Privacy Policy

1. Introduction

Scholium ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application and related services (collectively, the "Service").

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, password, profile name when you create an account
• Notes and Content: All notes, documents, and data you create in the app
• Domain Selection: Your chosen professional domain (Doctor, Lawyer, Scientist, etc.)
• Settings: Your preferences, themes, and notification settings
• Communications: Messages when you contact us for support

2.2 Information Collected Automatically

• Device Information: Device type, OS version, app version
• Usage Data: Features used, frequency of use, crash reports
• Analytics: App performance metrics, feature engagement patterns
• IP Address: For security and fraud prevention
• Cookies/Similar Technologies: Authentication tokens, preferences

3. How We Use Your Information

We use collected information for:

• Providing, maintaining, and improving the Service
• Personalizing your experience and domain-specific features
• Processing transactions and sending confirmations
• Sending service updates and support notifications
• Responding to your inquiries and customer support requests
• Improving app performance and user experience
• Detecting, preventing, and addressing fraud and security issues
• Complying with legal obligations
• Sending marketing communications (with your consent)

4. AI Features and Privacy

Our AI features ("Ask Your Notes") are designed with privacy as the primary concern:

• Processing: Notes are processed securely through encrypted channels
• No Training Data: Your notes are never used to train our AI models
• Temporary Processing: Data is temporarily processed only to generate your response
• No Retention: AI processing data is deleted immediately after response generation
• On-Device Options: We offer on-device AI processing where available (no servers)
• Transparency: You control when and how AI features are used

5. Data Storage and Security

• Encryption: All notes are encrypted end-to-end (AES-256)
• Secure Cloud Storage: Content stored securely on Firebase Cloud Storage
• In Transit: HTTPS/TLS for all data transmission
• Access Controls: Authentication required; only you can access your data
• Regular Security Audits: We conduct regular security assessments
• Password Protection: Your password is hashed with bcrypt

6. Information Sharing

We do NOT share your personal information except:

• Service Providers: Firebase for hosting, authentication, and storage
• Legal Requirements: When required by law or court order
• Your Consent: When you explicitly authorize sharing
• Business Transfer: In case of merger or acquisition (with notice)

We will never sell your data to third parties.

7. Your Rights - GDPR (EU Users)

If you are in the European Union, you have rights under the General Data Protection Regulation (GDPR):

• Right to Access: Request what data we hold about you
• Right to Correction: Update or correct your information
• Right to Deletion: Request deletion of your account and data
• Right to Portability: Download your data in a portable format
• Right to Object: Object to processing of your data
• Right to Withdraw Consent: Withdraw consent at any time

8. Your Rights - CCPA (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Know what data is collected
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt out of data selling (we don't sell your data anyway)
• Right to Non-Discrimination: We won't discriminate against you for exercising these rights

9. Data Retention

• Active Account: Your data is retained as long as your account is active
• After Deletion: Data is deleted within 30 days of account deletion
• Backups: May remain in backups for up to 90 days
• Legal Holds: May be retained longer if required by law

10. Third-Party Services

Our app uses third-party services:

• Firebase: Authentication, database, storage, hosting
• Apple Sign-In: OAuth authentication
• Google Sign-In: OAuth authentication
• Analytics: Firebase Analytics for usage patterns

These services have their own privacy policies. We recommend reviewing them.

11. Children's Privacy

Our Service is not intended for children under 13 (or applicable age of digital consent in your region). We do not knowingly collect information from children. If we learn we've collected data from a child, we will delete it promptly.

12. Updates to This Policy

We may update this Privacy Policy occasionally. We will notify you of substantial changes by updating the "Last updated" date above. Your continued use of the Service constitutes acceptance of changes.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us at:

• Email: privacy@scholium.tech
• Address: Please include your name, email, and detailed inquiry

We will respond to legitimate privacy requests within 30 days.

14. Data Processing Agreement

For business users processing personal data on behalf of others, standard Data Processing Agreements are available upon request.