Aleph

Legal Documents

Aleph — Privacy Policy

Effective Date: May 27, 2026

Last Updated: May 27, 2026

1. Overview

Aleph is designed with a local-first, privacy-first approach. We believe your reading habits, study notes, and learning patterns are personal. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding that information.

We do not sell your personal data to anyone.

2. Information We Collect

2.1 Information You Provide Directly

  • Email address:Account creation — stored in Supabase (encrypted)
  • Apple ID (name, email): Apple Sign In — stored in Supabase
  • Google account (name, email): Google Sign In — stored in Supabase
  • Study notes and observations: Using the learning journey — device (local) + Supabase (if synced)
  • Task completion data: Completing learning nodes — device (local) + Supabase (if synced)
  • Feedback content:Submitting feedback — Supabase

2.2 Information Collected Automatically

  • Device advertising identifier: Ad personalisation (free tier only) — managed by OS
  • Subscription status:Feature gating — RevenueCat servers
  • Purchase history:Subscription management — RevenueCat servers
  • Push notification token: Delivering daily reminders — Expo Push Service

2.3 Information We Do NOT Collect

We do not collect, access, or store:

  • Your precise location (GPS or IP-derived)
  • Your contacts or address book
  • Your camera, microphone, or biometric data
  • Your browsing history outside the App
  • Health, fitness, or financial data
  • Your device's serial number or IMEI

3. How We Use Your Information

3.1 Service Delivery

  • Account authentication: To verify your identity and provide cross-device sync.
  • Learning progress sync: To store and retrieve your task completions, notes, and pick history across devices.
  • Daily picks: To deliver your curated article selections (titles are fetched from our Supabase database; no personal data is sent to Wikipedia).
  • Push notifications: To send daily learning reminders at your chosen time. Notification content is generated locally on your device based on your subscription status and language preference.
  • Subscription management: To verify your Aleph+ entitlement and unlock premium features.

3.2 Advertising (Free Tier Only)

Free-tier users are shown interstitial ads provided by Google AdMob. Google may collect and use data in accordance with its own privacy policy, including:

  • Device advertising identifier
  • Device type, operating system, and version
  • Ad interaction data (impressions, clicks)

On iOS, the App uses the App Tracking Transparency (ATT) framework. You will be asked for permission before the advertising identifier is used for personalised ads. If you decline, you will still see ads, but they will not be personalised. You may change this setting at any time in your device's Settings app.

Aleph+ subscribers are not shown any advertisements, and no advertising data is collected from subscribers.

3.3 Service Improvement

We may use aggregated, anonymised data (e.g., total number of active users, most popular article categories) to improve the App. This data cannot be used to identify you individually.

4. Local-First Storage

4.1 On-Device Data

The majority of your data — including study history, notes, task completions, and app preferences — is stored locally on your device using AsyncStorage. This data:

  • Is never transmitted to our servers unless you create an account and enable cloud sync.
  • Is not accessible to Aleph or any third party.
  • Is permanently deleted if you uninstall the App or clear its data.

4.2 Cloud Sync

When you create an account, your learning progress is automatically synchronised to our Supabase backend. Cloud sync uses a merge strategy: if a task is completed on any device, it is considered completed everywhere. No data is lost during sync conflicts.

You may use the App without creating an account. In this case, all data remains exclusively on your device.

5. Data We Share with Third Parties

We share data with the following third-party service providers solely for the purpose of operating the App:

  • Supabase:Account info, learning progress, notes — backend hosting, authentication, database
  • RevenueCat:User ID, purchase status — subscription management
  • Google AdMob:Device ad ID, ad interactions — advertising (free tier only)
  • Wikimedia Foundation:Article titles (no personal data) — content retrieval
  • Apple:Apple ID (if using Apple Sign In) — authentication
  • Google:Google account (if using Google Sign In) — authentication

We do not sell, rent, or trade your personal information with any other parties.

6. Advertising and Tracking

6.1 Google AdMob (Free Tier)

The App uses Google AdMob to display interstitial ads to free-tier users. Google AdMob may collect:

  • Device advertising identifier (IDFA on iOS, GAID on Android)
  • Device information (model, OS version, screen size)
  • Network information (connection type, carrier)
  • Ad interaction data

6.2 iOS App Tracking Transparency (ATT)

On iOS 14.5 and later, the App presents an ATT permission dialog before accessing the device's advertising identifier. You have three choices:

  • Allow: You receive personalised ads based on your interests.
  • Ask App Not to Track: You receive non-personalised ads (contextual only).
  • Disable in Settings:You can revoke tracking permission at any time in Settings → Privacy & Security → Tracking.

Your choice does not affect your ability to use the App or any of its features.

6.3 Opting Out of Personalised Ads

  • iOS:Settings → Privacy & Security → Tracking → disable “Allow Apps to Request to Track,” or revoke permission for Aleph specifically.
  • Android:Settings → Privacy → Ads → Opt out of Ads Personalisation.
  • Within the App: Aleph+ subscribers are not shown any ads.

7. Push Notifications

7.1 Notification Permission

The App requests permission to send push notifications. This is entirely optional. If you grant permission, the App sends one daily local notification at your chosen time to remind you to continue your learning.

7.2 Notification Content

Notification messages are generated locally on your device based on your subscription status and language preference. No personal data is transmitted to generate notification content.

7.3 Disabling Notifications

You may disable notifications at any time through:

  • The App's Profile settings (toggle off)
  • Your device's Settings app (Settings → Notifications → Aleph)

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

8.1 Access and Portability
You may request a copy of the personal data we hold about you. This includes your account information and any synced learning progress.

8.2 Correction
You may request correction of inaccurate personal data.

8.3 Deletion
You may request deletion of your account and associated data at any time:

  • In-app:Profile → Delete Account (requires confirmation)
  • By email: Contact [email protected]

Upon account deletion, your server-side data is permanently deleted within 30 days. Locally stored data on your device persists until you uninstall the App or clear its data.

8.4 Objection and Restriction
You may object to or request restriction of certain data processing activities, subject to applicable law.

8.5 GDPR Rights (EEA Users)
If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with a supervisory authority.

8.6 CCPA Rights (California Users)
If you are a California resident, you have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.

9. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encrypted data transmission (TLS/HTTPS) for all network communications.
  • Encrypted storage of authentication credentials by Supabase (bcrypt hashing).
  • Row-level security (RLS) policies on our database to ensure users can only access their own data.
  • No plaintext storage of passwords or authentication tokens.

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Children's Privacy

The App is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected].

11. International Data Transfers

Your data may be processed and stored in countries other than your own, including the United States, where our third-party service providers operate. By using the App, you consent to the transfer of your data to these countries. We ensure that appropriate safeguards are in place for international transfers in accordance with applicable data protection laws.

12. Data Retention

  • Account information: Until account deletion
  • Learning progress (server): Until account deletion
  • Learning progress (local): Until app uninstallation or data clearing
  • Push notification tokens: Until notification permission revoked
  • Subscription data: Managed by RevenueCat per their retention policy
  • Ad interaction data: Managed by Google per their retention policy

13. Cookies and Local Storage

The App does not use web cookies. The App uses device-local storage (AsyncStorage) to persist:

  • App preferences (language, notification settings)
  • Learning progress and notes
  • Authentication session tokens

This data is stored exclusively on your device and is not transmitted to us except as part of the cloud sync feature for authenticated users.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Updating the “Last Updated” date at the top of this policy.
  • Displaying an in-app notification upon your next launch after a material change.

Your continued use of the App after changes take effect constitutes acceptance of the revised Privacy Policy.

15. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Email: [email protected]