Stoik — Privacy Policy

Privacy Policy

Last Updated: June 27, 2026

1. Introduction

Stoik (“Stoik,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your personal data when you use the Stoik mobile application (“the App”). The App is available exclusively on Apple iOS devices and all services are provided in English. By using the App, you agree to the practices described here.

2. Information We Collect

2.1 Account Information

By default, Stoik creates an anonymous account for you — a randomly generated account identifier. You do not need to provide an email or name to use the App.

• Sign in with Apple (optional): If you sign in with Apple, we receive the name and email you authorize, or Apple’s private relay email if you choose to hide your email.

2.2 Profile Information

You may optionally provide a display name, username (handle), short bio, Instagram username, and profile photo. This profile information is visible to other users through the leaderboard, user search, and chat.

2.3 Activity & Progress Data

• Focus sessions, XP, ranks, and streaks

• Tasks and to-dos, reading progress, and notes

• General in-app interaction needed to operate features and enforce subscription limits

Your tasks, notes, and book library are stored locally on your device. Your profile, XP, and leaderboard standing are stored on our servers.

2.4 Messages (End-to-End Encrypted)

Stoik chat is end-to-end encrypted. Messages are encrypted on your device before being sent. We store only encrypted ciphertext and never have access to your keys or the readable content of your messages. Keys are generated and stored on your device.

2.5 Book Scanning

When you scan a book cover, the photo is sent through our backend to OpenAI to read the title and author, and we query Google Books and Open Library for a cover image and page count. The photo is processed transiently and is not retained on our servers after the scan completes.

2.6 Notifications

If you enable notifications, we store a device push token to deliver message and reminder notifications.

2.7 Subscription Information

Subscription status (Stoik+) is managed through RevenueCat and Apple. We do not collect or store payment-card details; payments are processed by Apple.

2.8 Device Information

Basic technical information such as device type, OS version, and app version, used to operate and secure the App.

3. How We Use Your Information

• To provide the App’s features (focus timer, tasks, reading tracker, streaks, leaderboard, messaging)

• To maintain your profile, progress, and ranking

• To deliver notifications you enable

• To process subscriptions and enforce entitlements

• To operate, secure, maintain, and improve the App

• To respond to support requests

4. Third-Party Services

Service

Purpose

Data Shared

Supabase

Authentication, database, storage

Account ID, profile, XP, encrypted message ciphertext, device push token

OpenAI

Reading title/author from a cover photo

Book cover photo (transient, not stored)

Google Books & Open Library

Book cover & page-count lookup

Book title/author text

RevenueCat

Subscription management

Anonymous ID, purchase/subscription status

Apple

App Store, payments, Sign in with Apple, push delivery

As per Apple’s privacy policy

We do not use third-party analytics, advertising, or tracking SDKs, and we do not track you across other apps or websites.

5. Data Storage and Security

• Data in transit is protected with TLS/SSL.

• Account and profile data is stored on Supabase and encrypted at rest.

• Chat messages are end-to-end encrypted; keys are stored in the device Keychain.

• No system is perfectly secure; we cannot guarantee absolute security.

6. Data Retention

• Account & profile data: retained until you delete your account.

• Account deletion: deleting your account in the App removes your profile, XP, leaderboard entry, encrypted messages, and device tokens from our servers.

• On-device data (tasks, notes, library): removed when you delete it or uninstall the App.

• Book-scan photos: not retained on our servers after analysis.

7. Your Rights

You have the right to access, delete (available in-app), and correct your data, and to opt out of notifications. Contact us at shavitsappscompany@gmail.com.

8. Data Sharing

We do NOT sell your personal data, share the readable content of your messages (we cannot — they are end-to-end encrypted), use your content for advertising, or share data with data brokers. Your display name, username, profile photo, and XP are visible to other users through the leaderboard, search, and chat.

9. Children’s Privacy

The App is not intended for children under 13. We do not knowingly collect personal information from children under 13.

10. International Data Transfers

Your data may be processed in countries other than your own, including the United States (Supabase, OpenAI, RevenueCat, Apple). By using the App, you consent to such transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Continued use of the App after changes constitutes acceptance.

12. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information is collected and to request deletion.

13. European Privacy Rights (GDPR)

If you are in the EEA or UK, you have rights under the GDPR/UK GDPR including access, rectification, erasure, restriction, portability, and objection. Our legal bases are performance of our contract with you and our legitimate interests.

14. Contact

Email: shavitsappscompany@gmail.com

15. Governing Law

This Privacy Policy is governed by the laws of the State of Israel.

Create a free website with Framer, the website builder loved by startups, designers and agencies.