1) Quick summary
- We collect account data, app usage data, purchase data, and content you provide such as test responses.
- We use Firebase for auth, data, analytics, crash reports, remote config, and security, and OpenAI APIs to generate AI outputs from your prompts.
- We do not sell personal information. We do not share it for cross-context behavioral advertising.
- You can access, correct, download, and delete your data. You can withdraw consent where applicable.
2) Data we collect
| Category | Examples | Source |
|---|---|---|
| Account identifiers | Name or alias, email, Firebase UID, auth tokens | You, Firebase Auth |
| Profile and settings | Avatar, language, notification preferences | You |
| User content | Test answers, free-text inputs, prompts, in-app notes | You |
| Derived results | Scores, dimensions, summaries, inferences generated by AI | Computed by the Service |
| Usage and device data | App events, feature interactions, timestamps, device model, OS version, IP-derived general location, app version | Automatically from your device and SDKs |
| Crash and diagnostics | Stack traces, stability metrics | Automatically from Crashlytics or similar |
| Purchase metadata | Product, price, currency, billing status, receipt hashes | Apple/Google purchase APIs |
| Support interactions | Emails, in-app messages, attachments | You |
We do not intentionally collect special or sensitive categories unless you provide them in free-text fields. Avoid entering confidential health, financial, or government ID data.
3) How we use data
- Provide, secure, and maintain the Service, including authentication, syncing, backups, and fraud prevention.
- Generate test scoring, insights, and AI outputs from your inputs.
- Measure performance, fix bugs, and improve features.
- Process purchases, entitlements, and receipts.
- Communicate about updates, security, and support.
- Comply with legal obligations and enforce Terms.
4) AI processing
When you use AI features, we send necessary inputs to our AI provider(s) to generate outputs. We do not opt in to allow provider training on our API data. Providers may retain API logs for a limited period to detect abuse, after which they delete them unless law requires longer retention. AI outputs can be inaccurate. Do not rely on them for medical, legal, financial, or safety decisions.
5) Legal bases (EEA/UK)
- Contract. To provide the Service you request.
- Legitimate interests. Security, fraud prevention, analytics, improvement.
- Consent. Where required for optional features or marketing.
- Legal obligation. Record keeping and compliance.
6) How we share information
We share personal information with:
- Service providers. Firebase (auth, database, analytics, crash), cloud infrastructure, error monitoring, email delivery.
- AI providers. OpenAI for model inference.
- App stores. Apple and Google for billing and entitlements.
- Legal and safety. If required by law or to protect rights, users, or Service integrity.
- Business transfers. In a merger, acquisition, or asset sale.
We do not sell personal information. We do not share it for cross-context behavioral advertising.
7) Retention
| Data | Retention |
|---|---|
| Account and profile | While your account is active, then deleted upon account deletion subject to legal holds. |
| User content and results | Until you delete them or delete your account. |
| Crash and diagnostics | Typically 90–180 days. |
| Analytics event data | Typically up to 14 months in aggregate form. |
| Purchase records | 7 years or as required for tax and accounting. |
| Support records | Up to 24 months after resolution unless law requires longer. |
8) Security
We apply administrative, technical, and physical safeguards. We use Firebase Security Rules to restrict access to authorized users and validate data. No method is 100% secure.
9) International transfers
We and our providers process data in Canada, the United States, the European Union, and other locations where we or they operate. For transfers from the EEA/UK to countries without an adequacy decision, we rely on Standard Contractual Clauses and comparable safeguards.
10) Your rights
- Access and portability. Request a copy of your data.
- Correction. Update inaccurate data.
- Deletion. Delete content or your account. Some data may be retained for legal obligations or security.
- Restriction and objection. Where applicable by law.
- Consent withdrawal. Where we rely on consent.
Submit requests via in-app settings where available or email [email protected]. We may verify identity before responding.
11) Regional disclosures
Canada. We follow PIPEDA fair information principles. In British Columbia, PIPA applies to private organizations. In Quebec, Law 25 adds transparency, profiling disclosure, and privacy officer duties. Contact us to exercise access, correction, and deletion rights.
EEA/UK. Reev Tech Inc. is the controller for Service data. You may lodge a complaint with your supervisory authority. We use processors such as Firebase and OpenAI under data processing terms and SCCs.
California. We do not sell or share personal information as defined by the CPRA. You have rights to know, delete, correct, and limit sensitive data use where applicable. Submit requests as above.
Children. The Service is not directed to children under 13. If we learn we collected personal information from a child under 13, we will take reasonable steps to delete it.
12) SDKs and third-party services
- Firebase
- Authentication, Firestore/Storage, Analytics, Crashlytics, Remote Config, App Check. Data is processed under Google’s Firebase Terms and Data Processing and Security Terms. Locations depend on product configuration.
- OpenAI
- API inference for prompts and completions. API data is not used to train OpenAI models unless opted in. OpenAI retains API logs for a limited period to detect abuse and then deletes them, unless required by law.
- Apple/Google
- Billing, purchase validation, and receipt checks handled by the platform stores.
13) Cookies and tracking
The mobile app uses SDK event telemetry rather than browser cookies. Our website may use cookies for essential operations, analytics, and performance. You can control cookies in your browser.
14) Your choices
- Account deletion in app where available or by contacting support.
- Export your data by contacting support.
- Opt out of non-essential analytics if offered in settings.
- Control notifications in system settings.
15) Changes to this Policy
We will post updates with a new effective date. Material changes will be highlighted in the app or on our site.
16) Contact
Reev Tech Inc.
Toronto, Ontario, Canada
[email protected]
If you are in the EEA/UK and believe we have not addressed your concern, you may contact your local data protection authority.
Annex A — Data map
| Purpose | Data | Processing basis | Processors |
|---|---|---|---|
| Authentication | Email, UID, tokens | Contract | Firebase Authentication |
| Sync and storage | User content, results, settings | Contract; Legitimate interests | Firebase Firestore/Storage |
| AI inference | Prompts, context needed to produce output | Contract; Consent where required | OpenAI API |
| Analytics and improvement | Event telemetry, device metadata | Legitimate interests; Consent where required | Firebase Analytics |
| Stability and debugging | Crash reports, diagnostics | Legitimate interests | Firebase Crashlytics |
| Purchases | Receipt hashes, product IDs, entitlement status | Contract; Legal obligation | Apple/Google |
| Support | Messages, email, attachments | Legitimate interests; Consent | Email provider |