Privacy Policy

Last Updated: October 30, 2025

1. Introduction

Bluprintr, Inc., a Delaware corporation ("Company," "we," "us," or "our"), operates Huon (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not use the App.

Important Note on Data Collection: Huon uses cloud-based infrastructure for authentication (Auth0) and AI features (Cloudflare AI Gateway). When you use AI features, your requests and content are logged and tracked through our infrastructure. While your study content is stored locally and in iCloud, this is not a privacy-first architecture when it comes to AI features. If complete privacy is your primary concern, you should carefully review this policy and consider limiting your use of AI features.

2. Information We Collect

2.1 Information You Provide

The App collects information that you voluntarily provide, including:

  • Account Information: Email address and authentication details through Auth0
  • Study Content: Flashcards, notes, media files, and other educational content you import or create
  • AI Input Content: Text prompts, PDF uploads, web links, web search queries, and other content sent to AI features
  • Study Progress: Review history, scheduling data, and performance statistics
  • Settings and Preferences: App configuration, display preferences, and study settings

2.2 Automatically Collected Information

The App may automatically collect certain technical information:

  • Device Information: Device type, operating system version, and app version
  • Usage Data: App features used and interaction patterns (stored locally only)
  • Crash Reports: Technical diagnostic data if the App encounters errors

3. How We Use Your Information

We process your information for the following purposes:

  • To provide and maintain the App's functionality
  • To authenticate users and manage accounts via Auth0
  • To sync your data across your devices via iCloud
  • To enable and deliver AI-powered features through our Cloudflare infrastructure
  • To enforce rate limits and subscription tier quotas
  • To track usage for billing and cost analysis
  • To monitor service performance and troubleshoot issues
  • To improve the App's features and user experience
  • To provide customer support

4. Data Storage and Security

4.1 Local Storage

All your study content and progress are stored locally on your device using Core Data. We do not have access to this data, and it never leaves your device except through iCloud sync (described below).

4.2 iCloud Sync

If you enable iCloud sync, your study data is automatically synchronized across your Apple devices using Apple's CloudKit service. Understanding how this works is important for your privacy:

How iCloud Sync Works

  • Data synchronization occurs directly between your devices and Apple's iCloud servers
  • We do not operate any backend servers that store, access, or process your data
  • All data transfer is handled by Apple's CloudKit framework
  • Synchronization is automatic when you're connected to the internet

Privacy Implications of iCloud

  • We cannot access your data: Your study content, progress, and settings sync to your personal iCloud account. We have no way to view, access, or retrieve this data
  • Apple's encryption: Data is encrypted in transit and at rest by Apple using their security infrastructure
  • Your Apple ID controls access: Anyone with access to your Apple ID can access your synced data
  • Subject to Apple's policies: All iCloud data is governed by Apple's Privacy Policy and iCloud Terms and Conditions
  • No third-party access: Your data is not accessible to us or any other third parties (except Apple as the infrastructure provider)

What Gets Synced

When iCloud sync is enabled, the following data syncs across your devices:

  • All flashcard content (questions, answers, media references)
  • Deck structure and organization
  • Study progress and scheduling data
  • Review history and statistics
  • App settings and preferences
  • Custom tags, notes, and annotations

Note: Media files (images, audio, video) may also sync depending on your implementation and iCloud storage availability.

iCloud Data Retention

Understanding iCloud data retention:

  • Data remains in your iCloud account as long as the App is installed on at least one of your devices
  • If you delete the App from all devices, iCloud data may be retained according to Apple's policies
  • You can manually delete iCloud data through iOS/macOS Settings
  • We cannot delete or recover your iCloud data for you
  • Apple controls data retention policies and timelines

Disabling iCloud Sync

You can disable iCloud sync at any time:

  • Go to Settings → [Your Name] → iCloud → Apps Using iCloud → Huon
  • Toggle off iCloud sync for Huon
  • Choose whether to keep or delete iCloud data
  • Local data on your device will be preserved

iCloud Privacy Considerations

Important privacy considerations when using iCloud:

  • Family Sharing: If you use Apple's Family Sharing, be aware of what's shared. Study data is typically private to your account, but review Apple's Family Sharing policies
  • Shared Apple IDs: If you share an Apple ID with others, they can access your synced study data. We strongly recommend using a personal Apple ID
  • Device Access: Any device signed into your Apple ID can access your synced data
  • iCloud Backups: Your iCloud data may be included in iCloud device backups
  • Legal Requests: Apple may be required to provide data in response to valid legal requests. We have no control over this process

iCloud Storage and Costs

iCloud storage considerations:

  • App data counts toward your iCloud storage quota
  • Apple provides 5GB of free iCloud storage
  • Additional storage requires an iCloud+ subscription from Apple
  • If you run out of iCloud storage, sync may fail or stop
  • We have no control over iCloud storage pricing or availability

5. Third-Party Services and Infrastructure

5.1 Authentication Service (Auth0)

The App uses Auth0 for user authentication and account management. When you create an account or sign in, Auth0 collects and processes:

  • Email address and authentication credentials
  • User profile information
  • Subscription plan and tier information
  • Authentication tokens and session data

Auth0's handling of your data is governed by their privacy policy available at https://auth0.com/privacy.

