Privacy Policy

If you create an account, we collect your email address and basic profile information. You may also sign in using Apple Sign-In or Google Sign-In (OAuth), in which case we receive your name and email address from the identity provider. We do not receive or store your password from OAuth providers.

We record which story cards you view, swipe past, save to your library, or read in full. This data is associated with your account or anonymous session ID and is used to personalise your feed, power recommendations, and track your reading streak.

If you use the journalling feature, your written reflections are stored in our database tied to your account or anonymous session ID. Journal entries are private by default, are not used to train AI models, and are not shared with third parties.

If you opt in to push notifications, we store the device token provided by Apple Push Notification Service (APNs) or Google Firebase Cloud Messaging (FCM). These tokens are used solely to deliver notifications you have requested (e.g., daily story reminders, streak reminders). You can revoke notification permissions at any time through your device settings.

If you subscribe to Untold Archives Pro, payment is processed by Apple (App Store), Google (Google Play), or RevenueCat. We do not directly collect or store your credit card number, billing address, or other payment details. We receive only a subscription status and transaction identifier from these providers.

When you use the App, standard technical information may be collected, including your IP address, device type, operating system version, app version, and general usage analytics. This data is used for debugging, security, and improving the App.

We use Supabase for our database, authentication, and file storage. Your account data, reading activity, and journal entries are stored there. Supabase is SOC 2 certified and stores data in secure cloud infrastructure. See supabase.com/privacy.

We use Expo's push notification service to deliver notifications to your device. Expo receives your device push token and the notification content. See expo.dev/privacy.

We use RevenueCat to manage in-app subscriptions across platforms. RevenueCat receives your anonymised user identifier and subscription status from Apple or Google. See revenuecat.com/privacy.

If you sign in with Apple or Google, authentication is handled by the respective provider. If you purchase a subscription through the App Store or Google Play, the payment is processed entirely by Apple or Google. We receive only your authentication token and subscription status. See apple.com/legal/privacy and policies.google.com/privacy.

Our web app is hosted on Vercel, which may log standard server access logs (IP address, request path, timestamp) for security and debugging purposes. See vercel.com/legal/privacy-policy.

Story text is generated using Anthropic's Claude API. Card images are generated using OpenAI's image API. Content generation happens server-side during our editorial process — your personal data and journal entries are not sent to these providers.

You can clear your reading history at any time from your Profile settings. This will reset your feed recommendations but will not delete your account.

You can request full account deletion from your Profile settings or by emailing us at privacy@untoldarchives.app. Upon deletion, we will permanently remove your account data, reading history, journal entries, and push notification tokens within 30 days. Server access logs may be retained for up to 90 days for security purposes before automatic deletion.

If you have an active subscription, cancelling it through Apple or Google does not delete your account. You must separately request account deletion if desired. RevenueCat may retain anonymised transaction records as required for financial compliance.