Tomyo
Tomyo

Privacy Policy

This document explains what data Tomyo collects when you use the website and app, how that data is processed and stored, and what rights users have.

Last updated: March 7, 2026Service: tomyo.app

1. Introduction

Tomyo ("we", "our", "us") respects your privacy and is committed to protecting users' personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use the Tomyo website and mobile app.

By using our service, you agree to the terms of this Privacy Policy.

2. Information We Collect

We collect the following categories of information:

2.1. Contact information

  • Email: the email address used to create and manage your account.
  • Username: the name or nickname you provide in your profile, if any.

2.2. Identifiers

  • User ID: a unique identifier for your user account in our system.
  • Device ID: a mobile-device identifier where required by the platform.
  • IP address: used for security, diagnostics, and abuse prevention.

2.3. User content

  • Learning data: vocabulary, progress, answers, exercises, journal entries, and other materials related to learning.
  • Quotes, notes, and reviews: text content that you create in the app.
  • Collections and library: information about books, collections, tags, and reading statuses.
  • Progress: learning history, review metrics, journal data, and user settings.

2.4. Usage and diagnostic data

  • Technical data: browser type, device, operating system, and app version.
  • Usage data: statistics about how service features are used.
  • Crash data: error and crash information used to improve service stability.

2.5. Data from third parties

  • Google Sign-In: email address, profile name, and related identifiers if you choose to sign in with Google.
  • Apple Sign In: email address, including private relay email, and name if provided by Apple.
  • Google Books API: publicly available book information such as covers, descriptions, and authors.

3. Purposes and Legal Bases for Processing

We process data for the following purposes and legal bases:

3.1. Performance of a contract

  • Creating and managing your account.
  • Storing your library, notes, vocabulary, and progress.
  • Synchronizing data across devices.
  • Providing app features and related integrations.

3.2. Legitimate interests

  • Securing the service and preventing fraud or abuse.
  • Improving functionality and user experience.
  • Analyzing usage to develop the product.
  • Providing technical support and diagnostics.

3.3. Consent

  • Using cookies for authentication and preferences.
  • Sending notifications and messages where you have consented to them.

3.4. Legal compliance

  • Complying with legal obligations.
  • Responding to lawful requests from public authorities.

4. Data Storage and Security

4.1. Storage infrastructure

Data is stored in Supabase infrastructure based on PostgreSQL and related authentication and file-storage services.

  • Database: Supabase PostgreSQL.
  • File storage: Supabase Storage.
  • Authentication: Supabase Auth.

4.2. Security measures

  • Data transmission over HTTPS/TLS.
  • Restricted access to data and service keys.
  • Row Level Security (RLS) for user-owned data.
  • JWT tokens with limited lifetimes.
  • Infrastructure and security-event monitoring.

4.3. Retention periods

  • Account data: retained while the account is active or as needed to provide the service.
  • User content: retained until deleted by the user or until account deletion.
  • Access and security logs: retained for a limited period for diagnostics and security.

5. Sharing Data with Third Parties

We do not sell or rent personal data to third parties. Data may be shared only to the extent necessary to operate the service.

5.1. Service providers

  • Supabase: database, authentication, and file storage.
  • Google Books API: searching for and loading book information.
  • Google Sign-In: authentication through a Google account.
  • Apple Sign In: authentication through an Apple account.

5.2. Legal requirements

We may disclose data if required by law, court order, or another mandatory legal request.

6. User Rights and Data Management

Depending on your jurisdiction, you may have rights to access, correct, export, delete, restrict processing of, or withdraw consent for your data.

6.1. Access and correction

You can update basic account information in the app interface or by request.

6.2. Data export

You can request an export of your data in a machine-readable format by writing to sendmail@tomyo.app.

6.3. Account deletion

You can delete your account and related data in the app or send a request from your registered email address to sendmail@tomyo.app.

  • After deletion, the account will be deactivated.
  • User data will be deleted within the capabilities of the infrastructure.
  • Some anonymized technical records may be retained for security and statistics.

7. Cookies and Similar Technologies

We use cookies and similar mechanisms for authentication, saving preferences, and ensuring that the website works correctly.

  • Necessary cookies: required for sign-in and core functionality.
  • Functional cookies: help save language and interface settings.
  • Analytics cookies: may be used to improve the service.

8. International Data Transfers

Data may be processed on servers outside your country of residence, including the United States and countries of the European Union, depending on infrastructure configuration and providers used.

9. Children and Privacy

The service is not intended for children under 13 years old, or another minimum age set by applicable law. If you believe a child has provided us with data without proper consent, contact us at sendmail@tomyo.app.

10. Changes to This Policy

We may update this Privacy Policy. If changes are material, we will try to notify users through the website, app, or email.

11. Contact Information

If you have questions about privacy or data processing, contact us:

  • Email: sendmail@tomyo.app
  • Official website: https://tomyo.app
  • Privacy Policy: https://tomyo.app/en/privacy
  • Terms of Service: https://tomyo.app/terms

We try to respond to requests within a reasonable time.