Subjectly

Privacy Policy

Last updated: March 23, 2026

1. Introduction

Subjectly ("we," "our," or "us"), operated by AIQSO LLC, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and web service (collectively, the "Service").

Subjectly is designed with a privacy-first, local-first architecture. Your documents are processed and stored on your device, not on our servers. The level of data privacy you experience depends on which tier of the Service you use.

2. How the Service Works

2.1 Local-First Architecture

Subjectly uses a local-first design. Documents you import are processed, indexed, and stored entirely on your device using a local SQLite database. We do not upload, store, or have access to your documents on our servers.

2.2 Pro Tier — Bring Your Own Key (BYOK)

Pro subscribers connect their own AI API keys (e.g., OpenAI, Anthropic Claude, Google Gemini, or self-hosted Ollama). In this mode:

  • Your API keys are stored exclusively in your device's secure keychain (iOS Keychain / Android Keystore) and are never transmitted to our servers
  • AI queries (including document context) are sent directly from your device to your chosen AI provider — they do not pass through our infrastructure
  • We have no visibility into your queries, document content, or AI responses

2.3 Free Tier — Hosted AI

Free tier users access AI features through our hosted proxy. In this mode:

  • AI queries (including relevant document excerpts used as context) are transmitted from your device through our secure proxy to an AI provider
  • This means portions of your document content transit our servers as part of AI query processing
  • We do not store, log, or retain the content of your queries or AI responses
  • Query data is processed in memory only and discarded immediately after the AI provider returns a response
  • Your full documents remain on your device — only relevant excerpts are included in queries

2.4 Auth-Only Backend

Our backend server handles only authentication (login, signup, OAuth) and subscription management. No document content, AI queries, or user-generated study materials are processed or stored on our backend.

3. Information We Collect

3.1 Account Information

  • Email address and username (when you create an account)
  • OAuth profile information (when you sign in with Apple, Google, GitHub, or Microsoft)
  • Subscription status and purchase history (managed by Apple/Google via RevenueCat)

Note: You can use Subjectly without creating an account. Guest mode provides full local functionality with no data collection.

3.2 Information We Do NOT Collect

  • Documents, files, or study materials you import
  • AI API keys you configure (stored only in your device's secure keychain)
  • Chat messages or AI responses (in BYOK/Pro mode)
  • Generated flashcards, quizzes, summaries, or study guides
  • Search queries within your documents

3.3 Automatically Collected Information

  • Device type and operating system version
  • App version and crash reports
  • General usage analytics (features used, not content)

4. How We Use Your Information

  • Authenticate your identity and manage your account
  • Process subscription payments (via Apple App Store / Google Play)
  • Route AI queries through our proxy (free tier only — content is not stored)
  • Send service-related communications (e.g., password resets)
  • Improve app stability through anonymized crash reports
  • Comply with legal obligations

5. Data Storage and Security

5.1 On-Device Storage

All documents, AI-generated content, search indexes, and embeddings are stored locally on your device in an encrypted SQLite database. This data never leaves your device (except as described in Section 2.3 for free tier AI queries).

5.2 Secure Credential Storage

API keys and authentication tokens are stored in your device's native secure storage (iOS Keychain / Android Keystore), which provides hardware-backed encryption.

5.3 Server-Side Security

Account information stored on our authentication server is protected with encryption in transit (TLS/HTTPS) and at rest. We follow industry-standard security practices including secure password hashing and token-based authentication.

6. Third-Party Services

Depending on your tier and configuration, the following third parties may process data:

  • AI Providers (BYOK/Pro mode): When you configure your own API keys, your device sends queries directly to your chosen provider (OpenAI, Anthropic, Google, or others). These providers have their own privacy policies governing how they handle your data.
  • AI Providers (Free tier): Queries are routed through our secure proxy to an AI provider. Document excerpts included in queries transit our servers but are not stored.
  • RevenueCat: Manages subscription status and purchase validation. RevenueCat receives your anonymous user identifier and purchase receipts.
  • Apple / Google: Process in-app purchase payments.
  • OAuth Providers: If you sign in with Apple, Google, GitHub, or Microsoft, those providers share limited profile information (email, name) per their privacy policies.

7. Your Rights and Choices

  • Use without an account: Access all local features without providing any personal information
  • Choose your data path: Use BYOK mode to ensure AI queries go directly from your device to your chosen provider, bypassing our servers entirely
  • Access your data: All your documents and generated content are on your device and accessible to you at all times
  • Delete your data: Delete individual documents or all local data from within the app. Delete your account via Settings > Account > Delete Account
  • Export your data: Export documents and generated content from within the app
  • Manage subscriptions: Manage or cancel subscriptions through your device's App Store settings

8. Data Retention

On-device data persists until you delete it or uninstall the app. Account information on our server is retained while your account is active. Upon account deletion, we delete your account data within 30 days, except where retention is required by law. Free tier AI query content is never stored and exists only in memory during processing.

9. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly.

10. International Data Transfers

Account information may be transferred to and processed in the United States. If you use a third-party AI provider, your queries may be processed in accordance with that provider's data handling policies and geographic infrastructure.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

AIQSO LLC
Email: [email protected]
Website: https://subjectly.app