Scholium
Privacy Policy

Scholium — scholium.app · Effective Date: March 2026 · Last Updated: March 2026

“Your archive belongs to you. This policy explains exactly how we handle it.”

What We Collect

We collect the minimum necessary to provide Scholium:

Account Information (if you sign in)

  • • Email address (for Firebase Authentication)
  • • Display name (optional, for personalization)
  • • Authentication provider: Apple, Google, or email

Note Data (only if cloud sync is enabled)

  • • Your note content, titles, tags, and folder structure
  • • Stored in Firebase Firestore, associated with your account
  • • If you choose local-only mode, note data never leaves your device

Usage Analytics (anonymous)

  • • App crashes and errors (via Firebase Crashlytics)
  • • Feature usage events (e.g. “domain_switched”, “template_used”) — no note content
  • • Device model and OS version for compatibility reporting

What We Do NOT Collect: The content of your notes for training, advertising, or any third party. Your location. Your contacts or calendar data. Any biometric data. Advertising identifiers (NSPrivacyTracking: false is set in our app).

How We Use Your Data

PurposeData UsedLegal Basis
Provide the app and sync your notesAccount + note dataContract (your use of the service)
Diagnose crashes and bugsCrash reportsLegitimate interest
Improve features (aggregate, anonymous)Anonymous usage eventsLegitimate interest
Communicate about your accountEmail addressContract

We do not sell, rent, or share your personal data with advertisers or data brokers. Ever.

Your Notes — Local vs. Cloud

By default, Scholium operates in local-only mode: Notes are stored using Apple SwiftData on your device. No note data is transmitted to our servers.

If you enable cloud sync by signing in: Notes are encrypted in transit (HTTPS/TLS) to Firebase Firestore. You may optionally enable AES-256-GCM note encryption — this encrypts note content before it leaves your device using a passphrase you set. We cannot decrypt this content.

Ask Scribe (AI Search) runs entirely on-device using Apple's Natural Language framework. Your notes are not sent to any server for this feature. AI Writing Tools: If you configure an LLM provider (Groq, OpenAI, etc.), selected text from your notes is sent to that provider per their privacy policy. Your API key is stored in Apple Keychain on your device — Scholium never stores or transmits your API key.

Third-Party Services

ServicePurposePrivacy Policy
Firebase Authentication (Google)Sign-infirebase.google.com/support/privacy
Firebase Firestore (Google)Cloud sync (optional)Same as above
Firebase Crashlytics (Google)Crash reportingSame as above
Groq / OpenAI / AnthropicAI writing (user-configured, optional)Per provider

We do not use any ad networks, tracking SDKs, or social media pixels.

Data Retention & Deletion

  • Your notes: Retained as long as your account is active. You may delete individual entries at any time within the app.
  • Your account: You may delete your account and all associated data from Settings → Delete Account. This permanently removes your profile and any cloud-synced data from our servers within 30 days.
  • Crash data: Anonymized crash reports are retained for 90 days then automatically deleted by Firebase.

Children's Privacy

Scholium is not designed for or marketed to children under 13. We do not knowingly collect data from children under 13. If you believe a child has created an account, contact us at support@scholium.app and we will delete it promptly.

Your Rights

Depending on your location, you may have rights including:

  • Access: Request a copy of your personal data
  • Correction: Update incorrect information
  • Deletion: Delete your account and all data
  • Portability: Export your notes (via Settings → Export)
  • Objection: Opt out of non-essential analytics

To exercise these rights, contact: support@scholium.app. We aim to respond within 30 days.

Security

We take security seriously:

  • • API keys stored in Apple Keychain (kSecAttrSynchronizable: false)
  • • Optional AES-256-GCM note encryption with PBKDF-style key derivation
  • • Two-factor authentication (TOTP) available
  • • All data in transit uses HTTPS/TLS
  • • Firebase Firestore rules restrict access to your own data only

No security system is perfect. If you discover a vulnerability, please report it to support@scholium.app.

Changes to This Policy

If we make material changes, we will notify you in the app and update the “Last Updated” date above. Continued use of Scholium after changes constitutes acceptance of the updated policy.

Contact

Scholium

support@scholium.app

scholium.app