Legal

Privacy Policy

Effective May 6, 2026 · Last updated May 6, 2026

01Summary

In plain English Clavis is a study-to-unlock app for iOS. We process the notes you upload to generate quizzes, store the bare minimum needed for your account and leaderboard ranking, and let iOS itself manage which apps you've chosen to block. We do not sell your data. We do not access the contents of your other apps or your browsing history.

This Privacy Policy describes how Clavis ("we", "us", "Clavis") collects, uses, stores, and shares information when you use the Clavis mobile application and the website at clavisapp.com (together, the "Service"). By using the Service you agree to this Policy.

02Data we collect

Account information

When you create an account, we collect the email address (or Sign in with Apple identifier) you use to authenticate, a display name you choose, and an account creation timestamp. We do not collect your real name, phone number, address, or payment details — payments are handled entirely by Apple through the App Store.

Study material you upload

To generate lessons, you upload PDFs, photos, or typed notes. We treat these as transient inputs to our AI provider and do not retain the original files after lesson generation completes (see Notes & AI processing).

Generated lessons and quiz results

We store the lessons and questions Clavis generates from your notes, and your quiz results (which questions you answered correctly, score, time taken). This is what makes "review missed questions" and your XP/level work.

Usage and diagnostics

We collect anonymous app event logs (e.g. "lesson completed", "quiz passed") and crash reports to keep the app working. These are tied to a device-scoped identifier, not to your name or email.

What we do not collect

  • The content of any other app on your device.
  • Your browsing history or web traffic.
  • Your contacts, photos library (beyond images you explicitly pick), microphone, or precise location.
  • Advertising identifiers — Clavis contains no third-party advertising or tracking SDKs.

03Notes & AI processing

When you upload study material, the file is transmitted over an encrypted connection to our AI processing provider for the sole purpose of generating lessons and quiz questions. Specifically:

  • OCR / parsing. If the file is an image or PDF, we extract its text.
  • Lesson generation. The extracted text is passed to a large language model that produces lessons and quiz questions.
  • Discard. Once generation completes, the original file and the raw extracted text are discarded from our processing pipeline. Only the resulting lessons and questions are stored to your account.

Our AI providers operate under contractual terms that prohibit them from using your content to train their models. Clavis does not use your notes to train any model.

Sensitive material Please don't upload notes that contain personal information about identifiable third parties, medical records, or anything you wouldn't want briefly transmitted to an AI provider. Clavis is intended for course material.

04Screen Time & Family Controls

Clavis uses Apple's Family Controls and ManagedSettings frameworks (the "Screen Time API") to block and unblock apps you select. This is privacy-preserving by design:

  • You — not Clavis — pick which apps to block, using Apple's system picker. Clavis never sees an unhashed list of apps installed on your device.
  • Apple returns opaque tokens that represent the apps you chose. Clavis stores these tokens locally on your device only.
  • Clavis cannot read what's inside any app, see notifications, or access usage data beyond your own block selections.
  • When you pass a quiz, Clavis tells iOS to lift the restriction for the duration of your unlock session. iOS — not Clavis — enforces the block.

05Where your data lives

On your device

Your authentication tokens, app-block selections, current XP/level, active session state, and cached lessons are stored locally on your iPhone using iOS Keychain (for secrets) and the app's sandboxed storage.

On Supabase (our backend)

We use Supabase to provide authentication and the global leaderboard. Supabase stores: your account email/identifier, display name, total XP, and aggregate quiz statistics. Supabase data is hosted in the United States and protected at rest with AES-256 encryption.

Retention

  • Uploaded files: discarded immediately after lesson generation.
  • Generated lessons & quiz results: kept while your account is active. Deleted within 30 days of account deletion.
  • Diagnostic logs: 90 days, then deleted.

06Sharing & third parties

We share data only with the small number of service providers required to run the Service, and only the data they need:

  • Apple — App Store payments, Sign in with Apple, Screen Time API. Governed by Apple's privacy policy.
  • Supabase — authentication and leaderboard storage.
  • AI processing provider — transient lesson generation from uploaded notes (see Section 3).

We do not sell or rent your personal information to anyone. We do not share data with advertisers or data brokers. We may disclose information if required by law (subpoena, court order) or to protect the safety of users.

07Your rights

Depending on where you live (GDPR, CCPA, and similar regimes), you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and all associated data.
  • Export your data in a portable format.
  • Opt out of any processing not strictly necessary to run the Service.

You can delete your account in-app from Settings → Account → Delete account. Deletion is processed within 30 days.

08Children's privacy

Clavis is rated 12+ on the App Store and is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created a Clavis account, contact us and we will delete the account and associated data.

09Security

All traffic between the Clavis app and our backend is encrypted with TLS 1.2+. Data at rest in Supabase is encrypted with AES-256. Authentication uses short-lived tokens stored in iOS Keychain. No system is perfectly secure; if we become aware of a breach affecting your account, we will notify you and the appropriate regulators as required by law.

10Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we'll update the "Last updated" date at the top of this page and, if the change is significant, notify you in the app. Continued use of the Service after a change means you accept the updated policy.

11Contact

Questions, requests, or complaints? Email contact for the website is coming soon. Until then, please reach out via the App Store listing.

Clavis · clavisapp.com