Privacy Notice
Foky is built to help you focus and study without advertising. This notice explains what information the app handles, why it is needed, who may receive it, how long it is kept, and the choices you have.
- Foky does not show ads, sell personal information, or track you across services.
- Product analytics are optional and off until you choose to enable them.
- Study-content sync is optional. Your local study content can stay on your device.
- AI is optional, available only to adults, and requires confirmation before each use.
- You can request access, correction, export, or deletion from the app or by email.
1. Who operates Foky
Hany Jiang personally develops and operates Foky from Toronto, Ontario, Canada. “Foky” is the title of the app and product; it is not a separate corporation or legal entity. Hany Jiang is the person accountable for Foky's privacy practices and can be reached at [email protected].
This notice covers the Foky iOS app and the first-party pages at foky.app. It does not cover a third party's own website, app, or account service.
2. Who may use Foky
Foky is offered in English to residents of Canada, excluding Quebec, and the United States. It is not directed to or offered to anyone under age 16, and Foky does not knowingly permit an under-16 account. AI features are available only to people age 18 or older.
Before account creation, Foky asks whether you reside in Canada, the United States, or an unsupported region. Canadian residents are asked only whether they reside in Quebec or in another province or territory. Foky does not store your exact province. The app also uses Apple's privacy-preserving Declared Age Range service where available and appropriate. Its lower and upper age bounds and provenance are processed transiently in the app only to derive a band; the raw bounds are not persisted or sent to Foky's server. On unsupported systems, or where Apple makes sharing optional, Foky asks you to select only “under 16,” “16–17,” or “18+.” Foky does not ask for or store a birth date.
Foky keeps only the resulting age band, source, assurance class, service region, eligibility status, policy version, and check time. For an Apple-derived decision, the app also sends Apple's signed app-transaction evidence to Foky's server. The server verifies the signature and keeps only a keyed, one-way correlation digest, the App Store environment, and operational timestamps—not the raw app-transaction identifier or signed evidence. Where Apple indicates that age sharing, adult notice, or guardian approval is legally required, access is denied until the required signal or approval and verified correlation are received. Apple can issue guardian-revocation or significant-change signals. Foky verifies Apple's signed outer notification and nested app-transaction evidence before using a revocation signal to freeze the associated account.
If an existing account becomes ineligible because it is associated with a person under 16 or a Quebec resident, product access is frozen. Export, correction, and deletion remain available. Unless eligibility is corrected, the account is scheduled for deletion after seven days, subject to records that must be retained by law or for a documented safety, security, or rights matter.
If you believe a person under 16 created an account or provided personal information, email [email protected]. Foky will investigate and freeze, correct, or delete the account and information as appropriate.
Foky has no parental-consent account flow. If Foky obtains actual knowledge that an account belongs to a child under 13, it will promptly delete the child's personal information except for the minimum record needed to document deletion or comply with law. The seven-day eligibility-correction period does not authorize continued product processing after that actual knowledge.
3. Information Foky handles
“Required” below means Foky needs the information for the account or feature you requested. Optional features remain off until you choose them. Some device and network information, such as an IP address, is necessarily processed by hosting providers when your device makes a request even when Foky does not place cookies or advertising identifiers.
