Privacy Policy

1. Introduction

ZAWA SYSTEM, the operator of YomiAI ("the App"), respects your privacy. The App is a news reader for subscribing to and reading RSS / Atom feeds. It provides AI-powered recommendation, summarization, and classification features (Pro plan) based on your interest tags and reading history to deliver more relevant articles, as well as on-device features such as translation, full-text search, and morning local notifications that run entirely on your device. This policy explains how the App handles personal information.

2. Account Information

The App uses Firebase Authentication and requires sign-in with a Google account or an Apple account. Through this sign-in, the following information is recorded on the operator's servers:

• User identifier (Firebase UID)
• Display name
• Email address (including private relay addresses provided by Sign in with Apple)
• Sign-in provider type (Google / Apple)

The Operator does not directly obtain or retain passwords or other authentication credentials.

3. Information Handled by the App

The App collects and uses the following information to provide and improve the service. We list separately the data sent to the operator's servers and the data that is processed entirely on your device.

Stored on the operator's servers (Firebase)

• Subscribed feed data: URL, title, site URL, icon URL, and category of RSS / Atom feeds you register
• Bookmarks and categories: Bookmarks and categories you create within the App
• Reading history: Article ID, feed ID, article title, feed title, feed category, read timestamp, read duration, and bookmark state. To improve AI recommendation quality, this data is append-only and is not modified or deleted directly on the server.
• Interest tags: Interest categories (an array of tag IDs) you select in the Settings screen or in the onboarding screen shown after your first sign-in
• Interest profile: Per-category and per-keyword interest scores automatically constructed by Cloud Functions from your reading history. Used solely for the AI recommendation feature.
• Daily digest: Topic-clustered article summaries generated by AI (topic title, summary, referenced article IDs, etc.). Only stored if generated under a Pro plan, and retained for a defined period (30-day history).
• Subscription status: Pro plan status, expiration, and customer ID at RevenueCat
• Usage analytics (Firebase Analytics): Service-improvement data such as launch count, screen navigation, and feature usage. Includes pseudonymous identifiers assigned by Firebase (e.g., App Instance ID).
• Crash reports (Firebase Crashlytics): Technical information needed to diagnose crashes (device model, OS version, stack trace, etc.)
• Abuse-prevention information: Information used by Firebase App Check and the Android Play Integrity API to verify request authenticity (including device and app integrity attestations)
• Advertising data (Free plan only): Identifiers used by Google AdMob to deliver advertisements (e.g., IDFA / AAID)
• Device information: OS version, language setting, screen size, etc.
• Bug reports: Reports submitted by users when full-content display is broken (user ID, article ID). Automatically deleted after 90 days under a Firestore TTL policy.

Article bodies, images, and other content may be cached on the server as a shared cache fetched from the source RSS feed; such data does not personally identify any user.

Processed only on your device (not transmitted to the operator's servers)

• Text targeted for on-device translation: When you tap the translate button, the article body, title, and related text are processed on your device by Apple's Translation API (iOS 18+) or Google's ML Kit Translation (Android). Both the source text and the translated result remain on your device and are not transmitted to the operator's servers.
• Full-text search index: An index built from article titles, bodies, and feed names is stored only on your device (SQLite).
• Daily local-notification settings: Whether notifications are enabled and the notification time are managed entirely on your device. No server-side push (FCM) is used.
• Engagement counters for the store-review prompt: Launch count, articles read, bookmarks added, first-launch date, last-shown date, and decline count are kept on your device (SharedPreferences) solely to decide whether to show the OS-native store-rating dialog to sufficiently engaged users. These counters are not transmitted to the operator's servers. (However, the fact that the user selected "I love it," "Needs improvement," or similar in the OS-native rating dialog may be recorded anonymously as Firebase Analytics events for product improvement.)
• Home-screen widget cache: Articles displayed by the home-screen widget are stored in the App Group shared storage on iOS or in SharedPreferences on Android. This data is used only on the device and is not transmitted to the operator's servers. On iOS, the widget may directly fetch RSS in the background, which communicates with the source RSS sites.
• Biometric data: Biometric authentication data used by the category-lock feature is processed within the device's OS and Secure Enclave and is never transmitted to or stored by the App or the operator's servers (see Section 10).

