Privacy Policy for Ankra

1. Introduction

Welcome to Ankra. This Privacy Policy explains how Bahamapps AB ("we," "us," or "our") collects, uses, shares, and protects your personal data when you use the Ankra mobile application and web service (collectively, the "App").

Bahamapps AB is a company registered in Sweden and operates under the European Union's General Data Protection Regulation (GDPR). We are committed to protecting your privacy and handling your data transparently.

Contact Information:

• Legal Entity: Bahamapps AB
• Location: Sweden
• Email: [email protected]
• Data Protection Authority: Swedish Data Protection Authority (Datainspektionen)

2. Who Can Use Ankra

Ankra is intended for users aged 16 and older. If you are under 16, you may not use the App. By using Ankra, you confirm that you meet this age requirement.

3. What Data We Collect

We collect different types of data to provide and improve our service. Below is a comprehensive list of what we collect and how:

3.1 Authentication Data

When you use Ankra:

• Anonymous Authentication (Default): By default, we create an anonymous account for you through Supabase (our authentication provider). This allows you to use the App immediately without providing personal information. An anonymous user identifier is generated.
• Optional Identity Linking: You may choose to link your anonymous account to a persistent account using:
  • Google OAuth: Email address, name, profile information provided by Google
  • Apple OAuth: Email address, name (if provided), Apple user identifier
• Authentication Tokens: Secure tokens used to maintain your session and authenticate API requests.

3.2 Study Data Stored Locally on Your Device

The following data is stored locally on your device using SQLite database and is not automatically transmitted to our servers:

• Flashcard decks you create or clone
• Individual flashcard content (questions and answers, including text and LaTeX mathematical notation)
• Your study history and review performance (including dates reviewed, quality ratings, spaced repetition algorithm data)
• Statistics (learning streaks, accuracy rates, mastery levels)
• App preferences (language selection, notification settings)

Important: This local data remains on your device and is only transmitted to our backend services when you explicitly use AI-powered features (see Section 3.3).

3.3 Data Transmitted to Our Backend Services

When you use AI-powered features to generate flashcards:

• Study Prompts: Topics, context, desired number of cards, and other parameters you provide
• Uploaded Images: Photos of documents, textbooks, or other materials you upload for flashcard generation
• OCR-Extracted Text: Text extracted from your uploaded images using optical character recognition
• Generated Flashcards: AI-generated flashcard content based on your prompts or images
• Error Logs: Technical error information when the App encounters problems, including device type, error messages, and app state

3.4 Subscription and Payment Data

If you purchase a premium subscription:

• RevenueCat Customer ID: A unique identifier linking your account to your subscription
• Subscription Status: Whether you have an active subscription, subscription tier, renewal date
• Purchase History: Transaction records processed through Apple App Store or Google Play Store

Note: We do not directly process or store your payment card information. All payment transactions are handled securely by Apple or Google.

3.5 Device and Technical Information

• Country/Region: Used for content localization and compliance with local laws
• Language Preference: To display the App in your preferred language
• Device Type and Operating System: For compatibility and troubleshooting
• Notification Tokens: Only if you enable push notifications

3.6 Usage Analytics

We use PostHog (an open-source analytics platform) to collect aggregated and anonymized analytics data to understand how users interact with the App:

• Feature usage patterns (which features are used most frequently)
• App performance metrics (load times, error rates)
• Session duration and frequency
• Navigation patterns within the App

This data is collected in aggregate form and cannot be used to identify individual users. PostHog data is hosted in the EU to ensure GDPR compliance.

4. How We Use Your Data

We use your personal data for the following purposes:

4.1 To Provide the Service (Legal Basis: Contractual Necessity)

• Create and maintain your user account
• Store and sync your study data
• Generate flashcards using AI based on your prompts and images
• Process your subscription and provide premium features
• Display personalized study statistics and progress tracking

4.2 To Improve the Service (Legal Basis: Legitimate Interest)

• Analyze usage patterns to improve features and user experience
• Monitor app performance and fix bugs
• Develop new features based on user behavior
• Conduct research to enhance our spaced repetition algorithms

4.3 To Communicate with You (Legal Basis: Consent or Contractual Necessity)

• Send service-related notifications (study reminders, streak alerts) if you opt in
• Respond to your support requests and inquiries
• Send important updates about the App or policy changes

4.4 To Ensure Security and Prevent Abuse (Legal Basis: Legitimate Interest and Legal Obligation)

• Detect and prevent fraudulent transactions
• Monitor for abuse of AI generation features
• Enforce our Terms of Service
• Comply with legal obligations and respond to legal requests

5. AI-Generated Content and Acceptable Use

5.1 How AI Generation Works

Ankra uses artificial intelligence (specifically, Anthropic's Claude AI) to generate flashcard content based on:

• Study prompts you provide (topics, context, learning goals)
• Images you upload (we use Google Cloud Vision OCR to extract text from images)

The AI analyzes your input and generates relevant flashcard content to support your learning.

5.2 Prohibited Uses

You may not use Ankra's AI generation features for:

• Creating content that is illegal, harmful, abusive, harassing, or threatening
• Generating content that infringes intellectual property rights of others
• Creating content that promotes violence, discrimination, or hatred
• Generating spam, malware, or deceptive content
• Attempting to bypass usage limits or abuse the service
• Any purpose that violates our Terms of Service or applicable laws

5.3 Content Moderation and Service Suspension

We reserve the right to:

• Review and moderate AI-generated content to ensure compliance with our policies
• Suspend or terminate your account without prior notice if we detect abuse or violation of our terms
• Report illegal activity to appropriate authorities as required by law
• Implement automated systems to detect and prevent abuse

By using AI generation features, you acknowledge that:

• You are responsible for your prompts and the content you generate
• We may monitor usage patterns to detect abuse
• Service suspension or termination may occur for policy violations
• We are not liable for content you generate using the AI features

6. How We Share Your Data

We do not sell your personal data. We share your data only in the following circumstances:

6.1 Third-Party Service Providers

We use trusted third-party services to operate Ankra. These providers process data on our behalf under strict contractual obligations:

• Supabase: Authentication and user account management
• Anthropic (Claude AI): AI-powered flashcard generation
• Google Cloud Vision: Optical character recognition (OCR) for image text extraction
• RevenueCat: Subscription and in-app purchase management
• PostHog: Analytics and product usage insights (EU-hosted)

All third-party providers are carefully selected and required to:

• Implement appropriate technical and organizational security measures
• Process data only according to our instructions
• Comply with GDPR requirements
• Use standard contractual clauses or other approved transfer mechanisms for international data transfers

6.2 Legal Requirements

We may disclose your data if required by law, court order, or government regulation, or if we believe in good faith that such disclosure is necessary to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Protect the rights, property, or safety of our users or the public
• Detect, prevent, or address fraud or security issues

6.3 Business Transfers

If Bahamapps AB is involved in a merger, acquisition, bankruptcy, or sale of assets, your personal data may be transferred to the acquiring entity. You will be notified of any such change via email or prominent notice in the App.

7. Data Security

We implement industry-standard security measures to protect your personal data including encryption in transit and at rest, secure authentication, and strict access controls.

Your Responsibility: You are responsible for maintaining the security of your device, including using strong device passwords and keeping your operating system updated.

8. Your Rights Under GDPR

As a resident of the European Union, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion of your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to certain processing activities
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Swedish Data Protection Authority (Datainspektionen) at https://www.datainspektionen.se

9. Contact Us

For data protection inquiries, include "Privacy Request" in your email subject line.