Effective date: October 5, 2025
Controller: Skylark Creations LLC
Contact: hello@skylarkcreations.com
This Privacy Policy explains what we collect, why we collect it, how we use and share it, and the choices you have. It reflects our actual data flows, storage, and safeguards for BuddhaUR. We do not sell your data or use third-party advertising.
App Store disclosures: We provide App Privacy details (the “Privacy Nutrition Label”) and a Privacy Policy URL in App Store Connect, consistent with the practices described below.
Email address (for email login), hashed password, Apple ID subject identifier and Apple-provided email if you use Sign in with Apple; timestamps.
Purpose: authentication, security, account recovery, fraud prevention.
Subscription state, product/entitlement IDs, platform, expiration, timestamps. No card data (Apple processes payments).
Your chat messages, AI replies, conversation metadata; AI-extracted “memories” (preferences, interests, tags, importance, embeddings) to personalize responses; sensitive-flagged memories aren’t retrieved.
Session start/end, duration, notes (optional), lesson/quiz activity, scores, streaks, timestamps, timezone offset, usage limits consumption.
App version, API request metadata (including IP in logs), timezone offset. We do not collect device identifiers (IDFA/UDID), precise geolocation, contacts, photos, or microphone data.
We share data only with providers necessary to operate the App:
International transfers may occur; we rely on appropriate safeguards provided by each provider. See their policies for details; changes to their practices may occur over time.
We do not sell or rent personal data, share it with data brokers, or use third-party ads or tracking across other companies’ apps or websites.
We don’t use advertising SDKs. Operational SDKs (e.g., RevenueCat) and APIs (OpenAI) are used strictly for app functionality and analytics consistent with this Policy and our App Store privacy disclosures.
Active accounts: we retain conversations, memories, meditation and learning history unless you delete your account or content.
Account deletion: Delete in-app (Settings → Account → Delete Account). We remove account-linked data from production systems promptly; backups are purged on their cycle (e.g., ~30 days). Some records may be retained as required by law (e.g., tax/transaction records).
Inactive accounts: we may delete after a long inactivity period with prior notice.
Access/Correction/Deletion: Use in-app controls and/or email us. Account deletion is self-service in-app.
GDPR (EEA/UK) rights: access, rectification, erasure, portability, restriction, objection. We rely on contract and legitimate interests to process most data; you may object to processing based on legitimate interests.
CCPA/CPRA (California): if applicable to us, residents may request access/deletion and information about disclosures; we do not sell or “share” personal information for cross-context behavioral advertising.
Data export: We are building export tools; until then, contact us for a machine-readable export.
We use HTTPS/TLS, encryption at rest in MongoDB Atlas, access controls, password hashing (bcrypt), and rate-limiting. No system is perfectly secure; protect your device and credentials.
BuddhaUR is for users 13+. If we learn we collected data from a child under 13, we will delete the account. Parents/guardians who believe a child has used the App may contact us.
Citations may open third-party sites (e.g., SuttaCentral). Their privacy policies apply.
We will update this Policy as our practices or laws change; we will notify you of material changes (e.g., in-app notice or email). Continued use means you accept the updated Policy.
Skylark Creations LLC
Email: hello@skylarkcreations.com