Privacy Policy

Last updated: January 24, 2026

1. Introduction and Data Controller

DojoSensei ("we", "our", or "us") is committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

Data Controller: DojoSensei
Contact: privacy@dojosensei.com

This Privacy Policy explains how we collect, use, process, and safeguard your personal data when you use our karate class planning application.

2. Personal Data We Collect

We collect and process the following categories of personal data:

Account Information: Email address, name, profile details (dojo name, role, belt rank, teaching preferences)
Class Plans and Content: Karate class plans, drills, templates, and curriculum data you create
Usage Data: How you interact with the application, features used, and performance metrics
Authentication Data: If you sign in with Google, we receive your basic profile information (email, name) from Google
Communication Data: Messages sent through Sensei chat features (temporarily processed, not stored long-term)
Technical Data: IP address, browser type, device information, and access logs
Consent Records: Timestamps and versions of terms and policies you have accepted

3. Consent Verification

When you create an account and accept our Terms of Service and Privacy Policy, we record certain information to demonstrate your consent as required by GDPR:

Timestamp: The exact date and time you accepted the terms
Policy Version: Which version of the Privacy Policy and Terms of Service you accepted
Marketing Preference: Whether you opted in to receive marketing communications

Purpose: This information is collected for legal compliance and consent verification under GDPR Article 6(1)(c).

Retention: Consent records are retained for 3 years from the date of consent, or 1 year after account deletion, to demonstrate compliance with applicable data protection laws.

4. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal bases:

Contractual Necessity: To provide and maintain the DojoSensei service, save and sync your class plans, and fulfill our terms of service
Legitimate Interests: To improve our service, ensure security, prevent fraud, and analyze usage patterns
Consent: For optional features like marketing communications (you can withdraw consent at any time)
Legal Obligation: To comply with applicable laws and regulations

5. Purposes of Processing

We process your personal data for the following purposes:

Providing and maintaining the DojoSensei application and services
Saving, syncing, and managing your class plans across devices
Providing AI-powered features including Sensei chat assistance
Improving and personalizing your user experience
Ensuring security and preventing unauthorized access
Complying with legal obligations and responding to legal requests
Sending important service updates and notifications (essential communications)
Analyzing usage patterns to improve our service (anonymized where possible)

6. Data Retention

We retain your personal data only for as long as necessary:

Account Data: Retained while your account is active. Deleted within 30 days of account deletion request
Class Plans and Content: Retained while your account is active. Deleted when you delete your account
Usage Data: Retained for up to 24 months for service improvement purposes, then anonymized
Communication Data (Sensei Chat): Processed in real-time, not stored long-term. Temporary logs retained for up to 90 days for security purposes
Legal Obligations: Some data may be retained longer if required by law or for legitimate business purposes (e.g., fraud prevention)
Consent Records: Retained for a minimum of 3 years from the date of consent, or 1 year after account deletion, to demonstrate compliance with applicable data protection laws. After this period, these records may be anonymized or deleted upon request

7. Data Storage and Security

Your data is stored securely using Supabase (PostgreSQL database) with:

Encryption in transit (TLS/SSL) and at rest
Row Level Security (RLS) policies ensuring data isolation between users
Industry-standard security measures and access controls
Regular security audits and monitoring

Your class plans and personal data are private and only accessible to you unless you explicitly choose to share them.

8. Data Transfers and Third-Party Services

We use the following third-party services that may process your data:

Supabase (Supabase Inc.): Database and authentication services. Data may be stored in the United States. Supabase is GDPR-compliant and uses Standard Contractual Clauses (SCCs) for data transfers
Resend (Resend Inc.): Email delivery service for transactional emails (verification, welcome emails). Email addresses and email content are processed. Resend is GDPR-compliant with appropriate data processing agreements
Google (Google LLC): Optional sign-in authentication. Subject to Google's Privacy Policy. Data transfers covered by Google's EU-US Data Privacy Framework certification
Vercel (Vercel Inc.): Application hosting and serverless functions. Request logs and IP addresses may be processed. Data transfers covered by Vercel's GDPR compliance measures
AI Services (Google Gemini): For Sensei chat features. Conversations are processed but not stored long-term. Subject to Google's data processing terms
Cloudflare (Cloudflare Inc.): Content delivery and security services. IP addresses and browser fingerprints may be processed for bot protection. Cloudflare is GDPR-compliant

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

All third-party processors are GDPR-compliant with appropriate data processing agreements in place.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of Access (Article 15): Request a copy of your personal data and information about how it is processed
Right to Rectification (Article 16): Request correction of inaccurate or incomplete data
Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten"), subject to legal obligations
Right to Restrict Processing (Article 18): Request limitation of processing in certain circumstances
Right to Data Portability (Article 20): Receive your data in a structured, commonly used format and transmit it to another controller
Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing purposes
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
Right to Lodge a Complaint (Article 77): File a complaint with your local supervisory authority if you believe your data protection rights have been violated

To exercise these rights, please contact us at privacy@dojosensei.com. We will respond to your request within one month.

10. Marketing Consent and Withdrawal

You can withdraw your marketing consent at any time by:

Clicking "Unsubscribe" in any marketing email
Visiting Settings → Privacy in the app and updating your preferences
Contacting us at support@dojosensei.com

Withdrawal of marketing consent does not affect the lawfulness of processing based on consent before its withdrawal, nor does it affect your account access or the core functionality of DojoSensei.

11. Account Deletion

You can request complete deletion of your account and all associated data by:

Visiting Settings → Account → Delete Account in the app
Contacting us at support@dojosensei.com

Upon deletion, we will erase all personal data within 30 days, except:

Consent Records: Retained for 1 year after account deletion for legal compliance (see Data Retention above)
Anonymized Data: Aggregated, non-identifiable data may be retained for analytics
Legal Requirements: Data required by law to be retained longer

12. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or significantly affects you. Our AI-powered features (such as Sensei chat) are designed to assist you but do not make automated decisions about you. You always maintain control over your data and can review, modify, or delete any AI-generated suggestions.

13. Cookies and Tracking Technologies

We use the following types of cookies:

Essential Cookies: Required for authentication, session management, and core functionality. These cannot be disabled
Functional Cookies: Remember your preferences and settings to enhance your experience

We do not use advertising cookies or third-party tracking cookies. You can manage cookie preferences through your browser settings.

14. Children's Privacy

DojoSensei is designed for karate instructors and adult users (18+). We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@dojosensei.com and we will delete such information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

Posting the updated policy on this page
Updating the "Last updated" date
Sending you a notification if the changes materially affect your rights

Your continued use of DojoSensei after changes become effective constitutes acceptance of the updated policy.

16. Contact Information and Supervisory Authority

For questions, requests, or concerns about this Privacy Policy or your personal data, please contact us:

Email: privacy@dojosensei.com

If you are located in the European Economic Area (EEA) and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority. You can find your supervisory authority at https://edpb.europa.eu.

←Back to DojoSensei