Privacy Policy

Contact form submissions

Data: name, email address, message text.

Purpose: to respond to your inquiry.

Legal basis: legitimate interest (Article 6(1)(f) GDPR), responding to an unsolicited message you initiated.

Retention: up to 12 months, then deleted.

Account registration & authentication

Data: email address, hashed password or OAuth provider ID, optional display name.

Purpose: to provide account-based features (comments, ratings).

Legal basis: performance of a contract (Article 6(1)(b) GDPR), you requested an account.

Retention: until you delete your account, or after 24 months of inactivity.

Comments & ratings

Data: your comment text, star rating, and user ID. This content is publicly visible.

Purpose: to display user-generated discussion on blog posts.

Legal basis: consent (Article 6(1)(a) GDPR), you actively submitted the content.

Retention: until deleted by you or by an administrator.

Payments

Data: purchase amount and Stripe session ID. No card numbers are stored on this site.

Purpose: to fulfil a purchased service.

Legal basis: performance of a contract (Article 6(1)(b) GDPR).

Retention: 7 years (legal obligation for financial records).

Server & access logs

Data: IP address, browser type, pages visited, timestamp.

Purpose: security monitoring and operational diagnostics.

Legal basis: legitimate interest (Article 6(1)(f) GDPR), keeping the site secure and operational.

Retention: server and platform logs are kept for our hosting provider's (Vercel) standard log-retention period for our plan, then automatically deleted; we do not keep a separate copy. Crash and error data sent to Sentry is retained under Sentry's default retention.

On-device storage (never leaves your device)

Data stored only on your device (AsyncStorage) and deleted when you uninstall: your saved dev-tool results and history (hash, base64, UUID, JSON outputs and their history), tip-out calculator shift records (including coworker first names you enter and any attached POS-slip photo), app settings and preferences (stay-signed-in, quick actions, onboarding, daily-reminder time, Dexter visibility), and the on-device credential vault (see below).

These never leave your device. NOTE: notes, code snippets, flashcard progress, daily-question streak, pomodoro sessions, game scores, and favorites are stored locally first but also sync to our Supabase backend when you are signed in (see Cross-device sync below); uninstalling does not delete the synced cloud copy.

Legal basis: performance of a contract (Article 6(1)(b) GDPR), required for the app to function.

Cross-device sync (signed-in users only)

When you are signed in, the following sync to your private, row-level-security-protected Supabase rows keyed by your account user ID: notes, code snippets, flashcard progress, daily-question streak, pomodoro sessions, game scores, favorites, and app-open counts. Deletions are recorded as tombstones (so a delete on one device propagates to your other devices).

Your username/display name (and, if you sign in with Google, your provider avatar URL) are stored in your Supabase account profile. Your account user ID and session token are also used to authenticate every request the app makes to aldowebsitellc.xyz (AI features, account actions).

Purpose: roam your notes, snippets, streaks, sessions, scores, and favorites across devices.

Legal basis: consent (Article 6(1)(a) GDPR), sync only happens once you sign in. Sign out and the cloud copy stays unchanged; the local copy persists. Everything synced is removed when you delete your account.

Retention: until you delete your account, or after 24 months of inactivity.

On-device credential vault (password manager)

The app includes an optional credential vault (label, username, password, URL, notes). Entries are stored encrypted at rest in the OS keystore (Android Keystore via expo-secure-store), gated behind your device biometric or PIN unlock, and any generated passwords come from a secure random generator.

Where: on your device only. Vault data never syncs to the cloud and never leaves your device; we cannot see, recover, or reset it. Uninstalling the app or clearing its data deletes the vault permanently.

Legal basis: performance of a contract (Article 6(1)(b) GDPR), the feature you chose to use.

Account session tokens on device

Data: your Supabase session (access token, refresh token) and account user ID, cached in on-device storage (AsyncStorage) so your session persists across app restarts.

Where: stored on your device; the token is sent to aldowebsitellc.xyz as the bearer identity for server calls (AI, account, admin actions). Signing out clears it.

Legal basis: performance of a contract (Article 6(1)(b) GDPR), required to keep you signed in.