4. How We Use Information

We use collected information to:

• Provide core App features such as fetching RSS / Atom feeds, displaying articles, managing bookmarks, and full-text search
• Provide on-device translation of article body, title, and related text (processed on device)
• Schedule and present daily local notifications (processed on device)
• Provide article data to home-screen widgets
• Automatically construct an interest profile from interest tags and reading history, and recommend articles and feeds via AI (Pro plan only)
• Automatically categorize uncategorized feeds via AI (Pro plan only)
• Generate AI 3-bullet summaries of articles (Pro plan only)
• Generate the daily digest, which clusters the past 24 hours of subscribed-feed articles into topics (Pro plan only)
• Manage subscriptions and control access to Pro features
• Improve App quality, detect issues, and consider new features by analyzing usage
• Detect abusive use, enforce rate limits, and operate the App safely
• Decide whether to show the OS-native store-rating dialog at appropriate times (processed on device)
• Deliver and optimize advertising on the Free plan
• Accept and investigate bug reports related to full-content article display
• Respond to user inquiries

5. Data Processing in AI Features

The App's AI features (all Pro-only) send the following data through Cloud Functions (asia-northeast1) to Gemini models on Google Cloud Vertex AI (global endpoint; the daily digest uses gemini-2.5-flash and the other features use gemini-3.1-flash-lite) to generate recommendations, rationale text, classifications, summaries, or digests:

• Feed recommendation: Interest tag names, interest profile (category and keyword scores), and an exclusion list of already-subscribed feeds
• Article recommendation: Interest tag names, interest profile, and metadata of articles from subscribed feeds (article ID, title, feed title, category, summary; the summary is truncated to a maximum of 100 characters before transmission)
• Automatic feed categorization: When you run the "Auto-categorize" function, the title and site URL of each uncategorized feed and the list of your existing categories are sent to generate category assignments.
• AI 3-bullet summary: When you tap the summary button on the article detail screen, the article title and body (truncated to a maximum of 6,000 characters before transmission) are sent to generate up to three bullets. Results are not stored on the operator's servers and are cached only on the device (SharedPreferences).
• Daily digest: When you open the digest screen or tap "Generate now," the URLs of your subscribed feeds and the metadata of articles from the past 24 hours (article ID, title, summary, etc.; up to 100 articles) are sent to generate 3-5 clustered topics with summaries. Results are stored in the users/{uid}/digests subcollection for a defined period (30-day history) so you can review them in the App.

Images embedded in articles and information that directly identifies the user (e.g., name, email address) are NOT sent to Vertex AI. Gemini on Vertex AI is governed by Google Cloud's data governance policy: Google Cloud does not use customer data submitted from the App to train its generative AI models. The relationship between the Operator and Google Cloud is subject to Google Cloud's Data Processing Addendum (DPA).

If you do not wish to have an interest profile constructed or to receive AI recommendations, you may delete your interest profile and reading history at any time using the "Reset interest profile" feature on the Interest Profile screen, accessible from the Recommendations screen. The daily digest and 3-bullet summary are not transmitted unless you actively use those features. Server-side processing for the AI features above does not occur unless you subscribe to the Pro plan.

6. Third-Party Services

The App uses the following third-party services:

• Firebase (Google LLC): Authentication, Cloud Firestore, Cloud Functions, Cloud Storage, Hosting, Analytics, Crashlytics, App Check
  Firebase Privacy Information
• Google Cloud Vertex AI (Gemini models) (Google LLC): Generation processing for AI features (feed recommendation, article recommendation, automatic feed categorization, 3-bullet summary, daily digest) — Pro plan only; accessed via Cloud Functions. Google Cloud does not use customer data submitted from the App to train its generative AI models.
  Google Cloud Service Specific Terms / Vertex AI data governance
• RevenueCat (RevenueCat, Inc.): Management of subscription status. Linked to billing data via Firebase UID and synchronized to Firestore through a Firebase Extension.
  RevenueCat Privacy Policy
• Google AdMob (Google LLC): Advertising on the Free plan
  Google Advertising Policies
• Google Sign-In / Sign in with Apple: Authentication providers
• Apple App Store / Google Play Store: App distribution and subscription billing

Please review each service's privacy policy.

7. Cross-Border Data Transfers

Through the third-party services listed in Section 6, user data may be provided to the following third parties located outside Japan:

• Google LLC (United States): Firebase services, Google Cloud Vertex AI (Gemini models, region: us-central1), Google AdMob, Google Sign-In
• RevenueCat, Inc. (United States): Subscription management
• Apple Inc. (United States): Sign in with Apple, App Store billing

For information on the United States personal data protection regime, please refer to the materials published by Japan's Personal Information Protection Commission (https://www.ppc.go.jp/personalinfo/legal/kaiseihogohou/). Each recipient handles personal data at a level equivalent to the requirements of Japan's Act on the Protection of Personal Information (APPI), based on its respective privacy policy and applicable contractual safeguards such as standard contractual clauses (SCC).

