MemoKat

Privacy Policy

Last Updated: February 26, 2026

1. Introduction

Welcome to MemoKat ("we," "us," "our," or "MemoKat"). We are committed to protecting your privacy and handling your personal information with care and transparency. This Privacy Policy explains how we collect, use, share, store, and protect your personal data when you use the MemoKat mobile application (the "App" or "Service").

By using MemoKat, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

2. Developer Information

MemoKat is developed and operated by:

Xanorin
Email: support@memokat.com
Website: www.memokat.com

For privacy-related inquiries, data deletion requests, or to exercise your data rights, please contact us at support@memokat.com.

3. Information We Collect

3.1 Personal Information You Provide

  • Account Information: When you create an account, we collect your name, email address, username, and password.
  • Profile Information: Any additional information you choose to add to your profile, such as a profile picture or biographical details.
  • Contact Information: Email address and other contact details you provide for communication or support purposes.
  • User Content: Flashcard sets, vocabulary lists, study notes, audio recordings (for speaking exercises), and other educational content you create or upload.

3.2 Automatically Collected Information

  • Usage Data: Session start/end times, features accessed (folders, sets, item creation), bulk import activity, and premium navigation patterns — used to improve the Service.
  • Learning Progress: Items learned, session durations, weighted accuracy scores, and streak data — used to power personalized learning and spaced repetition.
  • Device Information: Device type, operating system version, app version, and platform (iOS, Android, or Web) — used for technical compatibility and crash diagnostics.
  • Error Logs: Application crash reports and technical error details — used to diagnose and fix issues.

3.3 Audio Data

Audio recordings are captured when you use speaking exercises for pronunciation practice. These recordings are processed locally or via our speech recognition service to provide real-time feedback. Audio is not stored permanently on our servers unless you explicitly save it as part of your study content.

3.4 Photos and Media

If you choose to upload a profile picture, the image is uploaded from your device's photo library. We request access to your media library only for this purpose. We do not access your camera or other photos.

3.5 Location Information

We may infer approximate location from your IP address to provide region-appropriate content and language defaults. We do not collect precise GPS location data.

3.6 Payment Information

Payment information (card numbers, billing details) is collected and processed exclusively by our third-party payment processors. We do not store payment credentials on our servers. We receive only transaction confirmation and subscription status.

4. App Permissions

MemoKat requests the following device permissions:

PermissionPlatformPurpose
RECORD_AUDIO / MicrophoneAndroid & iOSRequired for speaking exercises and pronunciation practice
READ_MEDIA_IMAGES / Photo LibraryAndroid & iOSRequired to upload a profile picture from your gallery
MODIFY_AUDIO_SETTINGSAndroidRequired to control audio playback volume and routing during exercises

We do not request CAMERA permission. Profile photos can only be selected from your existing photo library.

5. How We Use Your Information

5.1 To Provide and Improve the Service

  • Deliver core features: flashcards, quizzes, listening, speaking, and typing exercises
  • Create and manage your account
  • Track your learning progress and maintain streaks
  • Power spaced repetition algorithms for optimized learning
  • Provide audio playback for pronunciation
  • Enable creation, saving, and sharing of study sets
  • Personalize your learning experience based on your performance

5.2 Analytics and Product Improvement

  • Aggregate daily usage metrics to monitor app health and growth
  • Analyze user engagement to improve features and content
  • Analyze premium conversion to optimize subscription offerings
  • All analytics data is stored on our private, self-hosted infrastructure and is not shared with third-party advertising or analytics networks

5.3 Communications (With Your Consent)

  • Send transactional emails (account confirmation, password reset)
  • Notify you of important service updates
  • Send promotional communications about new features or offers (opt-out available)

5.4 Security and Fraud Prevention

  • Detect and prevent unauthorized access, fraud, and abuse
  • Enforce our Terms of Service
  • Comply with applicable legal obligations

6. Data Safety Summary (Google Play)

The following table summarizes our data practices as required by Google Play's Data Safety section:

Data TypeCollectedPurposeShared with Third PartiesUser Can Request Deletion
Name & EmailYesAccount creation, loginNo (stored on our servers only)Yes
Profile pictureYes (optional)Display in appNoYes
Audio recordingsTemporarySpeaking exercise feedbackYes (speech recognition service)Yes
Usage & learning dataYesPersonalization, analyticsNoYes
Device infoYesCrash diagnostics, compatibilityNoYes
Payment statusYes (status only)Premium access verificationNoYes
Payment detailsNoN/A — processed by payment providerN/AN/A

All data transmitted between the App and our servers is encrypted in transit using TLS/HTTPS. Stored data is encrypted at rest on our self-hosted infrastructure.

7. Third-Party Services

We work with the following specific third-party services. Each has their own privacy policy governing their data practices:

7.1 Backend Infrastructure

  • Appwrite: Provides database, authentication, and file storage. Data is stored on our own private servers and is not shared with Appwrite's cloud. Privacy Policy: https://appwrite.io/privacy

7.2 Subscription & In-App Purchases

7.3 Web Payments

7.4 Audio & Speech

  • Microsoft Edge TTS: Powers text-to-speech audio playback for vocabulary pronunciation. Audio generation requests are routed through our own server infrastructure.
  • Device-native Speech Recognition (iOS Speech Framework / Android SpeechRecognizer): Used for speaking exercise evaluation. Voice data is processed by the device's built-in speech engine. On iOS, Apple may process audio data per their privacy policy.

7.5 Authentication — Sign in with Apple & Google

Apple Sign In: Used for single sign-on authentication on iOS.

