Privacy Policy

Overview

ZISTICA MOJIIQ (“we”, “our”) is a Japanese writing coach delivered as a Chrome extension and a web application at mojiiq.zistica.com. This policy explains exactly what data we collect, what stays on your device, and what leaves it.

1. What data we collect

• Account information — email address and authentication identifiers, collected when you sign up through our auth provider.
• Correction telemetry — when you apply or dismiss a correction, we record the original error fragment, the corrected text, the grammar category, the correction tier (local or AI), and your action (applied / dismissed). We do not send the full text of the page or writing field you are editing.
• Vocabulary and progress — saved words, SRS review state, JLPT coverage stats, XP, and streak data tied to your account.
• Payment metadata — Stripe customer ID and plan status. We never see or store card numbers.

2. How we use your data

• Authenticate you and enforce plan limits (free tier: 30 saved words).
• Return AI-powered grammar corrections when you request them.
• Build your personal progress dashboard: streak, XP, grammar weakness report, JLPT coverage map.
• Improve correction accuracy by analysing anonymised, aggregated error patterns. Individual text is never used for AI model training.

3. What runs locally vs. on our servers

The extension performs two tiers of grammar checking entirely on your device:

• Tier 1 (rule-based) — dictionary lookups and particle rules via a bundled Kuromoji tokeniser. No network request.
• Tier 2 (local ML) — an ONNX model running in the browser. No network request.
• Tier 3 (AI) — only triggered for logged-in users who click “Analyse”. The text in your active writing field is sent to our Cloudflare Worker API (nihongo-worker.zistica.workers.dev) and forwarded to an AI model for correction. The text is processed in real time and is not stored for AI training.

An anonymous install ID is generated in chrome.storage.local for non-logged-in telemetry. This ID is currently dropped server-side and not persisted.

4. Data storage and security

Account and progress data is stored in a Turso (LibSQL) database. API traffic is served through Cloudflare Workers with TLS encryption in transit. Authentication tokens are JWTs stored in chrome.storage.local on your device and validated server-side on every request. All API endpoints are rate-limited.

5. Third-party services

• Cloudflare — hosts our Worker API and provides DDoS protection. See Cloudflare Privacy Policy.
• Clerk — handles authentication and account management. See Clerk Privacy Policy.
• Stripe — processes payments. We never receive or store card details. See Stripe Privacy Policy.
• Turso — database provider for user accounts, vocabulary, and progress data.
• Vercel — hosts the web application. See Vercel Privacy Policy.

We do not sell or share your data with any other third parties.

6. Cookies and local storage

The web app uses a session cookie set by Clerk for authentication. The Chrome extension stores your JWT and preferences in chrome.storage.local (not browser cookies). We do not use tracking cookies, advertising pixels, or analytics scripts.

7. Data retention and deletion

Your data is retained for as long as your account is active. You can sign out at any time from the extension popup or the web dashboard, which clears your local authentication token. To request full deletion of your account and all associated data, email privacy@zistica.com. We will complete deletion within 30 days.

8. Children's privacy

ZISTICA MOJIIQ is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us data, contact us and we will delete it promptly.

9. Changes to this policy

We may update this policy as the product evolves. Material changes will be communicated via email or a notice in the extension. Continued use after a change constitutes acceptance of the updated policy.

10. Contact

Questions or requests about this policy: privacy@zistica.com