Legal

Privacy policy.

What we collect, why, who else processes it, and how to delete it. Short on purpose.

Last updated 17 May 2026Questions: support@learnwithvivek.com

The short versionWe only ask for what the app cannot work without: a sign-in identity, the loops and inputs you give us, and a push token so we can nudge you. We never sell your data. You can delete your account in the app — and that wipes everything.

What we collect

  • Account identity — your email, plus the Google or Apple id-token if you sign in with those.
  • Loop content — the text, voice transcripts, and document content you give svaloop, plus the AI conversation history inside each loop.
  • Documents you upload — photos or PDFs you choose to attach. Stored privately, scoped to your account.
  • Device info — a push token, OS version, and app version, used to deliver notifications and triage crashes.
  • Diagnostic logs — anonymous error and performance logs. No loop content is included.

We do not run ad SDKs, do not track for advertising, and do not access your location, contacts, calendar, or photos library in the background.

How we use it

To run your loops, send the calm nudges you signed up for, sync across devices, and triage crashes. We do not profile you for advertising and do not feed your content into any model training set.

Who else processes your data

svaloop runs on a small set of trusted providers. Each one only receives the data it needs to do its narrow job.

  • Supabase — primary database, authentication, file storage, and realtime sync.
  • OpenAI — runs the conversation inside each loop. Contractually opted out of training on the data we send.
  • Mistral AI — OCR for documents you upload. Contractually opted out of training on the data we send.
  • Firebase Cloud Messaging & Apple Push Notification service — deliver push notifications. They see only the push token and the notification text we wrote — not loop contents.
  • Google Sign-In & Sign in with Apple — used only to verify your identity at login.

AI & on-device speech

When you speak into svaloop, the speech-to-text happens on your device — the audio never leaves your phone. Only the transcribed text you can see and edit is sent to our servers.

The AI is explicitly instructed never to interpret medical values, assess urgency, predict outcomes, recommend specialists, or reference what “doctors usually” do. A safety check re-prompts the model if it strays. svaloop is not a medical device. For health decisions, see a qualified professional.

Where data lives, and for how long

Your loops, journey events, documents, and conversation history are stored on managed cloud infrastructure and encrypted in transit and at rest. We retain them while your account is active. Diagnostic logs are kept for 30 days and then purged. Deleted accounts are erased within 7 days; encrypted backups age out within 30 days.

Your rights

You can, at any time:

  • See everything we hold about you — your loops and journey are visible in-app.
  • Export your data — email support@learnwithvivek.comand we'll send a JSON archive within 30 days.
  • Correct or update any of it from within the app.
  • Delete a single loop, or your whole account. See Delete your account.
  • Withdraw consent and stop using the app at any time.

Children & security

svaloop is not directed at children under 13. All traffic between the app and our servers is encrypted with TLS 1.3. Database access is gated by row-level security so your data is invisible to other accounts. Report security concerns to support@learnwithvivek.com.

Changes & contact

If we change anything material, we'll update the date at the top and notify signed-in users in-app before the change takes effect. For any privacy question or data request, write to support@learnwithvivek.com. We acknowledge within 48 hours and resolve most requests within 30 days.