| Category and source | What it includes | Purpose and status | Recipients | Usual retention |
|---|---|---|---|---|
| Account and authentication You, Apple, or Google |
Account ID, name and email returned by the provider, provider identifier, sign-in timestamps, and authentication security records. The embedded Google Sign-In SDK also declares phone number, coarse location, device identifier, and other usage or other data that it may process for sign-in functionality and SDK analytics; Foky does not intentionally request or add those declared fields to your Foky profile. | Create and protect your account; required for an account. | Apple or Google for the sign-in you choose; Supabase. | Foky account data until deletion; ordinary Foky security logs no more than 90 days. Apple and Google retain provider-side sign-in and SDK data under their own privacy terms. |
| Eligibility and legal records You, Apple, and Foky |
Derived age band, source and assurance, broad service region, eligibility status, policy versions, choices, event IDs, timestamps, approved document URL and hash, a keyed app-transaction correlation digest and environment for Apple-derived decisions, and matched consent-revocation notification metadata. Foky does not store the raw Apple app-transaction identifier or signed payload. | Enforce age and region limits and prove your choices; required except optional preferences. | Supabase; Apple where its age or permission services are used. | Eligibility and its correlation with the account; consent-notification receipts no more than 90 days; legal acceptances and rights records for 24 months after closure or deletion. |
| Profile and social information You and other accepted friends |
Display name, friend code, mutual friendship and request status, shared progress snapshot, Collection catalog item, rarity and unlock date, blocks, referrals, and deck-share metadata. | Provide mutual Friends and sharing; required only when you use those features. | Supabase. A person in a pending incoming or outgoing request sees the other person's display name. Accepted Friends see the limited profile and progress snapshot and may request Collection details. Resend receives only an opaque report ID and category for report alerts. | Until deletion; expired or revoked share metadata for 90 days; moderation records as described below. |
| Focus, study, and progress You and app activity |
Focus session timing and verification, review events and results, decks, cards, study choices, reveal history, missions where available, and progress totals. | Run requested focus and study features and calculate server-authoritative progress; core records are required for those features. Cloud study content is optional. | Supabase for account-backed records. Synced study content is stored only with study-sync consent and the required entitlement. | Until account deletion; synced study content is also purged after study-sync withdrawal. |
| Purchases, entitlements, and virtual items Apple, RevenueCat, and app activity |
Product identifiers, transaction and receipt status, entitlement state, purchase and refund history, virtual-currency provenance, balances, cosmetic ownership, and equipped vessel. | Process, restore, support, and prevent abuse of purchases; required when you purchase or use virtual items. | Apple, RevenueCat, and Supabase. | Product history until deletion, except legally required accounting and purchase fields kept for the legally required period. |
| Optional product analytics App activity after opt-in |
An account-linked allowlisted event name and server timestamp, plus numeric daily counts. It does not contain card text, deck names, URLs, selected apps, notes, or AI input. | Understand feature use and reliability; optional and off by default. | Supabase. Foky uses no separate third-party product-analytics SDK; authentication and purchase SDKs may produce their own disclosed operational telemetry. | Linked events and daily metrics for no more than 13 months; linked raw analytics are deleted on withdrawal. |
| AI requests and metadata You, app records, and generated output |
Only the topic, notes, selected PDF pages or study material, or aggregate recap inputs identified before confirmation; generated output; model, status, credit, timing, and safety metadata. | Generate the adult-only AI result you request; optional, per-use confirmation required. | Anthropic processes request content; Supabase processes the request and stores content-free generation metadata and any recap you save. | Unsaved generation records and saved recaps no more than 13 months. Generated cards or a deck you choose to save become study content and follow the study-content rule. Anthropic ordinarily deletes API inputs and outputs within 30 days, with safety, abuse, legal, Files API, or separately agreed exceptions. |
| Reports, support, and rights requests You or another Foky user |
Contact details, request or report category, correspondence, an optional content snapshot you expressly include, actions taken, and case timestamps. | Respond to support and rights requests and investigate safety, abuse, or security issues; required only to handle your request. | Supabase; Resend for an opaque report alert; Cloudflare Email Routing and iCloud Mail for email delivery. | Support mail 12 months after resolution; rights, moderation, and security cases 24 months after closure; optional moderation snapshots 90 days after case closure unless an active matter requires longer. |
| On-device app data You and app activity |
A minimized pre-account eligibility snapshot; settings; account-scoped product, progress, entitlement, currency, cosmetic, and social caches; local study content; active-sprint state; user-owned retry queues; an authentication session token; and temporary AI or export files. | Keep the app responsive, support local or offline use, resume work safely, authenticate requests, and retry requested operations. Required for the relevant app function. | Stored in Foky's app storage on your device. The session token is presented to Supabase when authenticating a request; selected AI material leaves the device only after the separate per-use confirmation described below. | The pre-account snapshot remains until corrected, bound to an account, or removed with app data. Most account caches remain until sign-out, account switch, reset, or deletion. Local-only study content may remain after ordinary sign-out to avoid destroying the only copy, but is erased on another account binding, full reset, or account deletion. Temporary files are removed after use and within 24 hours. |
| Technical and security data Your device and service providers |
IP address, request time, response/error status, device or app version when supplied, rate-limit records, and audit/security events. | Deliver, secure, diagnose, and prevent abuse of the service; necessary for network service and security. | Cloudflare, Supabase, and relevant infrastructure subprocessors. | Ordinary application and security logs no more than 90 days; documented security cases 24 months after closure; breach register 5 years. |
4. On-device app and Family Controls information
If you enable blocking, Apple's Family Controls frameworks provide opaque selections for the apps, categories, and websites you choose. Foky uses those opaque selections on your device and in its private app group to apply shields, profiles, allowlists, schedules, and Strict settings. Foky does not receive readable lists of your selected app or website names and does not sync the opaque Family Controls tokens to the Foky server. Strict PIN verification material stays in the device keychain and is excluded from export.
