Privacy Policy

Avorio is built and operated by Cognifer Labs, an Arizona limited liability company based in the United States, trading as Avorio (“Cognifer Labs”, “we”, “us”, or “the entity whose name goes on the lawsuit”). The company was founded by Dharsan Kesavan.

In the language regulators prefer: Cognifer Labs is the “data controller” (GDPR and UK GDPR) and the “business” (US state privacy laws) for the personal data described here. For the study content you sync, we are the custodian of data you entrust to us: it travels encrypted in transit (TLS) and is locked to your account by row-level security, so no other user can reach it (see Security).

To reach a human about any of this, including to exercise your privacy rights, email contactdharsan@gmail.com. A postal address is available on request, for the four of you who still send letters.

• We collect as little as we can get away with — data we don't hold is data we can't lose, leak, or be subpoenaed for.
• Your decks, cards, and study history live on your device. Turn on sync and they're sent to our servers over an encrypted (TLS) connection and locked to your account by row-level security, so no other user can read them.
• AI features are opt-in. Nothing goes to an AI provider unless you press the button, and the on-device options keep the whole thing on your machine.
• We do notsell or “share” your personal data, run ad trackers, or feed your content to train AI models. No asterisk. This is the rare tech document where that sentence isn't followed by three paragraphs quietly walking it back.
• You have rights over your data wherever you live. Section 13 tells you how to use them without hiring anyone.

Everything, by category. Not all of it applies to you — it depends on which features you use and where you bought your subscription. If a category isn't here, we don't collect it; we're not being coy.

Account data

When you create an account we collect your email address and a password. Passwords are hashed by our authentication provider (Supabase) — we never store or see your plaintext password, which also means we can't recover it for you, only reset it. You can sign in with Google through Supabase OAuth, in which case we receive your email address and a stable account identifier from Google. Your login credentials are treated as sensitive personal information and used only to confirm you are you.

Study content

Your decks, cards (fronts, backs, and any media you attach), study sessions, FSRS-5 scheduling state, and gamification stats — yes, including the streak you're weirdly attached to. This lives in a local SQLite database on your device. If you enable sync, it's mirrored to our Supabase backend so you can move between devices, sent over an encrypted (TLS) connection and gated by row-level security so only your account can read it (see Security).

AI feature content

When you use Avorio's AI features (chat, generate, explain), the prompt and the relevant card context are sent to an AI provider so it can produce a response. Depending on your subscription tier, that provider is Anthropic (Claude), OpenAI (GPT), or Google (Gemini). On macOS you can choose local Ollama, and on Android an on-device MediaPipe Gemma model can run supported features — in both cases nothing leaves your device, and the only entity judging your flashcards is your own laptop.

Payment data

If you subscribe on the website, Stripe processes your card. Stripe gets the card details directly — we never see or store your card number, only a token, your subscription status, and what we need for tax and accounting. On iOS and Android, payments run through Apple In-App Purchases or Google Play Billing, and Apple/Google share only the transaction confirmation with us, not the instrument you paid with. Your card is between you and a much larger company than us.

Attribution & deep links

We use Branch (branch.io) for deep links and to measure install attribution (e.g. which campaign or shared link an install came from). Branch may receive device-level identifiers per platform rules. We do not collect the advertising identifier (the Android AD_ID permission is removed from our app), and we do not use any of this for cross-context behavioral advertising.

Analytics

App-side analytics are limited to the aggregate dashboards Apple App Store Connect and Google Play Console hand every developer — counts and trends, not a dossier on you. We do not use Mixpanel, Amplitude, PostHog, or any similar product-analytics tool. We are not building a shadow profile of your study habits; we have a backlog to clear instead.

Diagnostics & crash reports

Apple and Google may forward aggregated, de-identified crash and performance reports through their developer consoles so we can fix the bug that just ruined your review session. These are device-level and don't include your study content.

Server logs

Our backend (Supabase) keeps short-lived technical logs — IP address, timestamp, request metadata — needed to run the Service securely, stop abuse, and figure out what broke.

Shared decks

If you publish a deck to share it, anyone with the link can see that deck's contents. That is the entire point of a share link. They do not see your account, your other decks, or your study history.

Plugin marketplace data

The plugin marketplace at plugins.avorio.ai collects a little more, but only from the people who use it, and only for the part they're using.

If you publish a plugin (you're an “uploader”), we collect a payout email address, an optional public display name shown on your listings, the plugin you submit (the compiled WebAssembly module plus its manifest: name, version, description, declared capabilities, and pricing), and, once you set up payouts, a Stripe Connect account identifier. We do not see your bank details — those live with Stripe (see Who else touches your data). Submitted plugins are reviewed by a human before they can be listed; your submission and its review status are visible to our reviewers, and an approved listing's public details (title, description, price, capabilities, author display name) are visible to everyone. That is the point of a store.

