Privacy Policy

1. Our Privacy Philosophy

We build productivity tools for macOS and iOS that respect your privacy. Most of our applications process data entirely on your device using local AI models, meaning your notes, recordings, audio files, screenshots, and other content never leave your device unless you explicitly choose to sync or share them. Our apps generally do not require account creation or sign-in to function.

2. Scope

This privacy policy applies to all applications and services published under the Ludy brand, including but not limited to our macOS and iOS productivity apps (such as LudyShot, LudyLens, LudyType, LudyActions, LudyAmp, LudyQR, LudyServer, LudyRec, and others), our website (ludy.app), and any related services. When we release new apps, this policy applies to them unless a separate policy is provided.

3. Information We Collect

3.1 Information Processed Locally (Never Sent to Our Servers)

The following data is processed entirely on your device and is never transmitted to our servers:

• Audio and music files (including imported, downloaded, or recorded audio)
• Voice recordings and transcriptions
• Screenshots and screen recordings
• Notes, documents, and text content
• AI-generated summaries and refinements
• OCR text extraction results
• Playlists, reading lists, and library metadata
• Keyboard input and text typed via LudyType (our keyboard extension processes all text on-device; keystrokes are never transmitted, stored externally, or used for model training)
• Local preferences and settings

3.2 Information Collected When You Use Our Services

We may collect limited information when you:

• Purchase a license or subscription: For macOS apps, payment processing may be handled by Stripe. For iOS apps, purchases are processed through Apple's App Store. We receive only the information necessary for license validation and support (e.g., a transaction receipt or email address). We never receive your full payment card details.
• Use iCloud Sync (optional): If you enable iCloud sync, your data is stored in your personal iCloud account using Apple's CloudKit. This data is encrypted and only accessible by you across your own devices.
• App analytics and crash reports: Some of our iOS apps (such as LudyRead) use Firebase Analytics and Firebase Crashlytics to collect pseudonymized usage statistics and crash reports. This data includes device model, OS version, app version, session data, and a pseudonymous device identifier assigned by Firebase. This helps us improve app stability and understand which features are most useful. This data does not include your personal content (files, audio, notes, etc.). You can opt out of analytics collection at any time by disabling analytics in the app's settings. On iOS, you may also limit analytics sharing by going to Settings > Privacy & Security > Analytics & Improvements and disabling "Share iPhone Analytics."
• Contact support: If you email us, we collect your email address and message content to respond to your inquiry.
• Visit our website: We use privacy-focused website analytics (Umami) to collect anonymized page view data including page URL, referrer, browser type, and operating system. No personal data is shared with third parties through our website analytics. Standard web server logs may also include IP addresses for security purposes.
• Affiliate referrals: If you arrive at our website via an affiliate referral link (containing a ref or tid parameter), a cookie may be set by our affiliate tracking service (First Promoter) to attribute the referral. This cookie is used solely for affiliate commission tracking and does not track your browsing activity across other websites.

4. How We Use Your Information

We use the limited information we collect to:

• Provide and maintain our services
• Process purchases and manage licenses or subscriptions
• Respond to customer support inquiries
• Send important product updates (with your consent)
• Improve our products based on aggregate, pseudonymized usage patterns
• Monitor app stability and fix crashes (via Firebase Crashlytics)
• Attribute affiliate referrals (via First Promoter, website only)

5. No Use of Your Data for AI Training

We do not use any of your personal data, content, recordings, files, or usage data to train, fine-tune, or improve any artificial intelligence or machine learning models. Our on-device AI models run locally on your device and do not send your data to any server for training purposes. Pseudonymized analytics data collected via Firebase is used solely for app improvement and crash diagnostics, not for AI model development.

6. Data Storage and Security

• Local data: Stored securely on your device using standard macOS/iOS security mechanisms, including the app sandbox.
• iCloud data: If enabled, stored in your personal iCloud account with Apple's encryption. Only you can access this data through your Apple ID.
• License data: For macOS apps, stored securely by our payment processor (Stripe). For iOS apps, managed by Apple through the App Store.
• Analytics data: Pseudonymized usage and crash data is stored by Google Firebase in accordance with their data retention policies.

7. Third-Party Services

We use the following third-party services:

• Apple App Store: In-app purchases, subscriptions, and distribution for iOS apps. Apple processes all payments; we never receive your payment card details. View Apple's privacy policy.
• Apple iCloud/CloudKit: Optional data sync across your devices. Your data is encrypted and stored in your personal iCloud account. View Apple's privacy policy.
• Google Firebase: Some iOS apps use Firebase Analytics (pseudonymized usage data and device identifiers) and Firebase Crashlytics (crash reports) to improve app quality. No personal content is sent to Firebase. View Firebase's privacy documentation.
• Stripe: Payment processing and license management for macOS apps. View their privacy policy.
• Umami Analytics: Privacy-focused, self-hosted website analytics. Collects anonymized page view data; no personal data is shared with third parties.
• First Promoter: Affiliate referral tracking for our website. Sets a cookie when you arrive via a referral link to attribute the referral. View their privacy policy.
• Cloudflare: Website hosting and security. View their privacy policy.

