Kotomo logo
Kotomo ことばのともだち
日本語

Kotomo Privacy Policy

Last updated 2026-05-27

Operator Information

Operator: SPI Co., Ltd. (SPI株式会社)
Address: Yoshino Daiichi Building 7F, 1-6-3 Nihonbashi Bakurocho, Chuo-ku, Tokyo 103-0002, Japan
Public URL: https://kotomo.app/en/privacy
ISMS Certification: ISO/IEC 27001:2022 (Registration No. J0747)
Corporate Privacy Policy: https://spi-jp.com/privacy

Article 1 (Basic Policy)

We recognize that protecting all personal information handled by the Company is an important social responsibility. We comply with laws and regulations concerning personal information, guidelines established by the government, and other applicable standards, and we respect the rights of individuals.

We acquire, use, and provide personal information only to the extent necessary for legitimate business purposes, and we do not handle personal information beyond the scope necessary to achieve the specified purposes of use. We also take measures to prevent use for any purpose other than those specified.

We implement reasonable and appropriate security control measures against risks such as leakage, loss, damage, unauthorized access, and other incidents involving personal information, and we continuously work to improve our personal information protection system.

We respond promptly, sincerely, and appropriately to complaints and inquiries concerning the handling of personal information.

This Privacy Policy explains how SPI Co., Ltd. (“we,” “us,” or the “Company”) handles personal information and other information in connection with the Japanese-language learning support service “Kotomo” (the “Service”). For the Company’s general Personal Information Protection Policy, please refer to the official website of SPI Co., Ltd.

Article 2 (Information We Collect)

We may collect the following information to the extent necessary to provide the Service:

  1. Account information: email address, login information, display name, information required for authentication, identifiers provided through social login, and similar information
  2. Information related to guest use: identifiers issued for guest use, usage history, and information linked to the device or application
  3. Learning information: learning history, practice results, scores, learning level, registered learning materials, text entered by the user, learning settings, ranking-related information, and similar information
  4. Voice information: voice data recorded or entered by users through pronunciation practice, reading aloud, shadowing, repeat practice, and similar activities, as well as voice analysis results
  5. Information related to AI functions: text entered by users, conversation content, generated outputs, and similar information when using AI chat, learning material generation, text generation, conversation support, and other AI-based functions
  6. Usage and device information: device information, operating system, app version, access logs, operation history, error logs, crash logs, IP address, and other technical information
  7. Inquiry information: name, email address, inquiry details, information required for identity verification, and information related to requests for cancellation or account deletion
  8. Payment-related information: if paid features are provided, purchase status, payment results, subscription status, and similar information provided by app distribution platforms or payment service providers. We may not directly collect credit card numbers or similar payment card information.

Article 3 (How We Collect Information)

We collect the information described in the preceding Article through user registration, login, registration of learning materials, recording, pronunciation practice, use of AI functions, inquiries, cancellation requests, and records of app usage.

We may also automatically collect usage information, device information, and similar information through the app or servers for the purpose of operating the Service, improving quality, responding to failures, and ensuring security.

Article 4 (Purposes of Use)

We use the information we collect within the scope necessary to achieve the following purposes:

  1. To provide the Service, verify users, manage accounts, and perform login authentication
  2. To provide pronunciation practice, pronunciation assessment, voice analysis, audio playback, display of learning results, and management of learning history
  3. To provide AI chat, learning material generation, text generation, conversation support, and other learning support functions
  4. To store, display, edit, and delete learning materials, voice data, learning history, and other information registered by users
  5. To respond to inquiries, cancellation and account deletion requests, bug reports, and similar communications
  6. To improve the quality of the Service, analyze usage, improve features, investigate failures, and ensure security
  7. To prevent, investigate, and respond to violations of terms, unauthorized use, nuisance behavior, and security issues
  8. To notify users of maintenance, important announcements, feature changes, and changes to the Terms of Use or this Privacy Policy
  9. To respond to requests from laws, regulations, administrative agencies, or other competent authorities
  10. To fulfill purposes incidental to the purposes described above

Article 5 (Handling of Voice Data and AI Functions)

In the Service, we may process voice and text entered or recorded by users for purposes such as pronunciation assessment, voice analysis, audio playback, and AI-based learning support.

We handle such information only to the extent necessary to provide the Service, improve quality, investigate failures, and operate the Service securely.

Without the user’s consent, we will not use recorded voice data for voiceprint identification, voice cloning, sale to third parties, or any purpose unrelated to the Service.

When using AI functions, users should avoid entering personal information or information that may infringe the rights of third parties.

Article 6 (External Services and Service Providers)

For purposes such as providing, operating, maintaining, storing data for, authenticating users of, processing voice for, providing AI functions for, analyzing, responding to failures for, ensuring the security of, distributing the app for, and processing payments for the Service, we may outsource all or part of our operations to, or use services provided by, cloud service providers, AI-related service providers, voice processing service providers, analytics and error monitoring service providers, app distribution platform providers, payment service providers, and other external service providers.