5.2 AI Gateway and Request Logging (Cloudflare)

IMPORTANT: When you use AI features, your requests are processed through our Cloudflare AI Gateway infrastructure, which logs and tracks usage. This is not a privacy-first architecture.

Here's what gets collected when you use AI features:

  • User Identification: Your user ID and email address from Auth0
  • Request Content: The content you send to AI services (flashcard prompts, text for analysis, uploaded PDFs, web links, search queries)
  • Usage Metadata: Subscription plan, app version, platform (iOS/macOS), request timestamps
  • API Usage: Model used, token counts, response times, and costs
  • Rate Limiting Data: Request counts per user for quota enforcement

This data is logged by Cloudflare's infrastructure and used for:

  • Rate limiting and quota enforcement based on your subscription tier
  • Cost tracking and billing analytics
  • Service monitoring and performance optimization
  • Troubleshooting and support

Cloudflare's data handling practices are governed by their privacy policy at https://www.cloudflare.com/privacypolicy/.

5.3 AI Request Flow and Data Path

Understanding how your AI requests are processed:

  1. App → Auth0: You authenticate and receive an access token
  2. App → Cloudflare Worker: Your AI request is sent with your Auth0 token
  3. Worker Validation: Your token is validated and user metadata is extracted (user ID, email, plan)
  4. Cloudflare AI Gateway: Your request with metadata is logged and processed through dynamic routing
  5. Rate Limiting: Your quota is checked based on subscription tier
  6. AI Gateway → Provider: Request is forwarded to OpenAI or Anthropic using our API credentials
  7. Response Path: AI response flows back through the same infrastructure

At each stage, metadata about your request is logged for operational purposes.

5.4 AI Service Providers

The AI features are powered by third-party AI providers. Your requests are routed through our Cloudflare AI Gateway to:

  • OpenAI: For GPT-4 powered content generation and explanations
  • Anthropic: For Claude AI powered tutoring, analysis, and flashcard generation

IMPORTANT: Content you send through AI features is:

  • Logged by our Cloudflare AI Gateway infrastructure
  • Routed through our managed API credentials (not your own keys)
  • Subject to AI providers' privacy policies and data handling practices
  • Visible to us through Cloudflare's analytics and logging

We recommend reviewing each AI provider's privacy policy:

5.5 What AI Providers May Do With Your Data

When content is sent to AI providers through our infrastructure, be aware that:

  • AI providers log requests for their operational purposes
  • Some AI providers may use request data to improve their models (policies vary by provider)
  • Content may be subject to the AI provider's content moderation policies
  • AI providers retain data according to their own retention policies
  • We cannot control AI providers' internal data handling practices

We have visibility into what content you send through our gateway and are responsible for the security of data in transit through our infrastructure. However, we have no control over how AI providers process, store, or use your data after it reaches their systems.

5.6 Recommendations for Sensitive Data

If you work with sensitive, confidential, or personal information:

  • Be aware that AI requests are logged by our Cloudflare infrastructure
  • Review AI provider data handling practices before using AI features
  • Understand that your content is visible to us through operational logs
  • Consider whether you're comfortable with this level of data collection
  • Avoid using AI features for highly sensitive content if you require complete privacy
  • Contact us if you have specific data handling requirements

5.7 Apple Services

The App relies on Apple's services including iCloud, CloudKit, and Keychain. These services are subject to Apple's Privacy Policy available at https://www.apple.com/legal/privacy/.

6. Data Sharing and Disclosure

We do not sell your personal information to third parties. However, when you use the App, your data is shared with service providers as follows:

  • Auth0: Authentication and account management data (email, user profile)
  • Cloudflare: AI request content, usage metadata, and operational logs
  • OpenAI and Anthropic: Content you send through AI features
  • Apple (iCloud): Study data if you enable iCloud sync

We may also disclose your information:

  • For Legal Compliance: If required by law, court order, or government regulation
  • To Protect Rights: When necessary to protect our rights, safety, or property, or that of our users
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

7. Your Rights and Choices

7.1 Data Access and Control

You have complete control over your data:

  • Access: All your data is stored locally on your device and accessible through the App
  • Modification: You can edit or delete any content within the App
  • Export: You can export your data at any time
  • Deletion: You can delete all data by removing the App and disabling iCloud sync

7.2 iCloud Control

You can disable iCloud sync at any time through your device's Settings. This will:

  • Stop synchronization of data to iCloud
  • Keep existing local data on your device
  • Optionally delete data from iCloud if you choose

7.3 AI Features

Use of AI features requires authentication and will result in data collection:

  • AI features require an Auth0 account
  • All AI requests are logged and tracked through our Cloudflare infrastructure
  • You can opt out of AI features by simply not using them
  • The App's core spaced repetition features work without AI
  • You can delete your account at any time to stop data collection

8. Children's Privacy

The App is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will work to delete that information.

9. International Users

The App is designed for use globally. If you are using the App outside the United States, please be aware that your data may be stored on servers located in various jurisdictions through Apple's iCloud service. By using the App, you consent to the transfer of information to countries outside your country of residence, which may have different data protection rules.