If you buy a plugin, the purchase runs through Apple In-App Purchase or Google Play Billing via RevenueCat, exactly like a subscription — we receive the transaction confirmation and the resulting entitlement (what you own, so you can install and run it), not your payment instrument. We use that record to pay the plugin's author their share and to keep your purchase working across your devices.

Three places, no surprises:

• From you— what you type, build, study, and ask when you use the Service.
• Automatically— technical data like IP address, device type, and server logs generated by the simple act of the app working.
• From third parties — an account identifier from Google if you use Google sign-in, a transaction confirmation from Apple or Google for mobile purchases, and attribution data from Branch.

We use the data above to:

• Run the core service — show your decks, schedule reviews, sync across devices.
• Run AI features, but only when you ask (generate a card, explain a concept, chat).
• Process payments and manage your subscription.
• Keep your account and our systems secure (rate-limiting, abuse detection, password reset).
• Keep the product working and make it less broken over time.
• Email you about service changes, security, and material updates to this policy.
• Comply with the law and respond to valid legal requests, because the alternative is worse.

If you're in the European Economic Area, the UK, or anywhere that demands a legal basis before processing, here are ours under Article 6 of the GDPR (and the UK GDPR). This is the part that makes the above lawful rather than merely convenient for us:

• Performance of a contract — to create and maintain your account, store and sync your content, deliver AI features you request, and process your subscription.
• Legitimate interests — to secure the Service and prevent abuse, understand usage in aggregate, and measure install attribution. We balance these against your rights and pick the least invasive option.
• Consent— for anything optional, like enabling sync, using an AI feature, or non-essential cookies. You can withdraw it whenever you like.
• Legal obligation— to keep tax and accounting records and to answer lawful requests.

We do notsell your personal data, we do not “share” it for cross-context behavioral advertising, and we do not use your study content or AI prompts to train any AI models. Saying it three ways so nobody can claim it was buried.

AI features are opt-in. If you never tap one, no prompt ever leaves your device down that path and this whole section is hypothetical. When you do tap one, here's the unglamorous reality.

Your prompt and the relevant context (e.g. the card you're asking about) go to the AI provider matched to your tier. It runs inference and sends back a response. We do not let the providers train their models on your data, and the providers say the same in writing:

• Anthropic (Claude API) — does not train on API inputs/outputs; limited retention for trust & safety. See Anthropic's Privacy Policy.
• OpenAI (API)— does not train on API data. See OpenAI's Privacy Policy.
• Google (Gemini API) — the paid API tier does not use your data to improve Google's models. See Gemini API Additional Terms.

On macOS, pick Ollamaand inference happens entirely on your machine — no AI data leaves it. On Android, the on-device MediaPipe Gemma model is the same deal. The cloud is optional; the privacy is not.

A short list of vendors (“processors” under GDPR, “service providers” under US law) keeps Avorio running. They process data on our behalf, under contract, only for the purposes we set. Handing data to a processor for these purposes is not a “sale” or “share” under California or any other US state law — a distinction lawyers care about deeply and we are obligated to honor.

• Supabase— authentication, database, encrypted storage for synced content, and server logs.
• Stripe— payment processing on the website, and, via Stripe Connect, paying plugin marketplace authors their share.
• RevenueCat— subscription and in-app-purchase management on top of Apple and Google billing, including plugin marketplace purchases. It receives transaction and entitlement data, not your payment instrument.
• Apple & Google — app distribution, In-App Purchases / Play Billing, and the aggregate analytics and crash reporting their consoles provide.
• Anthropic, OpenAI, Google (Gemini) — AI inference, and only when you actually use an AI feature. The provider that receives your prompt depends on your tier.
• Branch— deep-link handling and install attribution.

We may also disclose data if the law forces our hand (subpoena, court order), to enforce our terms, or where necessary to protect the rights, property, or safety of Cognifer Labs, our users, or the public. And if we're ever acquired, merged, or sold for parts, personal data may move as part of the deal — we'll tell you, and the new owner inherits these same promises.

The website uses only what it needs to function:

• A Supabase session token, so you stay signed in across page loads (strictly necessary).
• A cookie-consent preference, so we stop asking you the same question forever (strictly necessary).

That's the entire cookie jar. No advertising cookies, no ad pixels, no third-party trackers beyond the vendors in section 7. Because we use only strictly necessary storage, there's no advertising consent to give and nothing to opt out of. The installed app uses local SQLite for your study data, which stays on your device unless you opt in to sync.

We keep account data and synced study content for as long as your account is alive. Delete your account and we remove the associated data from live systems promptly and from routine backups within roughly 30 days — the lag is backups being backups, not us being sentimental.

• Account & synced content — until you delete your account, then purged within ~30 days.
• Server logs— short-lived; kept only as long as security and troubleshooting require.
• AI prompt data— held by the third-party provider per its own policy (section 6); we don't keep a separate copy.
• Payment records— retained as long as tax and accounting law demands, which is longer than anyone would like.
• Plugin marketplace records — uploader payout details, published listings, and purchase/payout ledgers are kept while your uploader account or the listing is active, and afterward for as long as tax, accounting, and dispute-resolution law requires (same unglamorous reason as payment records).

