Privacy Policy
Introduction
Welcome to Autodidact, a product of ADidact Inc ("we," "our," or "us"). We are committed to protecting your privacy and being transparent about how we collect, use, and share your personal information. This Privacy Policy explains our practices regarding data collection and use when you use our mobile application ("App") and related services (collectively, the "Service").
By using Autodidact, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use the Service.
1. Information We Collect
We collect information in the following categories:
1.1 Information You Provide Directly
| Data Type | Description | Purpose |
|---|---|---|
| Email Address | Required for account creation | Account authentication, password recovery, service communications |
| Username | Your chosen display name | Account identification, personalization |
| Password | Stored in encrypted (hashed) form only | Account security and authentication |
1.2 Information Collected Automatically
When you use the App, we automatically collect certain information:
| Data Type | Description | Purpose |
|---|---|---|
| Usage Data | Facts viewed, likes, bookmarks, saves, time spent on content (dwell time), swipe direction and velocity, completion rate | Personalization, recommendations, service improvement |
| Interaction Events | Taps, scrolls, content expansion, skip patterns, time to first interaction, sequence of content viewed | Understanding engagement, improving recommendations |
| Session Information | Session duration, facts viewed per session, timestamps, session sequence data | Analytics, service optimization |
| Device Information | Device type (e.g., "iPhone"), operating system version (e.g., "iOS 18.0"), app version | Technical support, compatibility, bug fixes |
| IP Address | Your internet protocol address | Security (rate limiting, fraud prevention), approximate geographic region |
1.3 Local Data Processing
Some data is processed and stored locally on your device before being transmitted to our servers:
- Offline Event Queue: Interaction events are stored temporarily in a local SQLite database on your device to ensure reliable delivery even when you have intermittent connectivity. This data is automatically synchronized with our servers when a connection is available and removed from your device after successful transmission.
- Authentication Tokens: Stored securely in the iOS Keychain on your device only.
1.4 Information We Do NOT Collect
We want to be clear about what we do not collect:
- Location Data: We do not access your precise or coarse location
- Contacts: We do not access your phone contacts or address book
- Photos/Videos/Audio: We do not access your camera, photo library, or microphone
- Health & Fitness Data: We do not collect any health or fitness information
- Financial Information: We do not collect payment, credit, or financial data
- Biometric Data: We do not collect fingerprints, face scans, or other biometric identifiers
- Browsing History: We do not track websites you visit outside our App
2. How We Use Your Information
We use the information we collect for the following purposes:
2.1 App Functionality
- Authenticate your account and maintain your session
- Enable you to save, like, and bookmark educational facts
- Track your learning progress within the App
- Provide customer support
2.2 Personalization
- Deliver personalized content recommendations based on your interests and engagement patterns
- Customize your learning experience based on topics you engage with
- Remember your preferences and settings
2.3 Analytics and Improvement
- Understand how users interact with our content
- Identify popular topics and content types
- Improve our recommendation algorithms
- Analyze aggregate usage patterns (not individual tracking)
- Debug issues and improve App stability
2.4 Security
- Protect against unauthorized access to your account
- Prevent fraud, abuse, and malicious activity
- Enforce rate limits to protect service availability
- Detect and prevent security threats
2.5 Communications
- Send password reset emails when requested
- Send email verification links during registration
- Notify you of important changes to our Service or policies
- Respond to your support requests
Note: We do not send marketing or promotional emails. We do not sell your data for advertising purposes.
3. How We Share Your Information
We do not sell your personal information. We share your information only in the following limited circumstances:
3.1 Service Providers
We work with third-party service providers who help us operate our Service. These providers are contractually obligated to protect your information and may only use it to provide services to us:
| Provider | Purpose | Data Shared |
|---|---|---|
| Railway | Cloud hosting, PostgreSQL database, Redis cache | Encrypted user data, session data |
| Pinecone | Vector database for content recommendations | Anonymized content embeddings (no personal data) |
| Resend | Transactional email delivery | Email address (for verification/password reset only) |
| Cloudflare | DNS, CDN, website hosting | IP address, basic request metadata |
3.2 AI Service Providers (Content Generation)
Important Disclosure: The educational facts in Autodidact are generated using third-party AI services, specifically Google Gemini. However:
- Your personal data is NOT sent to AI services. Facts are pre-generated and stored in our database before being shown to you.
- The AI generates educational content based on topic categories, not based on any individual user data.
- Your usage patterns, preferences, and personal information are never transmitted to Google Gemini or any other AI content generation service.
