Privacy Policy

1. Introduction

Aleph ("the App," "we," "us," or "our") is committed to protecting the privacy of our users, especially children. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application Aleph, available on iOS.

By using the App, you consent to the data practices described in this Privacy Policy. If you are a parent or guardian of a child under 13, please review this policy carefully. Your child's use of the App requires your consent.

If you do not agree with the terms of this Privacy Policy, please do not use the App.

2. Information We Collect

2.1 Information You Provide

We collect the following information that you voluntarily provide:

• Account Information: When you create an account, we collect your authentication credentials. Depending on your sign-in method, this may include your email address (for email/password sign-up), your name and email (from Apple Sign In or Google Sign In). If you use Apple's "Hide My Email" feature, we receive Apple's relay email address instead of your actual email.
• Display Name: A name you choose to identify yourself within the App (maximum 100 characters).
• Chat Messages: If you use the Chavruta AI chat feature (premium only), we store the messages you send and the AI responses you receive.

2.2 Information Collected Automatically

When you use the App, certain information is collected automatically:

• Learning Progress: Lesson completion data, quiz accuracy scores, experience points (XP) earned, and daily activity records.
• App Usage Data: Features used, screens viewed, daily streaks, gems earned and spent, inventory of virtual items, and subscription status.
• Device Information: Device type, operating system version, app version, and general device identifiers used for crash reporting.
• Analytics Events: We track events such as lesson starts, lesson completions, feature usage (shop, compass, customization), and subscription-related actions. These events help us understand how the App is used and improve the experience.

2.3 Location Data

If you use the Mizrach Compass feature, the App requests access to your device's location (when in use only) and motion sensors to determine the direction of Jerusalem. This location data is processed on your device in real time and is not transmitted to our servers or any third party. Location access is entirely optional and the compass feature will prompt you for permission before accessing your location.

2.4 Information We Do NOT Collect

• We do not collect payment or credit card information. All payments are processed by Apple through the App Store.
• We do not use advertising identifiers (IDFA) or participate in ad tracking.
• We do not serve advertisements in the App.
• We do not collect photos or camera data. Camera and photo library access is only used if you choose to set a profile photo, and images are processed locally.
• We do not track your location in the background or store location history.

3. How We Use Your Information

We use the information we collect for the following purposes:

We do not use your information for advertising, profiling, or any purpose unrelated to providing and improving the App.

4. Third-Party Services

We use the following third-party services to operate the App. Each service receives only the minimum data necessary to perform its function:

4.1 Supabase (Backend & Authentication)

Supabase provides our database, authentication, and backend infrastructure. All user data (profiles, progress, chat history) is stored on Supabase's servers. Supabase complies with SOC 2 Type II security standards.

Data shared: Account information, learning progress, chat messages, app usage data.

4.2 OpenAI (AI Chat)

The Chavruta AI chat feature uses OpenAI's API (GPT-4o Mini model) to generate responses. When you send a chat message, the following data is sent to OpenAI:

• Your chat message
• Recent conversation history (last 20 messages)
• Your display name, current level, XP, streak, and recently completed lessons (to personalize responses)

OpenAI processes this data to generate responses and may retain it in accordance with their API data usage policies. As of our last review, OpenAI does not use API data to train their models.

4.3 RevenueCat (Subscription Management)

RevenueCat manages our subscription infrastructure. It receives your user ID and subscription status from Apple to track entitlements.

Data shared: User ID, subscription purchase events.

4.4 PostHog (Analytics)

We use PostHog for product analytics to understand how the App is used and to improve the experience. PostHog collects analytics events (e.g., lesson completed, feature opened) associated with your user ID. PostHog does not collect device advertising identifiers and we have disabled session replay.

Data shared: User ID, analytics events with properties, screen views.

4.5 Sentry (Error Reporting)

Sentry collects crash reports and error logs to help us identify and fix bugs. When an error occurs, Sentry may capture the error message, stack trace, device type, OS version, and a screenshot of the active screen at the time of the error.

Data shared: Error/crash data, device information, app screenshots at time of error.

4.6 Apple (App Store & Payments)

Apple processes all subscription payments through the App Store. We do not receive or store your payment information. Apple's processing of your data is governed by Apple's Privacy Policy.

5. Children's Privacy (COPPA Compliance)

We take children's privacy seriously. The App is designed for use by children, and we are committed to complying with the Children's Online Privacy Protection Act (COPPA) and similar laws worldwide.

