Last updated: June 20, 2026 — v1.4
The data controller for personal data processing is Mare Media Srl, operator of the PandaCoco app.
For any privacy-related requests, you can write to us at:
canyonlabs@gmail.com
| Data | Purpose |
|---|---|
| Registration, login, service communications | |
| First and last name | Profile personalization |
| Username | Identification in the leaderboard |
| Password | Authentication (stored as a hash, never in clear text) |
| Data | Purpose |
|---|---|
| Learning progress (level, XP, completed hanzi) | App functionality, leaderboard |
| Answers to the initial survey (motivation, age, interests, daily goal) | Learning path personalization |
| Streak, lives, saved flashcards | Gameplay mechanics |
| Data | Purpose |
|---|---|
| IP address | Security, abuse prevention |
| Push notification token | Sending notifications (only if authorized) |
Your username, active title, and XP score are visible to other users in the public leaderboard. You can change your username and title at any time from your profile.
To deliver the service, we rely on the following providers:
| Service | Provider | Data shared | Location |
|---|---|---|---|
| Database and authentication | Supabase | All account data | EU / US |
| Payments (iOS) | Apple (App Store) | Handled by Apple | US |
| Payments (Android) | Google (Play Store) | Handled by Google | US |
| Subscription management | RevenueCat | User ID, subscription status | US (SCC) |
| Transactional emails | Resend | Email, name | EU (Ireland) |
| Push notifications | OneSignal | Device token, IP | US (SCC) |
| Social login | Google Sign-In | Email, name (from Google) | US (SCC) |
| Analytics (web and app, only with consent) | PostHog | Pseudonymized usage events (user ID; no personal data) | EU (Frankfurt) |
| AI Tutor (Coco) | OpenAI (GPT API) | Conversation messages | US (SCC) |
"SCC" indicates that the transfer is covered by Standard Contractual Clauses approved by the European Commission.
Subscription payments are made exclusively through the native apps on App Store (Apple) or Google Play (Google), depending on your device. We never store your credit card data on our servers: it is handled directly by the store you use. For the technical management of subscriptions we rely on RevenueCat, which receives an anonymous identifier and your subscription status (active/expired). You can manage or cancel your subscription at any time from your App Store or Google Play account settings.
Push notifications are optional. You can enable or disable them at any time from your device settings. We use OneSignal to send them. The device token is stored by OneSignal for notification delivery.
PandaCoco uses PostHog (EU server, Frankfurt) for usage analytics, both on the website and in the native iOS and Android apps, only with your explicit consent. Analytics is off by default: no event is sent without your opt-in.
What we collect: usage events (e.g. lesson started/completed, screens viewed, purchase started) tied to a pseudonymous identifier (user ID). We do not send personal data: no email, no name, no free text, no Coco tutor messages.
We do not use autocapture, session recording (session replay is disabled), or any advertising identifier. We do not perform cross-app or cross-site tracking. Data stays in the EU and is not shared with third parties for advertising purposes.
Managing consent: on first access in the app (or via a banner on the website) you can accept or reject. You can change your mind at any time from Profile > Settings > Privacy & data. If you reject or withdraw, no analytics data is collected.
News emails (marketing): separately, you can choose whether to receive emails about new courses and features. It is off by default and can be enabled or revoked from the same Privacy & data screen.
PostHog acts as a data processor pursuant to Art. 28 GDPR. For more information: PostHog Privacy Policy.
PandaCoco includes Coco, a Chinese tutor based on artificial intelligence. Coco is a generative AI, not a human teacher.
When you use Coco, the messages you send are transmitted to the following AI service to generate responses:
Conversations with Coco are not saved on our servers. They are kept only in memory during the session and deleted when the chat is closed. OpenAI may temporarily retain data according to its own data retention policy (typically 30 days for security and abuse prevention purposes).
Do not share sensitive personal data (health, financial data, identity documents) in the chat with Coco. Messages are processed by third-party services.
You have the right to:
To exercise these rights, write to canyonlabs@gmail.com. We will respond within 30 days.
You also have the right to lodge a complaint with your national Data Protection Authority (in Italy: www.garanteprivacy.it).
PandaCoco is an educational app accessible to everyone. However, under the GDPR and Italian law (Legislative Decree 196/2003, as amended by Legislative Decree 101/2018), the processing of personal data of minors under 14 years old requires the consent of a parent or legal guardian.
To make purchases (Premium subscriptions), users must be at least 18 years old, or proceed with the consent and under the supervision of a parent or legal guardian. Acceptance of this condition is required before every purchase.
Payments are processed by Apple (App Store) or Google (Play Store) and we do not store credit card data. In the event of a purchase made by a minor without authorization, the parent or guardian may request a refund by contacting us at canyonlabs@gmail.com.
We reserve the right to update this policy. In case of substantial changes, we will inform you via in-app notification or email. Continued use of the service after the change implies acceptance of the new policy.
For any privacy-related questions, write to:
canyonlabs@gmail.com