upplyst.ai

Privacy Policy

upplyst.ai
Effective from: 2026-07-05
Last updated: 2026-07-05


1. Who we are

upplyst.ai is a personal app for multiple choice cards and learning with spaced repetition. This policy describes what data we collect, how we use it, and what rights you have to that data.

Developer: upplyst.ai
Contact: info@upplyst.ai

2. Delete your account

You can delete your account and all associated data directly in the upplyst.ai app:

  1. Open the upplyst.ai app
  2. Go to Settings
  3. Tap Delete account
  4. Confirm the deletion in the two step confirmation dialog

When you delete your account, the following data is removed permanently and immediately:

  • Your profile and account information
  • All decks and cards in your library
  • All review history and learning progress
  • Schedule data and streak records
  • Device tokens and notification settings

There is no retention period. All data is removed as part of the deletion. The action cannot be undone.

If you cannot access the app, you can request account deletion by emailing info@upplyst.ai from the email address linked to your account.

3. What data we collect

3.1 Account data

When you sign in with Google or Apple, we receive:

Data
Email address
Source
Google/Apple
Purpose
Account identification and sign in
Data
Name (optional)
Source
Apple (if provided)
Purpose
Display (if provided)
Data
Provider user ID
Source
Google/Apple
Purpose
Link the sign in to your account

We do not request access to your contacts, calendar, photos, or other services at Google or Apple.

3.2 Learning data

upplyst.ai provides ready made decks that you add to your library. We store which decks you have added and your review progress:

Data
Review rating (1-4)
Purpose
Calculate the repetition interval
Data
Review history (answer, rating, timestamp)
Purpose
Track learning progress and drive the repetition algorithm
Data
Due date, interval, and ease factor
Purpose
Schedule your next reviews
Data
Streak records
Purpose
Show your progress and send reminders

3.3 User settings

Data
Daily reminder time
Purpose
When reminders should be sent
Data
Time zone (read automatically from the device)
Purpose
Make sure reminders arrive in the correct local time
Data
Language preference
Purpose
Display language
Data
Theme preference
Purpose
Light/dark/system (stored locally only)
Data
Notifications on
Purpose
Your choice to receive notifications

3.4 Device data (for notifications)

Data
Push token (Expo)
Purpose
Deliver push notifications
Data
Platform (iOS/Android)
Purpose
Platform specific notification handling

Push tokens are device identifiers used to route notifications. They are linked to your account only to deliver reminders. Notifications are delivered through the Expo push service, which in turn routes them through Apple Push Notification service (APNs) on iOS and Google Firebase Cloud Messaging (FCM) on Android. These transports receive your push token and the notification title and body in order to deliver the message.

3.5 Diagnostic data

We use Sentry for crash and error reporting. Sentry receives error messages, stack traces, and basic device information (device type, OS version, app version) when a crash or error occurs. Authentication headers, tokens, and request bodies are redacted before any data is sent, and we do not attach any user identity to the reports. Crash reports are processed in Sentry's EU region (Germany). Diagnostics are sent only from the production build of the app, not during development.

We use no analytics or advertising SDKs. If we add analytics in the future, we will update this policy and our App Store privacy details.

4. How we use your data

We use your data to:

  • Provide the app's features (decks, reviews, progress tracking)
  • Store and sync your learning progress across sessions and devices
  • Send reminders via push notifications (only if you enable notifications)
  • Maintain account security and prevent abuse

We do not use your data to:

  • Target ads or marketing
  • Sell data to third parties
  • Train AI models

5. Third party services

We use the following services to run the app:

5.1 Supabase (database and authentication)

  • Purpose: Authentication and storage of your app data
  • Data processed: Account data, deck choices, settings, review history
  • Provider policy: https://supabase.com/privacy
  • Hosting region: Europe (Stockholm)

5.2 Expo Push Notifications (with APNs and FCM)

  • Purpose: Deliver push notifications
  • Data processed: Push token, platform, and the notification content (title and body)
  • Transport: Expo forwards the notification through Apple Push Notification service (APNs) on iOS and Google Firebase Cloud Messaging (FCM) on Android. FCM is used solely as a transport for notifications, not for analytics.
  • Provider policies: https://expo.dev/privacy, Apple, Google Firebase

5.3 Google (sign in)

  • Purpose: Authentication only
  • Data received: Email and basic profile information
  • We do not access: Gmail, Drive, Calendar, Contacts
  • Provider policy: https://policies.google.com/privacy

5.4 Apple (sign in)

5.5 Sentry (crash reporting)

  • Purpose: Crash and error reporting to improve app stability
  • Data processed: Error messages, stack traces, device type, OS version, and app version. Authentication headers, tokens, and request bodies are redacted before they are sent. No user identity is included.
  • Processing region: EU (Germany)
  • Provider policy: https://sentry.io/privacy/

6. Data retention

We keep data for as long as needed to provide the service:

Data type
Account data
Retention
Until you delete your account
Data type
Deck choices and review data
Retention
Until you delete your account
Data type
Review history
Retention
Until you delete your account
Data type
Push tokens
Retention
Until you sign out or delete your account

When you delete your account, we delete or anonymize the associated app data in our systems as part of the deletion.

7. Data security

We use established security practices, including:

  • Encryption in transit (HTTPS/TLS)
  • Access controls and database security rules (for example row level access where applicable)
  • OAuth based authentication (Google/Apple)

Session tokens may be stored locally on your device. If your device is compromised (for example jailbroken or rooted), an attacker could access locally stored session data.

8. Your rights

8.1 Access and control

You can see your decks and learning progress in the app.

8.2 Delete your account

You can delete your account in the app via Settings > Delete account. This removes your account and associated learning data from our systems.

8.3 Manage your settings

You can update your settings and notification choices at any time.

8.4 Data portability

If you would like a copy of your data, you can contact us at info@upplyst.ai and we will help you.

8.5 Withdraw notification consent

You can turn off notifications at any time in the app settings or in your device settings.

9. Children's privacy

upplyst.ai is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided data, contact us for removal.

10. International data transfers

Our service providers may process data in different countries depending on their infrastructure and how our project is configured. Supabase for this project is hosted in Europe (Stockholm) and Sentry processes diagnostic data in Europe (Germany). Push notifications are routed through Apple (APNs) and Google (FCM), which may process your push token outside the EU. If you have questions about where your data is processed, contact us at info@upplyst.ai.

11. Changes to this policy

We may update this policy from time to time. We will update the "Last updated" date above. Continued use of the app after changes means you accept the updated policy.

12. Contact

For privacy questions or requests:
Email: info@upplyst.ai