Privacy Policy

Zhongwen.id ("Zhongwen.id", "we", "us", or "our") is a Mandarin-learning service. We help you learn Mandarin through karaoke-style synced song lyrics — showing Hanzi, Pinyin, Indonesian, and English on each line — and through HSK 1–9 flashcards with native-speaker audio, stroke-order animations, and worked example sentences.

You can reach our service on the web at https://www.zhongwen.id and through our mobile app on iOS and Android ("Belajar Mandarin - Zhongwen.id").

Our primary audience is in Indonesia. This Policy and our handling of personal data are governed by the laws of the Republic of Indonesia, including Indonesia's Personal Data Protection Law (UU No. 27 Tahun 2022 tentang Pelindungan Data Pribadi — the "PDP Law").

We collect the data described below so we can run the Service, keep your account secure, and improve your learning experience. The table summarizes the main categories, followed by more detail.

Account data. When you register, you provide an email and password. Your password is hashed with bcrypt and is never stored in plaintext. If you sign in with Google or Apple, we may also receive a display name and avatar URL from those providers.

Learning progress. If you use the Service as a guest, your progress is stored locally on your device. When you sign in, that local progress is merged into your account so nothing is lost.

Usage & device data. We record usage and device information for both signed-in users and guests. The approximate location (country/city) is derived from your IP address by our hosting provider; we do not collect precise GPS location.

Payment data. We do not store full card or bank-account numbers. Those details are handled directly by our payment providers.

We use your personal data to:

• Create, secure, and manage your account, and sign you in across web and mobile;
• Verify your email address and let you reset your password via emailed tokens;
• Save and sync your learning progress, including merging guest progress when you sign in;
• Process payments and unlock Premium features such as full HSK 1–9 access, the full song library, all lyric lines, and removal of the short pre-song ad;
• Send transactional emails such as verification, password reset, receipts, and reminders;
• Operate, maintain, debug, and secure the Service, including detecting and preventing abuse and fraud;
• Understand how the Service is used so we can improve it (product analytics); and
• Comply with our legal, tax, and accounting obligations under Indonesian law.

We use a small number of cookies and browser local-storage entries. The most important is "manify_session", a secure httpOnly cookie that keeps you logged in for about 30 days; only a hashed form of the session token is stored on our servers. We also use "manify_oauth_state" for CSRF protection during Google sign-in (about 10 minutes, deleted right after sign-in), and local-storage entries that remember your preferences ("manify-settings") and guest learning progress.

Mobile apps use the device's secure storage and preferences instead of browser cookies; the session token is kept in the device's secure keychain.

For the full list of cookies, what they do, and how long they last, please see our separate Cookie Policy.

We do not sell your personal data. We share data only with the service providers (processors) that help us run Zhongwen.id, and only as needed for the purposes described here. These include:

• Neon — cloud PostgreSQL database hosting, which stores account and app data;
• Vercel — web hosting and media/object storage; it also supplies the IP and geo request headers we log;
• Google — Google Sign-In (OAuth) and Google Play Billing validation;
• Apple — Sign in with Apple and App Store In-App Purchase validation;
• Duitku — payment processing for purchases made on the website;
• YouTube — the embedded video player used to play song videos; when you play a video, YouTube/Google may receive your IP address and set their own cookies, governed by Google's privacy policy;
• LRCLIB — an open lyrics database we query by song title and artist to fetch lyrics; no account data is sent;
• Google Gemini AI — used to translate song lyrics; it processes lyric text only, not your account data;
• Email/SMTP provider — sends transactional email (verification, password reset, receipts, reminders) and receives the recipient's email address and the message content.

Our fonts are self-hosted, so there are no runtime calls to Google Fonts. The mobile app fetches stroke-order drawing data from a public CDN (jsDelivr) with no user data attached.

We may also disclose data where required by law, to enforce our terms, or to protect the rights, safety, and security of our users and the Service.

Premium can be purchased through different channels depending on your platform:

• Web: Duitku, an Indonesian payment gateway (for example QRIS or bank transfer);
• iOS: Apple In-App Purchase, validated server-side with Apple;
• Android (Play Store build): Google Play Billing, validated server-side.

Premium is available as a Lifetime plan (Rp 99,000 one-time) or a Monthly plan (Rp 19,000). We store payment records such as the order reference, plan, amount, currency, payment method, the gateway's transaction reference, status, and timestamps. We do not store full card or bank-account numbers — those are handled entirely by the payment provider.

Analytics are optional and OFF by default. We use them only if the operator chooses to enable them. If enabled, the providers that may be used are Google Analytics 4 / Google Tag Manager, Meta (Facebook) Pixel, TikTok Pixel, and Microsoft Clarity. When active, these providers may set their own cookies (for example Google Analytics' _ga and _gid).

We keep your account data until you delete your account or ask us to delete it. Logs and usage events are kept for a limited period for security and product analytics. Payment records are retained for as long as required by Indonesian tax and accounting law.

Under Indonesia's PDP Law, you have the right to:

• Access your personal data;
• Rectify (correct) inaccurate or incomplete data;
• Erase or delete your data;
• Withdraw consent you previously gave;
• Object to or restrict certain processing;
• Data portability; and
• Lodge a complaint with the relevant authority.

To exercise any of these rights, including requesting deletion of your account, email us at zhongwenindonesia@gmail.com. We may need to verify your identity before acting on a request.

We take reasonable steps to protect your data. Passwords are hashed with bcrypt, session tokens are stored only in hashed form, and data is encrypted in transit using HTTPS. Mobile apps store the session token in the device's secure keychain. No method of transmission over the Internet or method of storage is 100% secure, so we cannot guarantee absolute security.

Some of our processors — such as Neon, Vercel, Google, and Apple — operate servers outside Indonesia. As a result, your data may be processed abroad. Where this happens, we rely on appropriate safeguards to protect your data consistent with the PDP Law.

The Service is not directed to children under 13. Minors should use Zhongwen.id only with the consent and supervision of a parent or guardian. If you believe a child has provided us with personal data without appropriate consent, please contact us so we can address it.

The Service includes content and integrations from third parties — most notably the embedded YouTube player used to play song videos. When you interact with these, the third party may collect data and set its own cookies under its own privacy policy. For example, playing a YouTube video means YouTube/Google may receive your IP address. We encourage you to review the privacy policies of any third-party services you use through Zhongwen.id.

We may update this Privacy Policy from time to time as our Service or legal obligations change. When we do, we will revise the "Effective / Last updated" date at the top of this page. We encourage you to review this Policy periodically.

If you have any questions, requests, or concerns about this Privacy Policy or how we handle your personal data, please contact us at zhongwenindonesia@gmail.com.