Last updated May 15, 2026
This policy explains what data Chigau collects, why, what we do with it, and the rights you have over it. Plain English. If something is unclear, write to privacy@chigau.app.
Chigau is an AI-assisted Japanese sentence-correction service operated under the trading name “Chigau”. For the purposes of the GDPR, Chigau is the data controller for the personal data described in this policy.
When you create an account we store your email address, a hashed password (if you signed up with email/password), and any name or profile image you choose to provide. If you sign in with Google we receive your email, name, and profile image from Google. If you register a passkey, we store the public-key credential and a label so you can manage it later.
When you use Chigau's correction, translation, or chat features, we store the sentences and messages you send so the result can be shown back to you, kept in your history, and reloaded when you revisit. We also store the corrections, translations, and responses generated for those sentences.
If you connect WaniKani, we store your API token to fetch your level and known vocabulary. If you sign in with a third-party AI provider via OAuth, we store the access and refresh tokens encrypted at rest (AES-256-GCM) so future requests on your behalf can use your own account.
Like any web service, our servers log basic technical information about requests: IP address, user-agent, timestamps, and which endpoints were called. We use this to keep the service running, to investigate errors, and to prevent abuse. We do not use this data to build advertising profiles.
We use a small number of first-party cookies. None of them are used for tracking or advertising.
chigau-lang) so the UI stays in the language you picked.We use PostHog for product analytics — to understand which features people use and where they get stuck. PostHog receives event data (e.g., which pages you visit, which buttons you click) tied to a pseudonymous identifier. We do not send your sentences or messages to PostHog.
Our legal bases under the GDPR are: performance of a contract (to deliver the service you signed up for), legitimate interests (security and product improvement), and consent (where required — e.g., for future analytics opt-ins).
The sentences and messages you submit are sent to third-party AI providers so they can generate corrections, translations, and tutor-style answers. In line with our providers' terms, your content is not used to train their models, and we do not sell your data to any third party.
Chigau's application servers and database run in the European Union (Amsterdam). AI processing happens at providers that may be located outside the EU. When personal data is transferred outside the EU/UK, we rely on the safeguards published by those providers (typically Standard Contractual Clauses or equivalent frameworks).
We do not sell your personal data. We share data only with the processors needed to run the service: our hosting provider, our AI providers, and PostHog. We may also disclose data when required by law.
We keep your account and content for as long as your account exists. When you delete your account from Settings, your personal data is purged immediately from our live systems. Routine encrypted backups may still contain copies until those backups expire and are rotated out on their normal schedule.
If you are in the EU, EEA, or UK, you have the right to access, correct, delete, restrict, port, or object to the processing of your personal data, and to withdraw consent at any time without affecting processing already carried out. You can exercise most of these rights directly: account data is editable in Settings, content is deletable from your history, and the full account can be erased from the Danger Zone. For anything else, write to privacy@chigau.app.
You also have the right to lodge a complaint with your local data protection authority.
If you are a California resident, you have the right to know what personal information we have about you, to request deletion, to correct inaccurate information, and to not be discriminated against for exercising these rights. We do not sell your personal information, and we do not share it for cross-context behavioural advertising. To make a request, email privacy@chigau.app.
We use TLS for data in transit, encrypted credentials at rest, and standard hardening on our servers. No system is perfectly secure, but we treat your data the way we would want ours treated.
Chigau is not directed at children under the age of digital consent in their jurisdiction (typically 13 to 16 in the EU/EEA, and 13 in the US and UK), and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, email us and we will delete it.
When we update this policy we will change the date at the top. If the change is significant, we will notify account holders by email.
For privacy questions, data-access requests, or anything else covered here: privacy@chigau.app.