10. Data Retention

We retain different types of data for varying periods:

  • Study Content: Stored locally on your device and in iCloud until you delete it
  • Auth0 Account: Retained until you delete your account
  • Cloudflare Gateway Logs: AI request logs are retained for operational purposes according to Cloudflare's retention policies (typically 30 days for detailed logs)
  • Usage Analytics: Aggregated usage data may be retained indefinitely for service improvement

To delete your data:

  • Local and iCloud data: Uninstall the App and disable iCloud sync
  • Account data: Contact us to delete your Auth0 account
  • AI request logs: Will be automatically purged according to Cloudflare's retention schedule

11. Security Measures

We implement multiple layers of security to protect your data:

  • Authentication: Auth0 handles user authentication with industry-standard security, including support for multi-factor authentication
  • Data in Transit: All communication between the App and our infrastructure uses HTTPS/TLS encryption
  • iCloud Encryption: Study data synced via iCloud is encrypted by Apple in transit and at rest
  • Cloudflare Security: Our AI Gateway infrastructure is protected by Cloudflare's enterprise-grade security measures
  • API Credentials: AI provider credentials are stored securely in Cloudflare's secrets management, not in the App
  • Token-Based Auth: The App uses short-lived JWT tokens with proper validation
  • App Security: The App follows Apple's security best practices for iOS and macOS applications
  • Regular Updates: We regularly update the App and infrastructure to address security vulnerabilities

However, no method of electronic storage or transmission is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes. Continued use of the App after changes constitutes acceptance of the updated policy.

13. California Privacy Rights

California residents have specific rights regarding their personal information under the California Consumer Privacy Act (CCPA). Since we do not collect or store your personal information on our servers, we do not sell personal information and do not share it with third parties for their marketing purposes.

14. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), you have certain rights under the General Data Protection Regulation (GDPR):

  • Right of Access: You can access your data through the App
  • Right to Rectification: You can correct inaccurate data in the App
  • Right to Erasure: You can delete your data by uninstalling the App
  • Right to Data Portability: You can export your data from the App
  • Right to Object: You can stop using the App at any time

Since all data is stored locally on your device or in your personal iCloud account, you have direct control over your data without needing to contact us.

15. Data Breach Notification

In the event of a data breach, we will take the following actions:

  • App Vulnerabilities: If we discover a security vulnerability in the App that may have exposed user data, we will notify affected users as soon as reasonably possible
  • Infrastructure Breaches: If Auth0, Cloudflare, or AI providers report a breach affecting your data, we will notify you promptly and provide guidance on next steps
  • iCloud Incidents: If Apple reports an iCloud security incident, you will be notified by Apple directly
  • Notification Method: Breach notifications will be sent via email to your registered address and/or through in-app notifications
  • Regulatory Compliance: We will comply with all applicable data breach notification laws and regulations

We recommend regularly monitoring security notifications from your email and enabling two-factor authentication on your Auth0 account.

16. App Permissions

The App may request the following permissions from your device:

  • iCloud: Required for data synchronization across devices
  • Photos/Media Library: Optional, for importing images into flashcards
  • Microphone: Optional, for recording audio flashcards
  • Camera: Optional, for capturing photos for flashcards
  • Files Access: For importing and exporting Anki packages and media files
  • Network Access: For iCloud sync and AI service communication

You can manage these permissions through your device's Settings at any time. The App will function with reduced features if certain permissions are denied.

17. Crash Reporting and Diagnostics

The App may collect crash reports and diagnostic information to help us identify and fix bugs:

  • Crash logs contain technical information about app errors (device type, OS version, stack traces)
  • Crash reports do not contain your study content or personal information
  • This data is collected through Apple's crash reporting system or a similar privacy-focused service
  • You can opt out of crash reporting through your device's Settings → Privacy → Analytics

18. No Marketing or Advertising

We want to be clear about what we don't do:

  • We do not sell or share your data with advertisers
  • We do not display ads in the App
  • We do not track you across other apps or websites
  • We do not build profiles for marketing purposes
  • We do not send marketing emails (except transactional emails if you subscribe to optional services)

19. Data Portability and Interoperability

Your data belongs to you:

  • You can export your data in standard formats (Anki packages, CSV, etc.) at any time
  • Exported data can be imported into other compatible applications
  • We support open standards to ensure your data is portable
  • You are not locked into our App and can migrate to other solutions

20. Accountability

Our privacy commitments:

  • We are committed to being transparent about our data practices
  • We design the App with privacy as a core principle (privacy by design)
  • We minimize data collection and only request what's necessary
  • We will promptly address any privacy concerns you raise
  • We will notify users of material changes to this Privacy Policy

21. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Bluprintr, Inc.
Attn: Privacy Officer
251 Little Falls Drive
Wilmington, New Castle County, Delaware 19808
United States

Registered Agent: Corporation Service Company

Email: privacy@huon.app
Support: support@huon.app

We will respond to privacy inquiries within a reasonable timeframe, typically within 30 days.

← Back to Huon