Foky excludes authentication tokens, Strict PIN material, secrets, and opaque Family Controls selections from privacy exports. When you tap Copy Friend Code, Foky writes that code to the iOS clipboard; Foky does not read the clipboard. iOS controls any system-level clipboard persistence or sharing between your Apple devices.
Device-only decks, blocking profile names, schedules and settings, guardian images, opaque Family Controls selections, and Strict verification material remain until the applicable in-app deletion or reset, account deletion, app removal, or operating-system cleanup. Some information may remain in a device backup you control. Foky cannot erase a copy that you or a recipient separately exported or backed up.
5. Study content, AI, and sensitive information
Foky necessarily handles security-sensitive authentication/session information and a minimized age-band and eligibility result. Foky does not ask for a government identifier, exact birth date, precise location, address book, biometric template, payment-card number, or bank-account number. Apple, Google, or the purchase provider may process information in their own services that Foky does not receive.
You own the study content you create. Foky is not designed to collect health, financial, identity, confidential, or another person's personal information through content fields. Do not put that information in decks, cards, uploads, prompts, reports, or support messages unless it is necessary, you understand the risk, and you have the right to do so. User-provided content can nevertheless reveal health, religion, political views, identity, or other sensitive matters; if you submit it, Foky and the disclosed provider process it to provide the feature you requested.
Foky is not a health service or personal health record. Do not use it to record, infer, or manage personal health information. Because United States consumer-health laws can apply broadly when a person nevertheless submits health-related study material, the supplemental Consumer Health Data Notice explains those practices and rights.
Before every Anthropic request, Foky identifies the material that will be sent, explains that Anthropic provides the model and may process it outside Canada, states the ordinary 30-day provider retention period and exceptions, and repeats the sensitive-content warning. Opening an AI screen does not itself send content. AI is unavailable to anyone whose adult status is unknown or whose derived age band is under 18.
6. Friends, sharing, blocking, and reports
Foky has no public profile directory, social feed, public discovery, or chat. Friends connect by code and mutual acceptance. People in a pending request can see each other's display name. An accepted friend can see the limited profile and progress snapshot shown in the app and can request Collection item identifiers, rarity, and unlock dates. A deck is shared only with an accepted friend after you choose it.
When a recipient imports a shared deck, Foky creates an independent copy owned and controlled by that recipient. Removing or changing the sender's copy does not recall the imported copy. The app discloses this before import.
Blocking removes the friendship, pending friend requests and shares, local snapshots, and future visibility in both directions. You may report a user, share, or content. A report may include a content snapshot only if you expressly choose to include it. Hany Jiang aims to review reports within 72 hours, but urgent danger should be reported to local emergency services. See the Safety page for details.
7. Advertising, sale, tracking, and signals
Foky carries no advertising and integrates no advertising SDK. Foky does not sell personal information, share it for cross-context behavioural or targeted advertising, or use it to track you across apps or websites owned by other companies. Foky does not request Apple's App Tracking Transparency permission and does not use the IDFA.
