← Back to DojoSensei
Privacy Policy

Last updated: January 2025

1. Introduction and Data Controller

DojoSensei ("we", "our", or "us") is committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

Data Controller: DojoSensei
Contact: privacy@dojosensei.com

This Privacy Policy explains how we collect, use, process, and safeguard your personal data when you use our karate class planning application.

2. Personal Data We Collect

We collect and process the following categories of personal data:

  • Account Information: Email address, name, profile details (dojo name, role, belt rank, teaching preferences)
  • Class Plans and Content: Karate class plans, drills, templates, and curriculum data you create
  • Usage Data: How you interact with the application, features used, and performance metrics
  • Authentication Data: If you sign in with Google, we receive your basic profile information (email, name) from Google
  • Communication Data: Messages sent through Sensei chat features (temporarily processed, not stored long-term)
  • Technical Data: IP address, browser type, device information, and access logs

3. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal bases:

  • Contractual Necessity: To provide and maintain the DojoSensei service, save and sync your class plans, and fulfill our terms of service
  • Legitimate Interests: To improve our service, ensure security, prevent fraud, and analyze usage patterns
  • Consent: For optional features like marketing communications (you can withdraw consent at any time)
  • Legal Obligation: To comply with applicable laws and regulations

4. Purposes of Processing

We process your personal data for the following purposes:

  • Providing and maintaining the DojoSensei application and services
  • Saving, syncing, and managing your class plans across devices
  • Providing AI-powered features including Sensei chat assistance
  • Improving and personalizing your user experience
  • Ensuring security and preventing unauthorized access
  • Complying with legal obligations and responding to legal requests
  • Sending important service updates and notifications (essential communications)
  • Analyzing usage patterns to improve our service (anonymized where possible)

5. Data Retention

We retain your personal data only for as long as necessary:

  • Account Data: Retained while your account is active. Deleted within 30 days of account deletion request
  • Class Plans and Content: Retained while your account is active. Deleted when you delete your account
  • Usage Data: Retained for up to 24 months for service improvement purposes, then anonymized
  • Communication Data (Sensei Chat): Processed in real-time, not stored long-term. Temporary logs retained for up to 90 days for security purposes
  • Legal Obligations: Some data may be retained longer if required by law or for legitimate business purposes (e.g., fraud prevention)

6. Data Storage and Security

Your data is stored securely using Supabase (PostgreSQL database) with:

  • Encryption in transit (TLS/SSL) and at rest
  • Row Level Security (RLS) policies ensuring data isolation between users
  • Industry-standard security measures and access controls
  • Regular security audits and monitoring

Your class plans and personal data are private and only accessible to you unless you explicitly choose to share them.

7. Data Transfers and Third-Party Services

We use the following third-party services that may process your data:

  • Supabase (Supabase Inc.): Database and authentication services. Data may be stored in the United States. Supabase is GDPR-compliant and uses Standard Contractual Clauses (SCCs) for data transfers
  • Google (Google LLC): Optional sign-in authentication. Subject to Google's Privacy Policy. Data transfers covered by Google's EU-US Data Privacy Framework certification
  • Vercel (Vercel Inc.): Application hosting. Data transfers covered by Vercel's GDPR compliance measures
  • AI Services (Google Gemini): For Sensei chat features. Conversations are processed but not stored long-term. Subject to Google's data processing terms

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of Access (Article 15): Request a copy of your personal data and information about how it is processed
  • Right to Rectification (Article 16): Request correction of inaccurate or incomplete data
  • Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten"), subject to legal obligations
  • Right to Restrict Processing (Article 18): Request limitation of processing in certain circumstances
  • Right to Data Portability (Article 20): Receive your data in a structured, commonly used format and transmit it to another controller
  • Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing purposes
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Right to Lodge a Complaint (Article 77): File a complaint with your local supervisory authority if you believe your data protection rights have been violated

To exercise these rights, please contact us at privacy@dojosensei.com. We will respond to your request within one month.

9. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or significantly affects you. Our AI-powered features (such as Sensei chat) are designed to assist you but do not make automated decisions about you. You always maintain control over your data and can review, modify, or delete any AI-generated suggestions.

10. Cookies and Tracking Technologies

We use the following types of cookies:

  • Essential Cookies: Required for authentication, session management, and core functionality. These cannot be disabled
  • Functional Cookies: Remember your preferences and settings to enhance your experience

We do not use advertising cookies or third-party tracking cookies. You can manage cookie preferences through your browser settings.

11. Children's Privacy

DojoSensei is designed for karate instructors and adult users (18+). We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@dojosensei.com and we will delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

  • Posting the updated policy on this page
  • Updating the "Last updated" date
  • Sending you a notification if the changes materially affect your rights

Your continued use of DojoSensei after changes become effective constitutes acceptance of the updated policy.

13. Contact Information and Supervisory Authority

For questions, requests, or concerns about this Privacy Policy or your personal data, please contact us:

Email: privacy@dojosensei.com

If you are located in the European Economic Area (EEA) and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority. You can find your supervisory authority at https://edpb.europa.eu.