5.1 Parental Consent

If a user is under 13 years of age, we require verifiable parental consent before collecting any personal information. By creating an account for your child or allowing your child to create an account, you as the parent or legal guardian are providing your consent to the collection and use of your child's information as described in this Privacy Policy.

5.2 Information Collected from Children

We minimize the data we collect from children. The information collected from child users is limited to:

• A display name (which does not need to be their real name)
• Learning progress and in-app activity
• Chat messages sent to the AI tutor (premium feature only)

Authentication is handled through Apple Sign In, Google Sign In, or email/password (which would be set up by a parent). We do not knowingly collect more personal information from children than is reasonably necessary to provide our educational service.

5.3 No Advertising or Tracking

The App does not display advertisements to any users, including children. We do not use advertising identifiers, behavioral targeting, or interest-based profiling. Analytics data is used solely to improve the educational experience and is not shared with advertisers.

5.4 No Social Features

The App does not include social networking features, public profiles, user-to-user messaging, or any way for children to make their personal information publicly available.

5.5 Parental Rights

As a parent or guardian, you have the right to:

• Review the personal information we have collected from your child.
• Request that we delete your child's personal information.
• Refuse to allow any further collection or use of your child's information.
• Delete your child's account through the App's Settings page or by contacting us.

To exercise any of these rights, please contact us at support@skye.gg.

6. Push Notifications

With your permission, the App may send push notifications to remind you about learning streaks and daily lessons. You can opt out of notifications at any time through your device's system settings.

Types of notifications we may send:

• Streak reminders: A daily evening reminder if you haven't completed a lesson that day.
• Daily learning reminders: A morning reminder to encourage daily learning.

We do not send marketing or promotional push notifications.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. Specifically:

• Account data and learning progress: Retained until you delete your account.
• Chat messages: Retained until you delete your account.
• Analytics data: Retained by PostHog according to their retention policies.
• Crash reports: Retained by Sentry for up to 90 days.

When you delete your account, all personal data stored on our servers is permanently deleted. This includes your profile, learning progress, chat history, inventory, and all associated data. Deletion is irreversible.

Please note that data already shared with third-party services (OpenAI, PostHog, Sentry) may be retained by those services according to their own retention policies, even after you delete your account with us.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• All data transmission is encrypted using TLS/HTTPS.
• Database access is protected by row-level security policies, ensuring users can only access their own data.
• Sensitive profile fields (gems, XP, hearts, streak data, premium status) are protected from client-side modification through database-level policies.
• Authentication is handled through industry-standard providers (Apple, Google, Supabase Auth).
• API rate limiting is enforced to prevent abuse.

While we strive to protect your information, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

9. Local Data Storage

The App stores some data locally on your device using secure on-device storage to provide offline functionality and a faster experience. This includes cached copies of your profile, learning progress, and mascot customization settings. This data remains on your device and is automatically synced with our servers when you are online.

Local data is deleted when you uninstall the App or clear the App's data through your device settings.

10. Your Rights

Depending on your location, you may have certain rights regarding your personal information:

10.1 All Users

• Access: You can view your profile information within the App at any time.
• Correction: You can update your display name through the App's Profile page.
• Deletion: You can permanently delete your account and all associated data through Settings > Delete Account in the App.
• Notifications: You can disable push notifications through your device settings.
• Location: You can revoke location permissions through your device settings.

10.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how we use it, the right to request deletion, and the right to non-discrimination for exercising your rights. We do not sell personal information to third parties.

10.3 European Economic Area Residents (GDPR)

If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectification, erasure, data portability, and the right to object to processing. Our legal basis for processing your data is your consent (for account creation and optional features) and our legitimate interest in providing and improving the App.

To exercise any of these rights, please contact us at support@skye.gg.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers operate. These countries may have data protection laws that differ from those in your country. By using the App, you consent to the transfer of your information to these countries.

We ensure that any such transfers comply with applicable data protection laws and that appropriate safeguards are in place.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. For material changes that affect how we collect or use children's data, we will provide prominent notice and, where required by law, obtain renewed parental consent.

We encourage you to review this Privacy Policy periodically. Your continued use of the App after changes are posted constitutes your acceptance of the revised Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy, your child's data, or wish to exercise any of your rights, please contact us:

If you believe we have collected personal information from a child under 13 without parental consent, please contact us immediately and we will take steps to delete that information.