Because Foky does not engage in sale, targeted advertising, or cross-service tracking, Global Privacy Control and browser “Do Not Track” signals do not change those practices. This legal site uses no scripts, cookies, pixels, forms, or analytics. Cloudflare necessarily processes connection and security data when it delivers the pages.
In the 12 months before this notice's effective date, Foky did not sell personal information or share it for cross-context behavioural advertising. Foky does not offer a discount, reward, or other financial incentive in exchange for personal information. A requested feature may still require the information needed to provide that feature.
Foky does not authorize another party to collect your activity in Foky over time and across unaffiliated apps or websites for behavioural advertising or profiling. Providers may process the operational information described in this notice under their own policies.
8. Service providers and international processing
Foky gives a provider only the information reasonably needed for its role. Providers may use approved subprocessors and may process information in Canada, the United States, and other countries where they operate. Those countries may have different privacy laws, and lawful authorities there may be able to access information. Foky uses contractual, access, and technical safeguards appropriate to the service. Foky's primary Supabase project is configured in the Canada Central region. Supabase subprocessors and the other providers below may still process information outside Canada as described in their terms.
| Provider | Role and information |
|---|---|
| Apple | iOS distribution, Sign in with Apple, purchases, age-range and PermissionKit signals, signed app-transaction and consent-revocation evidence, and on-device Family Controls. |
| Google Sign-In only when selected. Its embedded privacy manifest declares name, email, phone number, coarse location, user and device identifiers, and other usage or other data that the SDK may process for sign-in functionality and SDK analytics. Foky does not use Google advertising services. | |
| Supabase | Authentication, database, storage where used, server functions, rate limits, and account-backed records. |
| RevenueCat | Purchase receipt, product, entitlement, transaction, device, and app-user information needed to process and restore in-app purchases. |
| Anthropic | Adult-only, per-use AI inputs and generated outputs after confirmation. |
| Cloudflare | DNS, security, traffic delivery, and hosting for this static legal site; connection data such as IP address and request metadata. |
| Resend | Sends minimal operational email. For safety reports, the alert contains only an opaque report ID and category, not the report content. |
| Cloudflare Email Routing and iCloud Mail | Route and store email you send to [email protected], including your address and message content. |
Other permitted disclosures
Foky may disclose only the personal information reasonably necessary: at your direction; to the service providers identified above; to courts, regulators, law enforcement, emergency recipients, or professional advisers when permitted or required by law and reasonably necessary to protect a person, investigate fraud or abuse, defend rights, or respond to valid process; or in a bona fide sale, reorganization, or transfer of Foky, subject to confidentiality and any notice or consent required by law. These disclosures are not a sale or targeted-advertising disclosure.
Before sending personal information to a service provider, Foky requires contractual or other enforceable terms that limit the provider to the stated service and require protection comparable to this notice and applicable platform requirements. Provider terms and data protection commitments must be verified as a release condition before that provider handles production user data.
9. Retention and deletion
Foky keeps information only for the feature, safety, legal, accounting, or dispute purpose described here. The following schedule is the operating maximum unless a shorter period is stated, you delete earlier, or law requires a specific record for longer. These periods are launch commitments: Foky will not accept production accounts until the relevant provider settings and contracts have been verified. Encrypted database backups are configured to expire within 30 days; deletion from backups occurs as those backups rotate and deleted data is not restored to active service.
