption).

If you access Kaku from outside the region where our servers are located, your information will travel across borders to reach us. By using Kaku you understand that this transfer occurs.

6. How long we keep information

Category	Retention	What happens then
Account record	Until you request deletion, or 24 months of total inactivity	Permanently deleted
Session records	Until expiry or explicit sign-out	Hard-deleted from the database
Subscription record (current)	While your subscription is active	Marked canceled, kept for the period below
Subscription event audit log	7 years	Required for tax and accounting compliance
Tone conversion metadata	30 days	Deleted by scheduled cleanup job
Quality feedback (when you submit a rating)	Until you request deletion	Linked only by hashed user ID; deletion request removes matching records
Correction analytics events	365 days	Linked only by hashed user ID; aggregated counts may be retained indefinitely
Crash reports	90 days	Permanently deleted

Aggregated, fully anonymized statistics (for example, "X% of corrections of type 'particle' were applied last month") may be retained indefinitely. These statistics cannot be linked back to any individual user.

7. Your rights and choices

Depending on where you live, you have some or all of the following rights:

Access. Ask us for a copy of the personal information we hold about you.
Correction. Ask us to correct information that is inaccurate.
Deletion. Ask us to delete your account and the personal information associated with it. We will delete or anonymize within 30 days, except where retention is required by law (for example, subscription audit records).
Portability. Ask for your information in a structured, commonly used, machine-readable format.
Opt-out of feedback collection. Stop submitting thumbs-up / thumbs-down ratings. Already-submitted ratings are deleted when you request account deletion.
Disable crash reports. Toggle off in Settings.

You can exercise account deletion directly from the Kaku desktop app under Settings → Account → Delete account. For all other requests, contact us using the details in §14. We may need to verify your identity before acting on a request.

Please note that your billing and transaction history (including subscription audit records and Stripe identifiers) is retained for 7 years to comply with tax, accounting, and anti-fraud obligations, and cannot be deleted on request during that period even where you delete your account. After the statutory period, these records are deleted or anonymized.

If you are in the European Economic Area, the United Kingdom, or another jurisdiction with similar rights, you also have the right to lodge a complaint with your local data protection authority.

7.1 Your California privacy rights (CCPA/CPRA)

If you are a California resident, you have the right to know, access, correct, and delete your personal information, and the right not to be discriminated against for exercising these rights. In the preceding 12 months we collected the categories of personal information described in §2 (identifiers, commercial/subscription information, and limited usage data). We do not sell your personal information and do not share it for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA. We do not knowingly collect sensitive personal information beyond what is needed to provide the Service. To exercise your rights, use the methods above or contact kakuprotech@gmail.com; you may use an authorized agent. We will verify your identity before responding.

8. On-device processing

Kaku treats your local processing data as yours. The on-device correction engine runs entirely on your machine, does not phone home with the text you type, and does not require an internet connection once installed and signed in.

The current data mode is always visible from the menu-bar icon or status menu. Cloud-call triggers (such as opening the Tone Converter) display a clear privacy notice before any text leaves your device.

9. Cookies and similar technologies

The Kaku landing page uses only strictly necessary cookies — for example, a cookie that remembers your preferred language (English or Japanese). The landing page does not use advertising cookies, tracking pixels, or third-party analytics that profile individual visitors.

The desktop app does not use browser cookies. It uses your operating system's secure storage to hold a session token.

10. International data transfers

If you are located outside the region where our servers are hosted, your information will be transferred to and processed in that region. We rely on appropriate safeguards — including standard contractual clauses and provider commitments — to protect information during transfer, where applicable law requires them.

11. Children's privacy

Kaku is not directed to children under 13, and we do not knowingly collect personal information from children under that age. If you believe a child has provided personal information to us, please contact us and we will delete it.

12. Security

We implement administrative, technical, and physical safeguards designed to protect personal information against accidental or unlawful loss, access, disclosure, or destruction. These include:

TLS-encrypted connections between the desktop app, the landing page, and our backend.
At-rest encryption for all database storage.
Session tokens stored only as SHA-256 hashes on the server side.
Role-based access control for engineers, with audit logging for production access.
Quarterly review of third-party processor security posture.

No security control is perfect. We will notify affected users and the appropriate regulators within the timeframes required by applicable law if we become aware of a security incident affecting your personal information.

13. Changes to this policy

If we make a material change to this policy, we will:

Post the revised policy on this page and note the date of the latest revision.
Notify signed-in users by email or in-app message at least 30 days before the change takes effect.

Continued use of Kaku after the change becomes effective constitutes acceptance of the updated policy.

14. How to contact us

For privacy questions or to exercise the rights in §7:

Kaku Email: kakuprotech@gmail.com