8. Security Measures

The Operator takes the following measures to prevent leakage, loss, or damage of personal information and to maintain appropriate security:

• Basic policy: This Privacy Policy publicly discloses the Operator's approach to handling personal information
• Organizational measures: A responsible person for personal information handling is designated, and a dedicated inquiry channel is provided
• Personnel measures: Personnel who handle personal information are required to comply with this Policy
• Technical measures: Access restriction to the user's own data via Firestore Security Rules, identity verification via Firebase Authentication, defense-in-depth Pro-plan checks in Cloud Functions, request authenticity verification via Firebase App Check and the Android Play Integrity API, TLS encryption for data in transit, and least-privilege access controls on Firebase
• Physical measures: User data is stored in data centers managed by Firebase (Google Cloud)
• Awareness of foreign environments: As stated in Section 7, where personal data is entrusted to a foreign third party (in the United States), the Operator confirms the personal data protection regime of the relevant country and the contractual safeguards in place

9. Data Storage and Deletion

• Account information, subscribed feeds, bookmarks, categories, interest tags, interest profile, and reading history are retained on the operator's servers (Firebase) for as long as your account exists.
• The shared article cache (the articles collection) is automatically deleted after 7 days under a Firestore TTL policy.
• Daily digest results are automatically deleted under a Firestore TTL policy: 30 days for the Pro plan and 7 days for the Free plan (which does not generate digests in principle).
• Cached data such as article bodies can be removed from your device using the "Clear cache" feature in the Settings screen.
• When you use the "Delete user data" feature in the Settings screen, all data on the operator's servers associated with your account (subscribed feeds, bookmarks, categories, reading history, interest tags, interest profile, digest history, etc.) is deleted promptly, and you are automatically signed out.
• Records related to subscription transactions may be retained for the period required by applicable laws (e.g., the Japanese Act on Preservation of Electronic Records).

10. Biometric Authentication

The category lock feature can use your device's biometric authentication (Face ID / Touch ID / fingerprint, etc.). Biometric data is processed within the device's OS and Secure Enclave and is never transmitted to or stored by the App or the operator's servers.

11. Advertising and App Tracking Transparency (iOS)

The App displays advertisements provided by Google AdMob to Free plan users. On iOS, if the App accesses the advertising identifier (IDFA), an App Tracking Transparency (ATT) prompt is shown the first time you launch the App. You may decline; all features remain fully usable, but ads may be less personalized. No advertisements are shown when you subscribe to the Pro plan.

12. Profiling and Automated Decision-Making

The AI recommendation feature automatically constructs an interest profile from your interest tags and reading history and generates recommendations. Such recommendations only present articles or feeds and do not produce legal effects concerning you. If you wish to stop profiling, you can use the "Reset interest profile" feature on the Interest Profile screen (accessible from the Recommendations screen), or cancel the Pro plan.

13. Children's Privacy

The App is not primarily intended for children under 13, and we do not knowingly collect personal information from anyone under 13. Minors aged 13 or older but under 18 should use the App only with the consent of their parent or legal guardian. If we learn that a user is under 13, we will promptly delete that user's personal information.

14. Cookies

The App (the mobile application) does not use cookies. Web sites associated with the App (including this page and the landing page) likewise do not use cookies in principle and do not set any cookies for analytics or advertising tracking. Cookies that are operationally required by infrastructure services such as Firebase Hosting may occasionally be issued.

15. Your Rights (Disclosure, Correction, Suspension of Use)

Under Japan's Act on the Protection of Personal Information (APPI), you may request notification of the purpose of use, disclosure, correction, addition or deletion of content, suspension of use or erasure, and suspension of third-party provision of retained personal data held by the Operator.

Please submit your request to the contact email below. The Operator will verify that the requester is the data subject or their authorized representative by reasonable means, and will respond promptly in accordance with the APPI and other applicable laws.

Major data such as subscribed feeds, bookmarks, interest tags, and reading history can be reviewed at any time within the App. You can also delete data on the operator's servers yourself using the "Delete user data" feature in the Settings screen. For information collected by Firebase Analytics, AdMob, and similar services, you may need to use the opt-out mechanisms provided by the respective service providers (e.g., Google account ad settings, iOS App Tracking Transparency, Android advertising ID reset).

16. Changes to This Policy

This policy may be updated. Material changes will be announced through in-app notification or by updating this page. Changes take effect upon posting on this page.

17. Contact and Complaints

For privacy inquiries, requests for disclosure or the like, and complaints, please contact us at:

Operator: ZAWA SYSTEM
Email: info@zawasystem.com

If you are not satisfied with the Operator's response regarding the handling of your personal information, you may also consult Japan's Personal Information Protection Commission (https://www.ppc.go.jp/en/).