AI Pulse — Privacy Policy

Effective 2026-04-25 v0.1 en

This policy describes what data AI Pulse (“the app”) collects, how it is processed, and what rights you have over your data. It is written to be read by a person, not a lawyer. Where it has to be specific to satisfy GDPR, the revised Swiss FADP, and Google Play, it is.

What we collect

Pseudonymous account on first install

When you first open the app, we create a random anonymous account ID (a UUID). It is not based on your name, email address, phone number, or advertising ID. We use it to:

Save your app preferences (tier, digest cadence, players you follow).
Deliver optional push notifications when you turn them on.
Protect your tool-request submissions with row-level access controls so only you and the app developer can read them.
Let you delete your app data later via Settings → Delete account.

If you later add an email or sign-in method (planned for v0.2), this pseudonymous account becomes linked to that information.

The pseudonymous account stores, in user_profiles: tier (Simple / Pro / Expert), preferred digest cadence, push-notifications opt-in, language preference, players you follow, topics you follow.

Tool-request submissions

Tool-request submissions in tool_requests: pain description, current tool, current workaround, fix description, optional email. Tool-request fields may contain business-confidential information. They are stored encrypted at rest and are readable only by you (via your pseudonymous account ID) and the app’s administrator. They are never sent to crash reporters or third-party analytics.

Push notifications (optional)

When you turn on notifications, we register your device’s Firebase Cloud Messaging token in user_devices. Turning notifications off deletes that row. The push payload contains the daily digest title and a count of stories. We do not send your name, summaries, or any personal content via push.

Backend operational logs

The backend logs request timing and source IP for operational reasons (rate limiting, abuse detection). These logs are retained for 30 days and are not joined to your pseudonymous account.

AI-generated content

Article summaries are generated by Google Gemini (model gemini-3.1-flash-lite-preview). Source articles are sent to Gemini once at ingestion time on our backend; we do not send your reading or interaction data to Gemini.

Voice input (microphone)

The app’s recommender screen offers an optional voice input affordance. When you tap the microphone button:

Audio is captured only while you are actively holding / interacting with the microphone control. The microphone is never opened in the background.
Speech is transcribed to text on your device using Android’s built-in SpeechRecognizer. Raw audio never leaves your device.
Only the resulting text transcript is sent to our recommender Edge Function so it can return relevant articles.
We do not store the audio or the transcript on our servers beyond the request/response cycle. The transcript is processed in-memory and discarded once the recommendation is returned.
If you do not grant the microphone permission, the voice button shows a one-time prompt explaining why; the rest of the app continues to work normally.

Supabase (data storage, EU region): all data above.
Firebase Cloud Messaging (Google, push delivery): your FCM token + digest title.
Google Gemini (summarization, server-side only): article body + title at ingestion.
Android system speech service (on-device): voice input audio; the system service handles speech-to-text on your device. We do not send your audio to any third party.

We do not share data with advertisers, data brokers, or analytics providers.

How long we keep data

Profile + preferences (tied to your pseudonymous account): until you delete the account.
Tool-request submissions: until you delete your account.
FCM push token: until you turn off notifications, at which point it is deleted server-side.
Backend operational logs: 30 days.

Your rights

You can:

See your data: Settings → Account → Export.
Delete your data: Settings → Account → Delete account. This cascades through all our tables and is irreversible.
Withdraw push consent: Settings → Notifications.

Under GDPR (if you are in the EU/EEA) and the revised Swiss FADP, you can ask the studio to confirm whether we hold data about you, to provide a copy, to correct it, to delete it, and to stop processing it. Because the only identifier we hold by default is a randomly-generated install UUID with no profile attached, the answer to “what do you have on me?” is usually “very little.” We will say so in writing if you ask.

You can complain to the Swiss FDPIC (edoeb.admin.ch) or your local supervisory authority.

Children

The app is not intended for users under 13 (US) / 16 (EU under GDPR). We do not knowingly collect data from children.

Changes

Material changes will be posted at this URL and a notice will appear in-app on next launch.

Contact

hello@jumpstartlabs.xyz. Plain English is welcome; long legal letters are also welcome but will be answered with short replies.

This is a draft. Final language will be reviewed by counsel before public Play Store launch.