KorVoca Privacy Policy

Last Updated: May 8, 2026

KorVoca is built with a privacy-first approach. We use Firebase Anonymous Authentication to securely proxy your AI queries without requiring any personally identifiable information.

                    【We collect】
                    Anonymous device identifier (Firebase UID)
Your search queries (text you type, sent to OpenAI for AI lookup)

                    【We don't collect】
                    Name, email, phone, location
Advertising identifiers (Pro tier only — Freemium users see ads via AdMob)
OS permission data (contacts, photos, mic, camera)

Third Parties

Firebase (Google) — Anonymous Auth + Cloud Functions hosting
OpenAI — GPT-4o mini API for vocabulary lookup (queries forwarded via Firebase Cloud Functions)
AdMob (Google Mobile Ads SDK) — We use Google's AdMob SDK to deliver advertisements to users on the free (Freemium) tier. AdMob may collect the device's advertising identifier (IDFA on iOS, AAID on Android), device information, and approximate location. On iOS, personalized vs. non-personalized ad serving is gated by the user's App Tracking Transparency (ATT) consent. For details on Google's data handling, see the Google Privacy Policy. Pro-tier subscribers do not see ads, and no data is transmitted to AdMob for these users.
App Store / Google Play (In-App Purchases) — Pro subscription transactions are processed by Apple App Store (iOS) or Google Play (Android). KorVoca does not process payments and never receives or stores credit card information, payment methods, or billing addresses. After a successful purchase, we receive the transaction identifier, product ID (e.g., korvoca_pro_monthly), subscription expiry timestamp (proUntil), and environment (Sandbox vs. Production) from Apple/Google to grant entitlement. This information is verified by our Cloud Functions (using Apple's App Store Server Library) and stored in Firestore alongside the anonymous user identifier. Refund, cancellation, and renewal-failure events are received via Apple Server Notifications V2 / Google Real-time Developer Notifications and synchronized to keep entitlement state current.

AI Data Processing (Third-Party AI Processing)

For its vocabulary-lookup feature, KorVoca processes your search queries as follows.

Data transmitted

The word or expression you enter in the search bar (e.g., "안녕하세요", "chair").
Your configured native-language code (e.g., "ko", "en") and TOPIK learning level.

Where it is sent

Firebase Cloud Functions operated by Google LLC (server region: asia-northeast3, Seoul).
From within Firebase Cloud Functions, the query is forwarded to the Google Gemini API to perform vocabulary analysis.

When data is sent & user consent

Explicit consent for data transmission is obtained the first time you use the in-app search feature.
Without consent, the AI-based vocabulary analysis feature is unavailable; only previous search results saved in the local cache can be viewed.
Consent can be withdrawn at any time from the app's Settings screen.

Third-party protection level

Google Firebase and the Google Gemini API operate under Google's privacy policy and data-processing terms (https://firebase.google.com/support/privacy), providing a level of personal-data protection equivalent to KorVoca's.
Transmitted search queries are used solely to generate vocabulary-analysis responses. Google Cloud's Enterprise data-protection policy is applied so that the queries are not used by Google to train AI models.

Storage

Search results are stored only in the on-device local database (SQLite).
They are not permanently stored on KorVoca servers or Google servers in any form linked to user-identifying information.

Where data lives

Locally on your device: flashcards, SRS state, search history (SQLite/Drift)
On Firebase: Anonymous UID only
On OpenAI: query text up to 30 days (per OpenAI API data usage policy)

Your rights

Delete app = delete all local data instantly
Email us to delete your Anonymous UID

For full details, please read our detailed privacy policy.