| Information | Retention |
|---|---|
| Account, product history, social state, and synced study content | Until account deletion; synced study content also purged on consent withdrawal. |
| Expired or revoked share metadata | 90 days. |
| Optional linked analytics and AI metadata or recaps | No more than 13 months. |
| Ordinary application and security logs | No more than 90 days. |
| Apple consent-revocation notification receipts | No more than 90 days; the account correlation is deleted with the account. |
| Temporary AI and export files | Deleted after use, cancellation, or failure; absolute maximum 24 hours. |
| General support email | 12 months after resolution. |
| Rights requests, legal acceptances, moderation and security cases | 24 months after closure or account deletion. |
| Moderation content snapshots | 90 days after case closure unless required for an active matter. |
| Confidentiality and breach register | 5 years as Foky's documented internal accountability maximum. Canadian breach regulations require breach records for at least 24 months; this five-year period is not described as a statutory requirement. |
| Encrypted backups | No more than 30 days. |
| Legally required purchase or accounting records | Only required fields, for the period required by law. |
10. Your choices and rights
The Privacy & Data page in Foky shows your eligibility status, current document versions, analytics choice, study-sync choice, AI disclosure, export, deletion, and contact links. You may also email [email protected] to request:
- access to and an explanation of personal information associated with your account;
- correction of inaccurate information, including an eligibility correction;
- a portable export in JSON and CSV form;
- withdrawal of optional analytics or study-sync consent;
- deletion of your account and associated personal information; or
- information about a privacy decision or a complaint review.
An authenticated app session ordinarily verifies a request. For an email request, Foky may verify control of the account email. Government identification is not requested by default. For a written access request governed by PIPEDA, Foky will respond within 30 calendar days. If a permitted extension is needed, Foky will notify you within the first 30 days of the new deadline, the reason, and your right to complain. Access is provided at minimal or no cost unless a lawful charge is disclosed in advance. A refusal is provided in writing with reasons and available recourse. Access may redact another person's information, privileged material, confidential abuse or fraud controls, or information that law requires or permits Foky to withhold. These choices are available broadly, not only where a particular law requires them.
You may authorize another person to make a request for you. Foky may ask for signed proof of that authority and may verify your identity or account control directly. Foky will not deny service, charge a different price, or provide a different service quality because you exercised a privacy right, although deleting required information or withdrawing an optional choice can make the related account or feature unavailable. If Foky refuses or only partly fulfils a request, you may reply to ask for a review of that decision.
If you establish that information is inaccurate or incomplete, Foky will correct, delete, or add to it as appropriate and, where appropriate, notify recipients. If a challenge remains unresolved, Foky will record it. You may report a concern to the Office of the Privacy Commissioner of Canada, a provincial authority, a United States state authority, or another regulator with jurisdiction. Contacting Foky first does not waive a regulator right.
Acknowledging the Privacy Notice is not optional consent. Account authentication, security, eligibility, purchase, and legal-record processing is required to keep an account. If you do not want that required processing, request account deletion. Optional analytics and study sync may be withdrawn independently.
Withdrawing optional consent does not affect processing already carried out lawfully. Study withdrawal queues a durable server purge. Analytics withdrawal deletes linked raw analytics; genuinely de-identified aggregate statistics that cannot reasonably be linked back to you may remain. Account deletion also requests provider deletion or anonymization where supported, clears device account data and Family Controls state, and retries provider cleanup if a provider is temporarily unavailable.
Deleting a Foky account does not delete your Apple or Google account, cancel an App Store subscription, erase records Apple must keep, or delete an independent deck copy already imported by a recipient. Provider records may remain under the provider's legal obligations and privacy terms. Removing the Foky app alone also does not submit an account-deletion request.
11. Safeguards and incidents
Safeguards include encrypted transport, provider encryption at rest where supported, authenticated requests, row-level database controls, least-privilege service credentials, rate limits, account-scoped local storage, server-authoritative purchase and eligibility checks, limited staff access, and deletion procedures. No system can guarantee absolute security. If a breach creates a real risk of significant harm, Foky will notify affected people and regulators as required and will preserve the required incident record.
12. Changes to this notice
The current notice is always available at /privacy. This version is permanently available at /privacy/v2/. Version 1 was an unpublished internal compatibility version; Foky does not represent that it was a prior public notice. Material changes require a versioned acknowledgement before continued product access. Where Apple requires adult notice, guardian approval, or a verified significant-change signal for a teen, Foky will not make the changed feature available until the required path is implemented, verified, and resolved.
13. Contact
Hany Jiang, developer, operator, and Privacy Officer for Foky
Toronto, Ontario, Canada
[email protected]
This notice describes Foky's intended operating practices. It is not legal advice, a lawyer's validation, or a guarantee that legal risk has been eliminated.