Last updated: March 15, 2026 — v1.3
The data controller for personal data processing is Canyon Labs, operator of the PandaCoco app (company website: canyonlabs.it).
For any privacy-related requests, you can write to us at:
canyonLabs@gmail.com
| Data | Purpose |
|---|---|
| Registration, login, service communications | |
| First and last name | Profile personalization |
| Username | Identification in the leaderboard |
| Password | Authentication (stored as a hash, never in clear text) |
| Data | Purpose |
|---|---|
| Learning progress (level, XP, completed hanzi) | App functionality, leaderboard |
| Answers to the initial survey (motivation, age, interests, daily goal) | Learning path personalization |
| Streak, lives, saved flashcards | Gameplay mechanics |
| Data | Purpose |
|---|---|
| IP address | Security, abuse prevention |
| Push notification token | Sending notifications (only if authorized) |
Your username, active title, and XP score are visible to other users in the public leaderboard. You can change your username and title at any time from your profile.
To deliver the service, we rely on the following providers:
| Service | Provider | Data shared | Location |
|---|---|---|---|
| Database and authentication | Supabase | All account data | EU / US |
| Payments (iOS) | Apple (App Store) | Handled by Apple | US |
| Payments (Android) | Google (Play Store) | Handled by Google | US |
| Subscription management | RevenueCat | User ID, subscription status | US (SCC) |
| Transactional emails | Brevo (Sendinblue) | Email, name | EU (France) |
| Push notifications | OneSignal | Device token, IP | US (SCC) |
| Social login | Google Sign-In | Email, name (from Google) | US (SCC) |
| Analytics | PostHog | Anonymized interactions, session replay (masked) | EU (Frankfurt) |
| AI Tutor (Coco) | Anthropic (Claude API) | Conversation messages | US (SCC) |
| AI Tutor (Coco, fallback) | OpenAI (GPT API) | Conversation messages | US (SCC) |
"SCC" indicates that the transfer is covered by Standard Contractual Clauses approved by the European Commission.
Subscription payments are made exclusively through the native apps on App Store (Apple) or Google Play (Google), depending on your device. We never store your credit card data on our servers: it is handled directly by the store you use. For the technical management of subscriptions we rely on RevenueCat, which receives an anonymous identifier and your subscription status (active/expired). You can manage or cancel your subscription at any time from your App Store or Google Play account settings.
Push notifications are optional. You can enable or disable them at any time from your device settings. We use OneSignal to send them. The device token is stored by OneSignal for notification delivery.
PandaCoco uses PostHog (EU server, Frankfurt) for analytics and session recordings. The data collected includes: pages visited, clicks, interactions with app features. Session recordings automatically mask all text and input to protect your privacy.
Analytics cookies are optional: on first access you are asked whether to accept or reject them. You can change your preference at any time from Profile > Settings > Analytics Cookies. If you refuse, no analytics data is collected.
No analytics data is shared with third parties. PostHog acts as a data processor pursuant to Art. 28 GDPR. For more information: PostHog Privacy Policy.
PandaCoco includes Coco, a Chinese tutor based on artificial intelligence. Coco is a generative AI, not a human teacher.
When you use Coco, the messages you send are transmitted to the following AI services to generate responses:
Conversations with Coco are not saved on our servers. They are kept only in memory during the session and deleted when the chat is closed. Anthropic and OpenAI may temporarily retain data according to their own data retention policies (typically 30 days for security and abuse prevention purposes).
Do not share sensitive personal data (health, financial data, identity documents) in the chat with Coco. Messages are processed by third-party services.
You have the right to:
To exercise these rights, write to canyonLabs@gmail.com. We will respond within 30 days.
You also have the right to lodge a complaint with your national Data Protection Authority (in Italy: www.garanteprivacy.it).
PandaCoco is an educational app accessible to everyone. However, under the GDPR and Italian law (Legislative Decree 196/2003, as amended by Legislative Decree 101/2018), the processing of personal data of minors under 14 years old requires the consent of a parent or legal guardian.
To make purchases (Premium subscriptions), users must be at least 18 years old, or proceed with the consent and under the supervision of a parent or legal guardian. Acceptance of this condition is required before every purchase.
Payments are processed by Apple (App Store) or Google (Play Store) and we do not store credit card data. In the event of a purchase made by a minor without authorization, the parent or guardian may request a refund by contacting us at canyonLabs@gmail.com.
We reserve the right to update this policy. In case of substantial changes, we will inform you via in-app notification or email. Continued use of the service after the change implies acceptance of the new policy.
For any privacy-related questions, write to:
canyonLabs@gmail.com