We require external service providers to handle information only to the extent necessary to achieve the relevant purposes of use, and we exercise necessary and appropriate supervision in accordance with laws and regulations concerning personal information protection and the purpose of this Privacy Policy.

In connection with the use of external services, user information may be processed or stored on servers located outside Japan or by service providers located outside Japan. In such cases, we will take necessary security control measures in accordance with applicable laws and regulations.

Article 7 (Provision to Third Parties)

Except in the following cases, we will not provide personal information to any third party without obtaining the user’s prior consent:

  1. When required by laws or regulations
  2. When necessary to protect the life, body, or property of a person and it is difficult to obtain the user’s consent
  3. When especially necessary for improving public health or promoting the sound development of children and it is difficult to obtain the user’s consent
  4. When cooperation with a national government agency, local public authority, or a person entrusted by either of them is necessary, and obtaining the user’s consent may interfere with the performance of such public duties
  5. When all or part of the handling of personal information is entrusted to a service provider within the scope necessary to achieve the purposes of use
  6. When personal information is provided in connection with business succession due to merger, company split, business transfer, or other similar reasons

Article 8 (Security Control Measures)

To prevent leakage, loss, damage, unauthorized access, and other incidents involving personal information, we implement necessary and appropriate security control measures, including the establishment of personal information protection rules, appointment of responsible personnel, employee training, access controls, authority management, encryption of communications, log management, and measures against unauthorized access.

At each stage of acquisition, use, storage, provision, deletion, and disposal of retained personal data, we define handling methods, responsible persons, personnel in charge, and their duties, and we continuously review and improve these measures.

Article 9 (Retention Period)

We retain collected information for the period necessary to achieve the purposes of use.

When account deletion or cancellation procedures are completed, we will delete or anonymize the relevant information within a reasonable period, except for information that must be retained for legal or operational reasons.

Where there is a legitimate reason, such as prevention of unauthorized use, failure investigation, billing-related response, legal compliance, or similar purposes, we may retain certain information for the necessary period.

Article 10 (Disclosure, Correction, Deletion, Suspension of Use, etc.)

Users may request notification of the purposes of use, disclosure, correction, addition, deletion, suspension of use, erasure, or suspension of provision to third parties with respect to their own personal information held by us, in accordance with applicable laws and regulations.

After verifying the identity of the requester, we will respond promptly and within a reasonable scope in accordance with applicable laws and regulations. However, we may be unable to comply with deletion or similar requests where retention is required by law or where retention is necessary for preventing unauthorized use, responding to billing matters, or other legitimate reasons.

For details regarding procedures for requests such as disclosure, please refer to SPI Co., Ltd.’s official website, including its Personal Information Protection Policy.

Article 11 (Cancellation and Account Deletion)

Users may request cancellation or account deletion through the “Settings” section or other designated pathway provided in the app, or through an inquiry method designated by the Company.

After confirming the details of the request, we will proceed with deleting account information and related data, except for information that must be retained for legal or operational reasons.

Once the deletion process is completed, account information, learning history, registered learning materials, recorded voice data, and other related information may no longer be available.

For guest users, there may be no registered account. However, depending on the usage status, we will respond to requests to delete information stored in the app or related data managed by us.

Article 12 (Use by Minors)

If a minor uses the Service, the minor must do so with the consent of a parent or legal guardian.

We may request confirmation of parental or guardian consent when necessary.

Article 13 (Cookies, Advertising, Analytics, etc.)

The Service or websites related to the Service may use cookies, device identifiers, and similar technologies for purposes such as providing the Service, maintaining login status, analyzing usage, improving quality, and ensuring security.

No advertising delivery or third-party advertising tracking is conducted at the time of the initial release. If advertising delivery or tracking is introduced in the future, we will review this Privacy Policy and the method of obtaining consent as necessary.

Article 14 (Changes to this Privacy Policy)

We may change this Privacy Policy due to changes in laws and regulations, changes in the Service, operational needs, or other circumstances.

The revised Privacy Policy will take effect when posted on the Service or on our website. However, where user consent is required by law, we will obtain consent by the method designated by us.

Article 15 (Contact Information)

For inquiries regarding this Privacy Policy, the handling of personal information, or requests for disclosure and similar matters, please contact us at the following:

Company Name: SPI Co., Ltd.
Address: Yoshino Daiichi Building 7F, 1-6-3 Nihonbashi Bakurocho, Chuo-ku, Tokyo 103-0002, Japan
Personal Information Inquiry Desk: privacy@spi-jp.com
Kotomo Support / Account Deletion Requests: support@kotomo.app
Corporate Privacy Policy: https://spi-jp.com/privacy

Effective Date: May 27, 2026
Version: 1.0