← hskcrack
Privacy Policy
Effective May 15, 2026 · Last updated May 15, 2026
The short version
hskcrack needs your email to sign you in and your phone number is optional. We store your learning progress in our cloud database (Supabase) so you can resume on another device. We do not run ads, do not sell your data, and do not share it with anyone except the infrastructure providers listed below.
1. Who we are
"hskcrack" (the "App"), available at hskcrack.com and on app stores, is an HSK Chinese-language learning app. This policy explains what data the App collects and how it is handled.
2. What we collect
To create your account and sync your progress across devices, we collect:
- Email address — used for sign-in (one-time passcode) and account recovery. Required.
- Phone number — optional; used to help recover your account and to notify you of major updates. You can skip this in onboarding and add or remove it later from your profile.
- Display name — the name you enter during onboarding, shown on your dashboard.
- Learning progress — chapters you've started or completed, spaced-repetition review schedule, XP, hearts, streak, daily-XP history, placement-test result, lesson and preference settings.
We do not collect: your location, your contacts, your photos, microphone audio, advertising IDs, or any device identifiers.
3. Why we collect it
- Sign-in: your email is used to send a 6-digit code so you can sign in without a password.
- Cloud sync: your progress is stored against your account so you can install the App on another device (e.g. a new phone) and pick up where you left off.
- Recovery: if you lose access to your email, an optional phone number gives us a second way to help you recover your account.
- Aggregate product improvement: we may look at anonymized, aggregated statistics (e.g. "how many users finished HSK 1") to improve the curriculum. We do not look at individual user records for product purposes.
4. Where it's stored
Account and progress data is stored in Supabase (supabase.com/privacy), which uses Amazon Web Services data centres. Connections to Supabase are encrypted in transit (TLS). Access to your data is restricted at the database level (Row-Level Security) so that only your authenticated session can read or write your rows.
A copy of your progress is also cached on your device so the App works offline and feels fast. Uninstalling the App removes the local copy.
5. What we never do
- We do not run ads.
- We do not sell or rent your data to anyone.
- We do not share your data with advertisers, analytics brokers, or marketing partners.
- We do not track you across other websites or apps.
6. Third parties
The App relies on the following service providers ("sub-processors") to operate. They process your data only on our behalf and only to the extent needed to provide the App.
- Supabase — authentication and database hosting. (privacy policy)
- Apple App Store / Google Play — distribute the App and, if you grant their respective permissions, send push notifications.
- Device text-to-speech — spoken pinyin is generated by your device's built-in TTS engine (Apple, Google, or your manufacturer). No request goes to our servers; refer to your manufacturer's policy for how TTS handles your text.
7. Your rights
Subject to applicable law (including GDPR and CCPA where they apply to you), you have the right to:
- Access the personal data we hold about you.
- Correct it if it is wrong.
- Delete your account and all associated data.
- Export a copy of your data in a portable format.
- Withdraw consent at any time (your account will be deleted).
To exercise any of these rights, email hello@hskcrack.com. We will respond within 30 days. There is no charge for the first request in a 12-month period.
8. Data retention
We keep your account data for as long as your account exists. If you delete your account (via the App or by emailing us), we delete your row from the database and any backups within 30 days. Locally cached data is removed when you uninstall the App.
9. Children's privacy
The App is intended for users aged 13 and older. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has created an account, contact us and we will delete the account.
10. Data security
All connections to our backend use TLS. Database access is gated by per-user Row-Level Security policies, which means even our own staff cannot query your rows without your authenticated session. Sign-in is passwordless (6-digit emailed code) so there is no password for an attacker to steal.
No system is perfectly secure. If we ever experience a breach affecting your data, we will notify affected users by email within the time period required by applicable law (typically 72 hours under GDPR).
11. Changes to this policy
If we materially change how the App handles data, we will update this policy, update the "Last updated" date above, and (if the change is significant) notify you in-app before the change takes effect.
12. Contact
Questions, complaints, or rights requests? Email hello@hskcrack.com.