All traffic between your device, our backend, and our vendors is encrypted in transit with TLS, and data is encrypted at rest on our providers' infrastructure. Access to your synced study content is gated by Supabase Row Level Security policies that lock every row to its owning user, so no other user can read it. We are building client-side (end-to-end) encryption that will make synced rows unreadable to us as well; until it ships, treat synced content as data our infrastructure can technically access, protected by the controls above.

No system is perfectly secure — anyone who tells you otherwise is selling something — but we treat what you trust us with as something to defend. If a breach affecting your personal data happens, we'll notify you and the relevant authorities without undue delay where the law requires it, rather than hoping you don't notice.

Cognifer Labs is based in Arizona, United States. Our vendors (Supabase, Stripe, Anthropic, OpenAI, Google, Apple, Branch) run data centers in the US, the EU, and other regions, so your data may be transferred to and processed in any of them. Where data leaves the EEA, the UK, or Switzerland for a country without an adequacy decision, we rely on Standard Contractual Clauses (and the UK International Data Transfer Addendum) plus the supplementary safeguards our vendors publish. Ask and we'll point you to the relevant paperwork.

Avorio is for college students and is not directed to children under 13 (or under 16 where local law sets a higher age of digital consent). We do not knowingly collect personal data from children under those ages. If you're a parent or guardian and believe your kid created an account, email contactdharsan@gmail.comand we'll delete the account and its data, no interrogation required. We do not knowingly “sell” or “share” the personal information of anyone under 16. This is one topic we don't joke about.

Depending on where you live, you have rights over your personal data. We honor them for everyone where we can, and apply the specific frameworks below where they govern.

EU, UK, and EEA (GDPR / UK GDPR)

You have the right to access the personal data we hold about you, correct it, erase it, restrict or object to certain processing, obtain a portable copy, and withdraw any consent you've given (without unwinding what we already did lawfully). You can also lodge a complaint with your local supervisory authority — though we'd genuinely rather you let us fix it first.

California (CCPA / CPRA)

In the past 12 months we collected these categories of personal information: identifiers (e.g. email, account identifier, IP address); customer records and commercial information (e.g. subscription status and transaction confirmations); internet or network activity (aggregate, de-identified usage and diagnostics); and your own user-generated content (your decks and study content, protected as described in Section 10). Your account login credentials are “sensitive personal information”; we use them only to authenticate you and run the Service — a use you can't be asked to limit further because without it there is no account.

California residents have the right to know and access the personal information we collect, to request correction or deletion, to limit the use of sensitive personal information, and to opt out of the “sale” or “sharing” of personal information. We do not sell or share personal information as California defines those terms, and we don't use or disclose sensitive personal information beyond what the law permits. We will not retaliate against you for exercising any of these rights. You may use an authorized agent. California's “Shine the Light” law also lets you ask whether we disclosed personal information to third parties for their direct marketing — the answer is no.

Other US states (Virginia, Colorado, Connecticut, Utah, and the growing club)

Residents of states with comprehensive privacy laws — Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and an expanding list — have rights to confirm whether we process their data, to access, correct, delete, and obtain a portable copy of it, and to opt out of targeted advertising, the sale of personal data, and profiling with legal or similarly significant effects. We don't do any of those opt-out things, which makes the opt-out mercifully short.

Right to appeal. If we deny your request, you may appeal by replying to our decision or emailing contactdharsan@gmail.comwith “Appeal” in the subject line. We'll respond with our decision and our reasoning within the window your state's law allows. If we still say no, you may escalate to your state attorney general, who is considerably scarier than us.

How to actually exercise these rights

Email contactdharsan@gmail.comfrom the address tied to your account, or include enough detail for us to find your account, so we can verify the request before acting on it (we're not handing your data to anyone who simply claims to be you). A reasonable request is free, and we'll respond within the timeframe the applicable law sets. We honor a recognized opt-out preference signal such as Global Privacy Control (GPC) as a valid opt-out of sale and sharing where the law requires — though, again, we don't sell or share in the first place.

Avorio uses the FSRS-5 algorithm to decide when each card comes back to haunt you. That's the entire conspiracy: it sets study timing and difficulty, nothing more. We do not use your data for profiling that produces legal or similarly significant effects, and we do not make solely automated decisions of the kind restricted by Article 22 of the GDPR. No algorithm here decides anything about your life except whether you see “mitochondria” again on Tuesday.

When we update this policy we'll change the “Last updated” date at the top — the legal equivalent of clearing our throat. If a change is material (say, a new processor or a genuinely new use of data), we'll email registered users beforehand, and where the law requires it, we'll ask for your consent rather than assume it.

For any question about this policy, or to exercise any privacy right, email contactdharsan@gmail.com. A real person reads it.

Cognifer Labs (trading as Avorio), Arizona, USA. Postal address available on request.