3.3 Third-Party SDKs in the App
| Library | Purpose | Data Access | Privacy Impact |
|---|---|---|---|
| GRDB | Local SQLite database | Local device storage only | No data leaves device; used only for offline event queue |
Important Notes:
- We do not use third-party analytics SDKs (such as Firebase Analytics, Google Analytics, or Mixpanel)
- We do not use advertising SDKs or ad networks
- We do not use crash reporting SDKs that transmit data to third parties
- All analytics are performed on our own servers using first-party data
3.4 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
3.5 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice in the App of any change in ownership or uses of your personal information.
4. AI-Generated Content Disclosure
4.1 Nature of Content
The educational facts presented in Autodidact are generated using artificial intelligence technology (specifically, large language models). This content is:
- AI-generated: Created by AI models, not human authors
- Pre-generated: Created before being shown to you, not generated in real-time based on your data
- Educational in nature: Intended to provide interesting factual information across various topics
- Not guaranteed to be accurate: While we strive for accuracy, AI-generated content may contain errors or inaccuracies
4.2 User Data and AI
Your personal information is not used to train AI models. We do not:
- Send your personal data to AI services for content generation
- Use your usage patterns to train external AI models
- Share your interactions with AI service providers
5. Data Retention
5.1 Account Data
We retain your account information (email, username, hashed password) for as long as your account remains active.
5.2 Usage Data
- Interaction data (likes, bookmarks, views): Retained while your account is active to provide personalized recommendations
- Session data: Retained for up to 90 days for analytics purposes
- Event logs: Retained for up to 90 days for debugging and service improvement
5.3 After Account Deletion
When you delete your account:
- Your personal information (email, username) is permanently deleted
- Your interaction history is permanently deleted
- Anonymized, aggregated analytics data may be retained (this data cannot identify you)
- Deletion is processed within 30 days
6. Data Security
6.1 Technical Safeguards
- Encryption: All data transmitted between your device and our servers is encrypted using TLS/HTTPS
- Password Security: Passwords are hashed using bcrypt with appropriate salt rounds; we never store plain-text passwords
- Secure Storage: Sensitive data on your device (authentication tokens) is stored in the iOS Keychain
- Access Controls: Database access is restricted and monitored
- Rate Limiting: We implement rate limiting to prevent brute-force attacks
6.2 Account Security
- Account Lockout: After multiple failed login attempts, accounts are temporarily locked to prevent unauthorized access
- Token Expiration: Authentication tokens expire regularly and must be refreshed
- Session Management: Sessions are tracked and can be terminated
7. Your Rights and Choices
7.1 Access and Portability
You have the right to:
- Access the personal information we hold about you
- Request a copy of your data in a portable format
7.2 Deletion
You have the right to delete your account and all associated personal data at any time:
- Go to Settings within the App
- Select Delete Account
- Confirm your choice
Account deletion is permanent and cannot be undone.
7.3 Exercising Your Rights
To exercise any of these rights, you may use the in-app settings and features or contact us at the email address provided below. We will respond to your request within 30 days.
8. Children's Privacy
Autodidact is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. Upon verification, we will delete such information from our servers.
9. International Data Transfers
Our servers are located in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States.
We ensure appropriate safeguards are in place to protect your information when transferred internationally, in compliance with applicable data protection laws.
10. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act:
- Right to Know: Request disclosure of categories and specific pieces of personal information collected
- Right to Delete: Request deletion of personal information we have collected
- Right to Correct: Request correction of inaccurate personal information
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
We do not sell your personal information. We have not sold personal information in the preceding 12 months.
11. European Privacy Rights (GDPR)
If you are located in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR), including:
- Access: Obtain confirmation of whether we process your data and access to that data
- Rectification: Correct inaccurate personal data
- Erasure: Request deletion of your personal data ("right to be forgotten")
- Restrict Processing: Request limitation of processing in certain circumstances
- Data Portability: Receive your data in a structured, commonly used format
- Object: Object to processing based on legitimate interests
You have the right to lodge a complaint with a supervisory authority in your country of residence.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new Privacy Policy in the App
- Updating the "Last Updated" date at the top of this policy
- For significant changes, sending an email notification to your registered email address
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Email: privacy@autodidactapp.com
Summary of Data Practices
| Category | What We Collect | What We Don't Collect |
|---|---|---|
| Account Info | Email, username, hashed password | Real name, phone number, physical address |
| Usage Data | Interactions, preferences, session data | Location, contacts, photos, health data |
| Device Info | Device type, OS version, app version | Precise device identifiers, advertising IDs |
| AI Content | Pre-generated educational facts | Your data is NOT sent to AI services |
Key Points: We do NOT sell your personal information. We do NOT send your data to AI services for content generation. You can delete your account and all data at any time. We use industry-standard security measures.