Privacy Policy
upplyst.ai
Effective from: 2026-07-05
Last updated: 2026-07-05
1. Who we are
upplyst.ai is a personal app for multiple choice cards and learning with spaced repetition. This policy describes what data we collect, how we use it, and what rights you have to that data.
Developer: upplyst.ai
Contact: info@upplyst.ai
2. Delete your account
You can delete your account and all associated data directly in the upplyst.ai app:
- Open the upplyst.ai app
- Go to Settings
- Tap Delete account
- Confirm the deletion in the two step confirmation dialog
When you delete your account, the following data is removed permanently and immediately:
- Your profile and account information
- All decks and cards in your library
- All review history and learning progress
- Schedule data and streak records
- Device tokens and notification settings
There is no retention period. All data is removed as part of the deletion. The action cannot be undone.
If you cannot access the app, you can request account deletion by emailing info@upplyst.ai from the email address linked to your account.
3. What data we collect
3.1 Account data
When you sign in with Google or Apple, we receive:
- Data
- Email address
- Source
- Google/Apple
- Purpose
- Account identification and sign in
- Data
- Name (optional)
- Source
- Apple (if provided)
- Purpose
- Display (if provided)
- Data
- Provider user ID
- Source
- Google/Apple
- Purpose
- Link the sign in to your account
We do not request access to your contacts, calendar, photos, or other services at Google or Apple.
3.2 Learning data
upplyst.ai provides ready made decks that you add to your library. We store which decks you have added and your review progress:
- Data
- Review rating (1-4)
- Purpose
- Calculate the repetition interval
- Data
- Review history (answer, rating, timestamp)
- Purpose
- Track learning progress and drive the repetition algorithm
- Data
- Due date, interval, and ease factor
- Purpose
- Schedule your next reviews
- Data
- Streak records
- Purpose
- Show your progress and send reminders
3.3 User settings
- Data
- Daily reminder time
- Purpose
- When reminders should be sent
- Data
- Time zone (read automatically from the device)
- Purpose
- Make sure reminders arrive in the correct local time
- Data
- Language preference
- Purpose
- Display language
- Data
- Theme preference
- Purpose
- Light/dark/system (stored locally only)
- Data
- Notifications on
- Purpose
- Your choice to receive notifications
3.4 Device data (for notifications)
- Data
- Push token (Expo)
- Purpose
- Deliver push notifications
- Data
- Platform (iOS/Android)
- Purpose
- Platform specific notification handling
Push tokens are device identifiers used to route notifications. They are linked to your account only to deliver reminders. Notifications are delivered through the Expo push service, which in turn routes them through Apple Push Notification service (APNs) on iOS and Google Firebase Cloud Messaging (FCM) on Android. These transports receive your push token and the notification title and body in order to deliver the message.
3.5 Diagnostic data
We use Sentry for crash and error reporting. Sentry receives error messages, stack traces, and basic device information (device type, OS version, app version) when a crash or error occurs. Authentication headers, tokens, and request bodies are redacted before any data is sent, and we do not attach any user identity to the reports. Crash reports are processed in Sentry's EU region (Germany). Diagnostics are sent only from the production build of the app, not during development.
We use no analytics or advertising SDKs. If we add analytics in the future, we will update this policy and our App Store privacy details.
4. How we use your data
We use your data to:
- Provide the app's features (decks, reviews, progress tracking)
- Store and sync your learning progress across sessions and devices
- Send reminders via push notifications (only if you enable notifications)
- Maintain account security and prevent abuse
We do not use your data to:
- Target ads or marketing
- Sell data to third parties
- Train AI models
5. Third party services
We use the following services to run the app:
5.1 Supabase (database and authentication)
- Purpose: Authentication and storage of your app data
- Data processed: Account data, deck choices, settings, review history
- Provider policy: https://supabase.com/privacy
- Hosting region: Europe (Stockholm)
5.2 Expo Push Notifications (with APNs and FCM)
- Purpose: Deliver push notifications
- Data processed: Push token, platform, and the notification content (title and body)
- Transport: Expo forwards the notification through Apple Push Notification service (APNs) on iOS and Google Firebase Cloud Messaging (FCM) on Android. FCM is used solely as a transport for notifications, not for analytics.
- Provider policies: https://expo.dev/privacy, Apple, Google Firebase
5.3 Google (sign in)
- Purpose: Authentication only
- Data received: Email and basic profile information
- We do not access: Gmail, Drive, Calendar, Contacts
- Provider policy: https://policies.google.com/privacy
5.4 Apple (sign in)
- Purpose: Authentication only
- Data received: Email (may be a private relay address) and name (if provided)
- Provider policy: https://www.apple.com/legal/privacy/
5.5 Sentry (crash reporting)
- Purpose: Crash and error reporting to improve app stability
- Data processed: Error messages, stack traces, device type, OS version, and app version. Authentication headers, tokens, and request bodies are redacted before they are sent. No user identity is included.
- Processing region: EU (Germany)
- Provider policy: https://sentry.io/privacy/
6. Data retention
We keep data for as long as needed to provide the service:
- Data type
- Account data
- Retention
- Until you delete your account
- Data type
- Deck choices and review data
- Retention
- Until you delete your account
- Data type
- Review history
- Retention
- Until you delete your account
- Data type
- Push tokens
- Retention
- Until you sign out or delete your account
When you delete your account, we delete or anonymize the associated app data in our systems as part of the deletion.
7. Data security
We use established security practices, including:
- Encryption in transit (HTTPS/TLS)
- Access controls and database security rules (for example row level access where applicable)
- OAuth based authentication (Google/Apple)
Session tokens may be stored locally on your device. If your device is compromised (for example jailbroken or rooted), an attacker could access locally stored session data.
8. Your rights
8.1 Access and control
You can see your decks and learning progress in the app.
8.2 Delete your account
You can delete your account in the app via Settings > Delete account. This removes your account and associated learning data from our systems.
8.3 Manage your settings
You can update your settings and notification choices at any time.
8.4 Data portability
If you would like a copy of your data, you can contact us at info@upplyst.ai and we will help you.
8.5 Withdraw notification consent
You can turn off notifications at any time in the app settings or in your device settings.
9. Children's privacy
upplyst.ai is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided data, contact us for removal.
10. International data transfers
Our service providers may process data in different countries depending on their infrastructure and how our project is configured. Supabase for this project is hosted in Europe (Stockholm) and Sentry processes diagnostic data in Europe (Germany). Push notifications are routed through Apple (APNs) and Google (FCM), which may process your push token outside the EU. If you have questions about where your data is processed, contact us at info@upplyst.ai.
11. Changes to this policy
We may update this policy from time to time. We will update the "Last updated" date above. Continued use of the app after changes means you accept the updated policy.
12. Contact
For privacy questions or requests:
Email: info@upplyst.ai