abideraGet app

abidera

Privacy Policy

Short version: we collect what's needed to run the app, nothing more. We don't sell your data, we don't run ads, and we don't use third-party analytics.

Last updated: April 28, 2026

Who we are

Abidera is built and operated by Aleks Meshkov, an individual developer based in Portugal (“Abidera,” “we,” “us”). You can reach us at support@abidera.com.

This Privacy Policy covers the Abidera iOS app and the website at abidera.com. By using Abidera, you agree to the practices described here.

What we collect

Account data

When you sign in with Apple or create an account, we store your email address and a stable user identifier so we can keep your progress tied to you across devices. If you use Sign in with Apple's private email relay, we only see the relay address Apple provides.

Learning progress

We store the lessons you've completed, your spaced-repetition schedule, your streak, your daily goal, and which phrases you've starred. This is the data that makes the app personal — without it, Abidera can't remember where you left off.

Subscription & purchase records

Purchases are handled by Apple's App Store and processed via RevenueCat. We receive your subscription status (active, in trial, cancelled) and the product you're on. We never see your payment card or Apple ID password.

Reminders & notifications

Reminders are scheduled on your device using iOS / Android local notifications. We do not collect, transmit, or store push tokens. You can change or disable reminders any time from inside the app, or by turning notifications off in iOS Settings.

Documents and photos you submit

When you use the Document Decoder, the photo or PDF you provide is sent to OpenAI (the primary processor) so it can extract text and produce a structured summary. If OpenAI is temporarily unavailable, the same image is sent once as a fallback to Anthropic. When you use the AI Translator, the text you submit is sent to OpenAI. Neither provider retains your input for training (see “Third-party processors” below).

The original image you upload is not stored on our servers — only the structured decoded result (summary, action items, translated text) is retained, so you can revisit it in your own app history. See “Retention” below for how long results are kept and how deleting your account removes them.

Voice recordings for pronunciation practice

When you practice speaking, your recording stays on your device so you can play it back and hear yourself. It is not uploaded to our servers, not sent to any AI provider, and not shared with any third party. Recordings are deleted when you discard them in the app or when you uninstall Abidera.

Here's what each iOS permission is for:

  • Camera: Scan letters, menus, and documents so Abidera can translate and explain them.
  • Photo Library: Upload photos of Portuguese documents so Abidera can translate and explain them.
  • Microphone: Record yourself practicing Portuguese phrases — audio stays on your device for playback, as described above.

Website analytics

On abidera.com(this website, not the iOS app) we use a small set of analytics tools to understand which pages people visit and how the site performs. Nothing here is used for advertising, and none of these tools mount until you accept on the cookie banner — if you reject, the site loads with no analytics at all. You can change your choice any time from “Cookie settings” in the footer.

  • Vercel Analytics — counts page views and referrers. Cookieless: it derives a daily per-visitor hash from your IP and User-Agent, processes it server-side, and does not store the raw IP.
  • Vercel Speed Insights — measures Core Web Vitals (page load time, layout shift, etc.) so we can spot performance regressions. Same data class as Vercel Analytics.
  • Google Tag Manager — a tag loader that lets us run additional measurement tools (currently this includes Google Analytics for aggregated traffic stats). GTM and any tags it loads use cookies on your browser.

We do not load any of these on the iOS app, and we do not use any of them for retargeting or building advertising profiles.

Crash reports, diagnostics, and feedback

To find and fix bugs in the iOS app, we send crash reports and diagnostic events to Sentry (see “Third-party processors” below). A typical event includes the stack trace, the screen you were on, your device model and OS version, your IP address, your Abidera user ID, and your email address — Sentry uses these to deduplicate reports and let us follow up if needed.

We also enable Sentry's session replay so we can see the sequence of taps and screens that led to a problem. Replays mask all text and images by default — we record the shape of what happened, not the content you typed, the pictures you uploaded, or the decoded documents you read. During our early-access period we record a larger share of sessions than we will at steady state, so we can watch new flows end-to-end and fix usability problems quickly; we will reduce this once the app stabilises.

If you tap “Send Feedback” (in Profile, or by shaking your device on a production build), the message you write — and any screenshot you attach — is sent to Sentry too, so we can read it.

Third-party processors

We use a small set of carefully chosen providers to run the app. Each one receives only the data needed for its specific job.