8. Cookies and Tracking Technologies

8.1 What Are Cookies

Cookies are small text files stored on your device when you visit a website. They help websites function properly, remember your preferences, and understand how you use the site.

8.2 Cookies We Use

We use minimal cookies on our website:

• Essential Cookies: Required for basic site functionality and security. These include Cloudflare security cookies that protect against threats.
• Preference Cookies: Store your cookie consent preferences (stored in localStorage, not as a cookie).
• Affiliate Attribution Cookies: If you arrive via an affiliate referral link, First Promoter may set a cookie to track the referral for commission purposes. This cookie is used solely for affiliate attribution and does not track your activity across other websites.

8.3 Cookies We Do NOT Use

• Advertising or marketing cookies
• Social media tracking pixels
• Third-party analytics that share data with advertisers

8.4 Managing Cookies

You can manage your cookie preferences at any time through our Privacy Preferences page. You can also control cookies through your browser settings. Note that disabling essential cookies may affect site functionality.

8.5 Global Privacy Control (GPC)

We honor the Global Privacy Control (GPC) signal. If your browser sends a GPC signal, we automatically treat this as a request to opt out of any sale or sharing of personal information (though we do not sell personal information regardless).

9. Data Retention

• Local data: Remains on your device until you delete the app or the data within it.
• iCloud data: Remains in your iCloud account until you delete it. Deleting the app does not automatically delete iCloud data. To remove synced data, delete it within the app before uninstalling, or manage your iCloud storage via Settings > [Your Name] > iCloud > Manage Storage.
• License data: Retained as long as your license or subscription is active, plus any period required by law.
• Analytics data: Firebase Analytics event data is retained for up to 14 months. Firebase Crashlytics crash reports are retained for 90 days.
• Support communications: Retained for up to 3 years to provide ongoing support.

10. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data
• Data portability where applicable

To exercise these rights, contact us at [email protected].

11. For European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR).

11.1 Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: To fulfill our obligations when you purchase a license or use our services.
• Legitimate Interests: To improve our products, prevent fraud, and ensure security, where these interests are not overridden by your rights.
• Consent: For marketing communications and optional features. You may withdraw consent at any time.
• Legal Obligation: To comply with applicable laws and regulations.

11.2 Your GDPR Rights

Under GDPR, you have the right to:

• Access: Request a copy of your personal data.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data ("right to be forgotten").
• Restriction: Request restriction of processing in certain circumstances.
• Portability: Receive your data in a structured, machine-readable format.
• Object: Object to processing based on legitimate interests or for direct marketing.
• Withdraw Consent: Withdraw consent at any time where processing is based on consent.
• Lodge a Complaint: File a complaint with your local data protection authority.

11.3 International Data Transfers

Your data may be transferred to and processed in countries outside the EEA. When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or we rely on the recipient's participation in recognized data protection frameworks.

11.4 Data Protection Contact

For GDPR-related inquiries, contact us at [email protected]. We will respond to your request within 30 days.

12. For California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information.

12.1 Categories of Personal Information

In the past 12 months, we may have collected the following categories of personal information:

• Identifiers: Email address (when you purchase a license or contact support).
• Commercial Information: Purchase history and license information.
• Internet Activity: IP address and browser information from website visits; pseudonymized app usage data and crash reports via Firebase.

Important: Content you create or import in our apps (audio files, recordings, notes, screenshots, documents) is processed locally on your device and is not collected by us.

12.2 How We Use Your Information

We use personal information for the business purposes described in Section 4 of this policy (How We Use Your Information), including:

• Processing transactions and fulfilling orders
• Providing customer support
• Improving our products and services
• Ensuring security and preventing fraud

12.3 Sale and Sharing of Personal Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We have not sold or shared personal information in the preceding 12 months.

12.4 Your CCPA/CPRA Rights

As a California resident, you have the right to:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out: Opt out of the sale or sharing of your personal information (we do not sell or share your data).
• Right to Limit Use: Limit the use and disclosure of sensitive personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

12.5 How to Exercise Your Rights

To exercise your CCPA/CPRA rights, you may:

• Email us at [email protected] with "CCPA Request" in your subject line
• Manage your cookie and tracking preferences via our Privacy Preferences page

We will verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf. We will respond to verifiable requests within 45 days.

12.6 California "Shine the Light"

California Civil Code Section 1798.83 permits California residents to request information regarding disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

13. Children's Privacy

Our services are intended for users aged 16 and older. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us immediately at [email protected] and we will take steps to delete such information.

14. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes that affect how we process your data, we will notify you via email (if you have provided one) or in-app notification before the changes take effect.