Privacy Policy

1. Information We Collect

Gnosis is designed with privacy at its core. We do not require user accounts, logins, or registration of any kind.

Data stored on your device only:

• Bookmarks and saved passages
• Reading progress and history
• Reader preferences (font size, theme, etc.)
• Any notes you create

This data is stored locally on your device using on-device storage and is never transmitted to our servers.

2. Data We Process on Our Servers

Some features require communication with our servers. We've kept this list short on purpose, and every item below has a specific reason explained inline. Two ground rules apply to everything we transmit:

• None of it is tied to your name, email, or any identity. Gnosis has no accounts.
• None of it records what you read, what you ask Sophia, or what you search for.

With those rules in place, here's everything our servers see:

• AI Guide (Sophia): When you ask Sophia a question, your message and relevant text context are sent to our servers and processed using third-party AI services. xAI generates Sophia's responses; OpenAI handles supporting tasks like search-relevance ranking, embeddings, and conversation summarization. We do not store your conversations after they are processed. Conversations are not linked to any user identity.
• Search: Search queries are sent to our servers for semantic matching. Queries are not stored or linked to any identity.
• Text Downloads: When you open a text for the first time, it is downloaded from our content servers and cached on your device. The download request itself is not tied to your identity — our servers see only anonymous requests.
• Subscription Management: When you start a free trial, subscribe, renew, or cancel, the transaction itself is processed by Apple or Google. We use a subscription management provider (RevenueCat) to confirm your entitlement to premium features. RevenueCat receives an anonymous user identifier, the subscription product, and its status (e.g., active, in trial, cancelled). We do not receive your payment method, billing address, full Apple ID, or full Google account.
• Crash Reports & Bug Feedback: If the app crashes or hits an unexpected error, a diagnostic report is sent to our error-monitoring provider (Sentry). Reports include the device model, operating system version, app version, and the technical stack trace. We've configured Sentry to send only the minimum needed for debugging — no performance tracing, no screenshots, no session replays, and no automatically-attached personal data. Reports do not include the content of what you were reading, your Sophia conversations, your search queries, or any personal identifier. If you submit a bug report through the in-app "Report a Bug" form, the description you type is included with the report so we can investigate. Why we collect this: without crash data from real devices, bugs in production stay invisible until enough users leave low-star reviews. Crash visibility is what lets a small team fix problems before they spread.
• Anonymous Usage Signal: The app sends a small set of anonymous events — such as "a text was opened," "a chapter was viewed," or "Sophia was asked a question" — tagged with a random device-generated ID created the first time you open the app. This ID is not Apple's Advertising Identifier (IDFA) or Google's Advertising ID (AAID) and cannot be used to link you across other apps. These events include the text or chapter identifier but never the content of what you read, search for, or ask Sophia. We use the signal in aggregate to decide what to improve, translate, or add to the library next. Why we collect this: the library is large and we can only deepen a fraction of it at a time — adding curated commentary, audio narrations, or repairing OCR artifacts. Knowing which texts and chapters are actually opened tells us where to focus the work.

3. Information We Do Not Collect

• Names, email addresses, or any personal identifiers
• Location data
• Apple Advertising Identifier (IDFA), Google Advertising ID (AAID), or any cross-app tracking identifier
• Contacts, photos, or other device data
• Third-party advertising, behavioral targeting, or data brokering of any kind
• The content of your Sophia conversations, search queries, or reading annotations

4. Third-Party Services

We use the following third-party services to operate the app:

• Supabase — hosts our database, edge functions, and search infrastructure. Supabase Privacy Policy
• Cloudflare — content delivery network that serves the text library and audio narrations. Standard request metadata (such as IP address and request path) may be retained briefly for abuse prevention, then discarded. Cloudflare Privacy Policy
• xAI — generates Sophia's chat responses, including the deeper Clarify and Compare modes. Messages sent to Sophia are processed by xAI's API. xAI Privacy Policy
• OpenAI — powers semantic search (text embeddings), query understanding (expansion and reranking), conversation summarization, and the lightweight passage insights shown in the reader. Your messages and selected passages are processed by OpenAI's API for these tasks. OpenAI Privacy Policy
• RevenueCat — manages subscription entitlements on our behalf. Receives an anonymous user identifier and subscription status. RevenueCat Privacy Policy
• Sentry — captures crash reports and error diagnostics so we can fix bugs. Sentry Privacy Policy
• Apple — the app is distributed via the Apple App Store on iOS. Apple's App Store terms apply. Apple Privacy Policy
• Google — the app is distributed via the Google Play Store on Android. Google Play's terms apply. Google Privacy Policy

We do not sell, share, or provide your data to any third parties for advertising, marketing, or data-brokering purposes.

5. Children's Privacy

Gnosis is not directed at children under the age of 13. We do not knowingly collect any personal information from children. Since the app does not collect personal information from any users, no special provisions are required.

6. Data Retention

Since we do not collect personal data or maintain user accounts, there is no personal data to retain. All user-generated data (bookmarks, notes, preferences) exists only on your device and is removed when you delete the app.

AI conversations and search queries are processed in real time and are not stored after the response is delivered. Anonymous usage events may be retained in aggregate form for up to 90 days for product analysis and then deleted.

7. Your Rights

Because we do not collect or store personal data, traditional data-subject rights (access, deletion, portability) are not applicable. You have full control over all your data on your device — you can delete the app at any time to remove all locally stored data. To cancel a subscription, use the subscription settings in your Apple ID or Google Play account.

If you have questions about your data, contact us at hello@getgnosis.app.

8. Security

All communication between the app and our servers uses HTTPS encryption. Since we do not store personal data on our servers, the risk of a data breach affecting your personal information is minimal.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the app after changes constitutes acceptance of the revised policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy, contact us at:

Spirit Buddy LLC
hello@getgnosis.app