  • Apple generates a unique, app-specific user identifier for your MemoKat account. This identifier is scoped to MemoKat only and cannot be used by Apple or MemoKat to track you across other apps or websites.
  • During sign-in, Apple gives you the choice to share your real email address or use an Apple-generated relay email. MemoKat accepts both and stores whichever you provide.
  • Apple does not share your Apple ID password or any other Apple account credentials with MemoKat.
  • Sign In with Apple tokens are managed by iOS and refreshed automatically. MemoKat validates token status on each app launch to detect revocation.
  • To revoke MemoKat's access to your Apple ID at any time: go to iOS Settings → [your name] → Password & Security → Apps Using Apple ID → MemoKat → Stop Using Apple ID. Your MemoKat account will remain active but you can also request full deletion per Section 9.
  • Privacy Policy: https://www.apple.com/legal/privacy

Google Sign In: Used for OAuth2 authentication on iOS, Android, and Web, proxied through our Appwrite backend.

  • MemoKat does not integrate the Google Sign-In SDK directly. Authentication is handled via Appwrite's OAuth2 flow: your browser/WebView opens Google's consent screen, and Google returns an authorization token to Appwrite, which then creates a MemoKat session.
  • Upon successful sign-in, Google provides your email address, display name, and profile picture URL to Appwrite. MemoKat stores your email and display name in your user profile. Profile pictures are referenced by URL but not stored in our database.
  • MemoKat does not receive or store your Google account password or any Google credentials.
  • To revoke MemoKat's access to your Google account: go to Google Account → Security → Third-party apps with account access → MemoKat → Remove access. Your MemoKat account will remain active but you can also request full deletion per Section 9.
  • Privacy Policy: https://policies.google.com/privacy

These third-party providers have access to your data only to the extent necessary to perform their specific functions and are contractually obligated to protect your information.

8. Data Retention

Data TypeRetention Period
Account & profile dataFor the duration of your account + 30 days after deletion
Learning progress & streaksFor the duration of your account
Audio recordings (speaking exercises)Processed in real-time; not permanently stored
Usage analyticsUp to 24 months, then anonymized or deleted
Payment transaction recordsUp to 7 years (legal/financial compliance)

When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

9. Account Deletion

You can permanently delete your MemoKat account and all associated data at any time:

  1. In-app: Go to Settings → Account → Delete Account
  2. By email: Send a deletion request to support@memokat.com with subject "Account Deletion Request"

Upon confirmation, your account, learning data, and user content will be permanently deleted within 30 days. Payment history may be retained for up to 7 years for legal compliance.

10. Your Data Protection Rights

Depending on your location, you may have the following rights:

10.1 Right to Access

Request a copy of the personal data we hold about you.

10.2 Right to Rectification

Request correction of inaccurate or incomplete information.

10.3 Right to Erasure

Request deletion of your personal data. See Section 9 for account deletion instructions.

10.4 Right to Restriction of Processing

Request that we limit how we process your data in certain situations.

10.5 Right to Data Portability

Request a copy of your data in a portable, machine-readable format.

10.6 Right to Object

Object to certain processing, especially for marketing purposes.

10.7 Right to Withdraw Consent

Where processing is based on consent, you may withdraw at any time without affecting prior processing.

10.8 How to Submit a Request

To exercise any of the above rights, contact us at support@memokat.com with subject "Privacy Request". We will respond within the timeframe required by applicable law (typically 30 days).

11. Legal Basis for Processing (GDPR)

If you are located in the EEA, UK, or Switzerland, we process your personal data based on:

  • Consent: For voice recordings, marketing communications, and optional profile data
  • Contract Performance: To provide the Service you signed up for
  • Legitimate Interests: For analytics, fraud prevention, and security improvements
  • Legal Obligation: To comply with applicable laws and regulations

12. Data Security

We implement the following security measures:

  • Encryption in transit: All communication between the App and our servers uses TLS/HTTPS
  • Encryption at rest: Sensitive data is encrypted on our servers
  • Access controls: Only authorized personnel can access production systems
  • Self-hosted infrastructure: Your data is stored on our private VPS — not on public cloud platforms managed by third parties
  • Password hashing: Passwords are hashed using industry-standard algorithms (never stored in plaintext)

No system is 100% secure. In the event of a data breach affecting your rights, we will notify you as required by applicable law.

13. Children's Privacy

MemoKat is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has created an account, please contact us immediately at support@memokat.com and we will delete the account promptly.

14. International Data Transfers

Our servers are located on private infrastructure. Data may be processed in or transferred to countries outside your residence. When transferring data from the EEA/UK, we implement appropriate safeguards including Standard Contractual Clauses where required.

15. California Privacy Rights (CCPA/CPRA)

California residents have the right to: know what personal data is collected; delete personal data; opt out of sale (we do not sell data); correct inaccurate data; limit use of sensitive personal information; and non-discrimination for exercising rights. To exercise these rights, contact support@memokat.com.

16. App Tracking Transparency (Apple ATT)

MemoKat does not track users across third-party apps or websites for advertising or data broker purposes.

Specifically:

  • We do not use Apple's Advertising Identifier (IDFA) or any advertising SDK.
  • We do not share your data with advertising networks, data brokers, or measurement companies.
  • We do not build cross-app behavioral profiles.
  • No App Tracking Transparency (ATT) permission dialog will appear when using MemoKat on iOS.

All analytics data collected by MemoKat is used solely to improve the MemoKat app experience and is stored exclusively on our own private infrastructure.

17. Changes to This Privacy Policy

When we make material changes to this Policy, we will update the "Last Updated" date and notify you via in-app notification or email. Your continued use after changes are posted constitutes acceptance.

18. Contact Us

For any questions, concerns, or privacy requests:

MemoKat Support
Email: support@memokat.com
Website: www.memokat.com

Subject lines for faster processing:

  • Data deletion: "Account Deletion Request"
  • Data access: "Privacy Request — Data Access"
  • Other: "Privacy Inquiry"