AI features (AI Tutor, Dexter assistant, Image AI)

The app ships three AI surfaces: the AI Tutor (study Q&A), the in-app Dexter assistant (free-text chat), and Image AI (analyse a photo). They send your typed text, recent chat history (last ~16 messages), and any image you pick from your library or camera (as base64, up to ~4.5MB) first to our own server at aldowebsitellc.xyz, which holds the model keys and relays it to a third-party model provider (Groq running Meta Llama, or Google Gemini, whichever is configured) for inference.

We do not store the prompts, chat content, or images in our database; we store only a per-user daily usage count. The providers may log requests for abuse prevention under their own policies.

Don't paste real secrets, credentials, IDs, or other sensitive PII, anything you wouldn't put on a public pastebin.

The AI Tutor free tier is limited to 10 questions per UTC day, counted against your signed-in account (a per-user daily counter stored in our database). The in-app Dexter assistant has a separate 100/day per-user limit.

Legal basis: consent (Article 6(1)(a) GDPR), you initiate every send.

Weather on the home dashboard

Data: your device's approximate (coarse) latitude and longitude. We request only approximate location; precise/fine location is blocked in the app manifest.

Where: requested when the weather card loads and sent to Open-Meteo for the forecast and to your device's reverse-geocoding service for a city label. We do not store the coordinates (they exist only in memory for the request), but Open-Meteo and the geocoder receive them and may log the request under their own policies.

This is the only feature that uses location. Denying the permission simply hides the weather card; the rest of the app works normally.

Legal basis: consent (Article 6(1)(a) GDPR), you grant location permission at the OS prompt.

Local notifications

Data: pomodoro session timestamps and daily reminders, scheduled locally on your device.

Where: handled by Android via the POST_NOTIFICATIONS permission. Notifications are local only: there is no push server and no FCM/push token is generated or sent. Nothing leaves your device for this feature.

Crash & error reporting

Data: device model, OS version, app version/release, a breadcrumb of recent screen names, stack traces, and an auto-generated installation/device identifier.

Where: sent to Sentry for crash and error reporting, and for a 20% sample of performance traces. We configure Sentry with sendDefaultPii disabled, which prevents your email and IP address from being attached (Sentry would otherwise collect IP by default). We make a best effort not to capture user input.

Legal basis: legitimate interest (Article 6(1)(f) GDPR), fixing crashes and errors you experience.

Bot protection on sign-in (Cloudflare Turnstile)

Data: browser/device signals collected by Cloudflare Turnstile to issue a single-use captcha token.

Where: the sign-in, sign-up, and password-reset screens (both the website and the app's WebView) load Cloudflare Turnstile, which produces a one-time bot-protection token sent with the auth request. Supabase enforces this captcha project-wide.

Legal basis: legitimate interest (Article 6(1)(f) GDPR), preventing automated abuse of the auth endpoints.

App delivery & over-the-air updates (Expo/EAS)

Data: app version and update-channel pings; no user content.

Where: the app checks Expo / Expo Application Services for over-the-air updates. These pings carry only the app version and update channel so the right update is delivered.

Legal basis: legitimate interest (Article 6(1)(f) GDPR), shipping fixes and updates.

Community / forum features

Community and forum features (and their tables) exist in the code but are turned off for this release (feature-flagged). No user-generated forum content is collected or transmitted in the shipped app.

Account & data deletion (in-app)

You can delete your account and all associated data from inside the app (Account tab). Deletion is confirmed with a 6-digit code emailed to you (request a code, then confirm; the deletion is processed server-side). You can also delete individual items.

Self-service data export is available: a JSON archive of your profile, comments, ratings, contact submissions, orders, and toolkit usage. You can also request deletion on the web at aldowebsitellc.xyz/account or by emailing hello@aldowebsitellc.xyz.

On deletion, Stripe order records are retained for tax and financial-records obligations with the customer email scrubbed to “[deleted account]”.

Payments

The app does not process card data. Tapping a Buy button opens an in-app browser tab to Stripe-hosted Checkout (the same flow the website uses). After payment, an order record is created on the website and you receive a Stripe receipt by email; for digital products, the download link is sent in a follow-up email via Resend.