Vô chiVô chi

Privacy Policy

Last updated: June 5, 2026

1. Who we are

Vô chi ("we", "us") is a product developed and operated in Vietnam. When you use the app or the website vochi.xyz, we act as the data controller under Vietnam's Decree 13/2023/ND-CP on Personal Data Protection (PDPL) and the EU General Data Protection Regulation (GDPR) where applicable.

For privacy matters, contact hi@vochi.xyz.

2. What we collect

2.1 Purchase and license data. When you buy a paid plan we collect: the email that receives the license, amount, order id, transaction timestamp, plan purchased, and a device id generated by the app to enforce the device limit. We do NOT store card numbers — payment is handled entirely by a third-party gateway.

2.2 Learning data (on-device). Vocabulary, definitions, examples, review progress, and your creature's hunger/level are stored locally in a SQLite database on your machine. They are NOT uploaded to our servers.

2.3 Anonymous usage data (analytics). If you consent (default on, toggle in Settings), the app sends anonymous events: app version, OS, in-app actions (clicking the pet, reviewing words, switching modes), technical attributes (UI language, pet size, current license tier), and error type when the app crashes. Each install gets a random id (install_id) stored on your machine, never linked to your email or real name.

2.4 Website access logs. Standard server logs (IP, user agent, referrer, timestamp) are processed by our hosting provider for up to 30 days for operational safety, then deleted. A small cookie named "vochi_lang" remembers your language choice.

3. Purpose and legal basis

Performance of contract (PDPL Art. 17 / GDPR Art. 6(1)(b)): order processing, license issuance, device-limit enforcement.

Consent (PDPL Art. 11 / GDPR Art. 6(1)(a)): anonymous usage data and error reports. You can withdraw consent at any time.

Legitimate interest (GDPR Art. 6(1)(f)): website security and fraud prevention.

4. Third-party processors

We share the minimum necessary data with the following processors:

  • VietQR gateway (Sepay) — payment processing, servers in Vietnam.
  • Resend — license email delivery, servers in the United States.
  • PostHog — anonymous analytics and error tracking, servers in the United States (us.i.posthog.com).
  • Vercel — website hosting, globally distributed.
  • Cloudflare — CDN and DDoS protection, globally distributed.

5. International transfers

Some processors (Resend, PostHog, Vercel, Cloudflare) host servers outside Vietnam, primarily in the United States and the EU. Per PDPL Art. 25 we have conducted a transfer impact assessment and put in place equivalent safeguards, including Standard Contractual Clauses with processors in regions without an adequacy decision. The transfer of anonymous data and minimal license data is necessary to operate the service you signed up for.

6. Retention

  • Purchase and license data: kept for the license term plus 5 years per Vietnamese accounting law.
  • License email: kept until you request deletion or 5 years after license expiry.
  • Anonymous usage data: maximum 13 months, then auto-deleted at PostHog.
  • Website server logs: maximum 30 days.
  • On-device learning data: you control it. The in-app reset wipes everything.

7. Your rights

Under Vietnam's PDPL and the GDPR you have the right to:

  • Know what data we hold and access it.
  • Correct inaccurate or incomplete data.
  • Request erasure (right to be forgotten).
  • Restrict or object to processing.
  • Withdraw consent at any time, without affecting prior lawful processing.
  • Receive your data in a portable format (data portability).
  • Lodge a complaint with Vietnam's Department of Cybersecurity and High-Tech Crime Prevention (A05) – Ministry of Public Security.
  • If you reside in the EU/EEA, lodge a complaint with your local data protection authority.
  • If you reside in California (CCPA): the right to know, delete, and opt out of sale. Vô chi does NOT sell personal data.

To exercise any of these, email hi@vochi.xyz. We respond within 30 days.

8. Children

Vô chi is not directed at users under 16. If you are under 16, please get parent or guardian consent before using the service. If we learn we have collected data from a child under 16 without valid consent, we will delete it.

9. Security

We apply reasonable technical and organizational measures: HTTPS-only connections, password hashing, license key encryption, and least-privilege access. No system is perfectly secure. In the event of a data breach we will notify you and the competent authority within 72 hours where required.

10. Changes

For material changes we will email you and update the effective date at the top of this page. Continued use after a change means you accept the updated policy.