  • Supabase — database and authentication. Stores your account and learning progress. EU-hosted. Privacy policy.
  • RevenueCat — subscription management. Tracks your subscription state and purchase history. Privacy policy.
  • OpenAI — powers the translator and the primary document decoder. Receives the text or image you submit for processing. OpenAI does not use API inputs to train their models. Privacy policy.
  • Anthropic — used as a fallback processor for the document decoder only when OpenAI is unavailable. Receives the image you submit. Anthropic does not use API inputs to train their models. Privacy policy.
  • Apple — Sign in with Apple, App Store payments, push notification delivery. Privacy policy.
  • Expo — over-the-air updates and push notification infrastructure. Privacy policy.
  • Sentry— crash reporting, session replay, and the in-app feedback widget. Receives the data described under “Crash reports, diagnostics, and feedback” above. EU-hosted (Frankfurt). Privacy policy.
  • Vercel — hosts our website and API, and provides Vercel Analytics + Vercel Speed Insights for the website (loaded only after you accept the cookie banner). Processes standard server logs. Privacy policy.
  • Google — Google Tag Manager and Google Analytics on the website (loaded only after you accept the cookie banner). Used for aggregated traffic measurement, not for advertising. Privacy policy.

What we don't do

We do not sell your data. We do not use any of our analytics for advertising, retargeting, or building marketing profiles, and we do not embed any product-analytics SDK in the iOS app (no Mixpanel, no Amplitude, no Meta Pixel, no Firebase Analytics). The website does use opt-in analytics — Vercel Analytics, Vercel Speed Insights, and Google Tag Manager / Google Analytics — but only after you accept on the cookie banner; if you reject, the site loads with no analytics at all. The iOS app sends crash reports to Sentry — see “Crash reports, diagnostics, and feedback” above.

How we use your data

  • To run the app and keep your progress synced across devices.
  • To process your subscription and give you access to paid features.
  • To generate translations and document summaries when you request them.
  • To send you the notifications you've opted into (daily reminders, streak nudges).
  • To respond to support emails, read in-app feedback, and use crash reports to find and fix bugs.
  • To prevent abuse of our free tier — for example, to stop the same person from creating throwaway accounts to reset usage limits (see “Retention” below for what this involves).
  • To comply with legal obligations (tax reporting for subscription revenue, responding to lawful requests).

Retention

We keep your account data for as long as your account is active. If you delete your account, we erase your personal data within 30 days, except where we're required to keep records for legal reasons (e.g., transaction records for tax purposes, kept for 7 years under Portuguese law).

Decoded documents — specifically the structured result (summary, action items, translated text) — are retained in your account history until you delete the item or your account. If you remove an individual item from your history, it is permanently erased within 30 days. Deleting your account cascades all of these rows immediately. The original image you uploaded is not stored on our servers; it is sent to the AI provider for processing and discarded when the request completes. Translator history follows the same lifecycle. See “Your rights” below for how to request deletion.

One narrow exception for free-tier abuse prevention: when you delete your account, we retain a one-way pseudonymized identifier derived from your email — generated using a server-side secret you do not have access to — together with how many free Document Decoder uses and free translations you had consumed. This is the minimum we need to enforce our free-tier limits if the same email signs up again later. We do not retain your name, your learning progress, your decoded documents, your translations, your audio, or any other identifying information. The identifier cannot be linked back to your email by anyone who only sees this database.

Legal basis under the GDPR: Article 6(1)(f), our legitimate interest in preventing free-tier abuse (Recital 47), which is also recognized under Article 17(3)(e) as an exception to the right to erasure. You can object to this processing at any time by emailing us — see “Your rights” below.

Your rights

Under the GDPR and similar laws, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data (“right to be forgotten”).
  • Export your data in a portable format.
  • Object to specific processing activities.
  • Lodge a complaint with your local data protection authority.

Email support@abidera.comto exercise any of these rights. We'll respond within 30 days.

Children

Abidera is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please email us and we'll delete it.

International transfers

Some of our providers (OpenAI, Anthropic, RevenueCat, Vercel) process data in the United States. When data leaves the EU/EEA, it is covered by Standard Contractual Clauses (SCCs) or equivalent safeguards.

Security

Data in transit is encrypted via TLS. Data at rest in Supabase is encrypted. We follow standard practices for access control, secret management, and vulnerability patching. No system is perfectly secure, but we take this seriously — if you find a vulnerability, please email us at support@abidera.com.

Changes to this policy

If we make material changes, we'll update the “Last updated” date above and, where appropriate, notify you in-app or by email. Continued use of Abidera after a change means you accept the revised policy.

Contact

Questions or requests? support@abidera.com.