Privacy Policy
Morten Kaltoft (“we,” “our,” or “us”) operates the Chillwise application (the “App”). This Privacy Policy explains what personal data we collect, how we collect it, how we use it, and with whom we share it. By using the App, you consent to the practices described in this Privacy Policy.
In short
- We collect your name and email to operate the App
- We securely store the messages you send inside the App
- The messages are used to generate personalized AI-powered content
- The messages are shared with third-party providers to operate the App
- We do not share your name or email with third-party providers
- We do not sell your data or use it to train AI models
- Analytics data is hosted in the EU; some data is processed in the US
- You can delete your account and all of your data at any time
1. Information We Collect
1.1 Account Information
When you create an account, we collect your email address and password. Your password is securely hashed and is never stored in plain text. If you use Apple Sign-In, we may receive your email and name (if provided).
1.2 User Content and Learning Data
When you use the App, we collect:
- Learning topics you select
- Messages and inputs you provide
- Generated audio transcripts and content
- Conversation and content history
This data is stored to provide personalized learning experiences and allow access across sessions.
1.3 Audio and Playback Data
We generate and deliver audio content for playback. Playback state and audio metadata may be stored locally on your device. When casting, playback data may be shared with compatible devices on your local network.
1.4 Usage and Analytics Data
We collect product usage data through PostHog, including:
- Screen views
- User interactions (e.g., playback, subscriptions, authentication events)
- App lifecycle events
- Device type and operating system
1.5 Device Information
We may collect device-related information such as:
- Device model
- Operating system version
- App version
- Push notification tokens
2. How We Use Your Information
We use your data to:
- Provide and operate the App, including generating AI-powered content and audio
- Personalize your learning experience
- Store your content and history
- Authenticate users and manage sessions
- Deliver audio playback and casting functionality
- Manage subscriptions and entitlements
- Send push notifications
- Analyze usage and improve the App
- Maintain security and prevent abuse
- Comply with legal obligations
3. How We Share Your Information
3.1 Supabase (Database, Authentication & Storage)
We use Supabase to store and manage:
- User accounts and authentication
- User profiles
- Content and conversation history
- Uploaded files
- Push notification tokens
3.2 OpenAI (AI Content Generation & Text-to-Speech)
User inputs (such as messages and learning topics) and conversation history are sent to OpenAI to generate learning content and audio. This data is processed in the United States.
3.3 Google Gemini (Image Generation)
Learning topics may be sent to Google Gemini to generate cover images. This processing occurs in the United States.
3.4 RevenueCat (Subscriptions)
We use RevenueCat to manage subscriptions, purchases, and entitlements. This includes app user IDs and purchase history.
3.5 PostHog (Analytics)
Usage data is sent to PostHog (EU-hosted) to analyze product usage and improve the App.
3.6 Apple Sign-In
If you choose Apple Sign-In, Apple provides authentication data (identity token, email, optional name), which is verified via Supabase.
3.7 Expo (Push Notifications & Updates)
We use Expo services to deliver push notifications and app updates. This includes push tokens, notification content, and device information.
3.8 Upstash (Caching)
We use Upstash Redis for temporary server-side caching of audio data and request metadata.
3.9 Google Cast (Chromecast)
When using casting features, certain playback data and device discovery information may be shared with devices on your local network and Google services.
3.10 Legal Requirements
We may disclose your information if required by law, to enforce our rights, or in connection with a business transaction.
4. Sale of Personal Data
We do not sell, rent, or trade your personal data.
5. AI Model Training
Your data is not used to train AI models, neither by us nor by third-party providers. Your data is processed by third-party providers (such as OpenAI and Google) solely to generate content within the App. Please refer to their respective privacy policies for details on their data handling practices.
6. Data Storage and Security
Your data is stored using Supabase infrastructure and other service providers described above. We implement appropriate technical and organizational measures to protect your data. However, no system is completely secure.
7. International Data Transfers
Your data may be processed in multiple countries, including:
- European Union (e.g., PostHog, Upstash)
- United States (e.g., OpenAI, Google, RevenueCat, Expo, Apple)
By using the App, you consent to these transfers. We take reasonable steps to ensure appropriate safeguards are in place.
Where personal data is transferred outside the EEA, we rely on Standard Contractual Clauses approved by the European Commission and/or adequacy decisions such as the EU-US Data Privacy Framework.
8. Legal Basis for Processing (GDPR)
We process personal data under the following legal bases:
- Contract performance: To provide the App’s services
- Legitimate interests: To improve the App, ensure security, and operate the service
- Consent: Where required (e.g., optional features)
- Legal obligations: Compliance with applicable laws
9. Push Notifications
We may send notifications related to your content, activity, or updates. You can disable notifications in your device settings.
10. Data Retention
We retain your data for as long as your account is active. You may delete your account under "Settings" in the App, after which your data will be deleted within a reasonable timeframe unless retention is required by law.
11. Your Rights
Depending on your location, you may have the right to:
- Access your data
- Correct inaccurate data
- Restrict or object to processing
- Request data portability
- Withdraw consent
To exercise your rights, contact us using the details below.
12. Children’s Privacy
The App is not intended for children under 13. We do not knowingly collect data from children.
13. Third-Party Data Protection
We rely on third-party providers that implement appropriate data protection measures. However, their processing is governed by their own privacy policies.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Continued use of the App constitutes acceptance of any updates.
15. Contact
If you have questions about this Privacy Policy, contact:
Morten Kaltoft
support@chillwise.app