Privacy Policy

Effective: November 13, 2025

Learn and Be Curious (“we,” “our,” or “us”) helps creators launch branded mobile apps quickly using our shared backend platform, templates, and automation. This Privacy Policy explains how we collect, use, and share information when you visit our website, interact with our platform, or use apps that are powered by our infrastructure.

1. Information We Collect

• Account information: Names, email addresses, and identifiers provided via Cognito, Sign in with Apple, or Google.
• Usage data: Logs captured by our AWS infrastructure (API Gateway, CloudFront, and Lambda) including IP address, device type, timestamps, and actions taken within the apps.
• Support communications: Emails or messages sent to us for troubleshooting or feedback.
• App-specific content: Any data the app itself needs to store (e.g., profile info) that is routed through our API and DynamoDB tables on behalf of the app owner.
• AI interactions: Prompts, responses, and settings when you use AI-powered assistants or automations we provide.
• Device & cookies: Standard web log data, cookies, and similar technologies that remember preferences, enable security features, and measure performance. You can control cookies via your browser settings, though disabling them may impact functionality.

2. Permission & Transparency

We only collect, use, or transmit personal data when we have a lawful basis—typically your explicit consent, our legitimate interest in operating the platform, or because the processing is necessary to deliver the app you requested. We explain the purpose of each data use within this policy and, when required (for example, App Tracking Transparency prompts, push notifications, or third-party AI features), we show a clear permission dialog before proceeding. We never gate access to content, rewards, or core functionality based on enabling system permissions such as push notifications, location, or tracking; those settings are optional and can be changed at any time.

3. How We Use Information

• Authenticate users through Cognito and federated identity providers.
• Operate, secure, and improve the shared backend stacks, including monitoring for abuse.
• Provide customer support, respond to requests, and communicate service updates.
• Comply with legal obligations and enforce our agreements.

4. Third-Party AI & Data Sharing

We work with trusted providers—including analytics services, error monitoring, limited advertising partners, SDK vendors, and third-party AI/model providers (such as OpenAI, Anthropic, or similar)—to deliver and improve the apps built on our platform. When we share personal data with these providers, we do so only for the following reasons:

• Answering user questions, generating content, or providing other AI-driven features you opt into.
• Analytics, diagnostics, and performance monitoring to improve reliability.
• Limited advertising use that complies with the Apple Developer Program License Agreement and any applicable law.

Before any personal data is sent to a third party—or to a third-party AI service—we obtain explicit permission through in-app prompts or account settings. We contractually require partners to protect the data, use it only for the requested purpose, and delete it when the engagement ends. We do not sell or rent personal information.

If we engage in cross-app or cross-site tracking for advertising, we use Apple’s App Tracking Transparency prompt and respect your choice. Declining tracking (or other permissions) will not block access to app content, though certain personalized features may be unavailable.

Apps that fail to meet these privacy expectations—or that share data without consent—may be removed from sale by Apple, and repeated violations can lead to loss of developer program membership. If we cannot meet the commitments in this section, we will disable the affected features until we can comply.

• With app owners who rely on our platform to operate their branded apps.
• With trusted service providers (AWS, GitHub, CI/CD vendors, analytics, limited advertising partners, third-party AI services) under contract and only as needed.
• When required by law, legal process, or to protect the rights and safety of our users and platform.
• In connection with a business transaction (e.g., merger, acquisition) consistent with applicable privacy laws.
• We do not sell or rent your personal information to third parties. If we ever change that stance, we will update this policy and provide opt-out controls.

5. Data Retention & Security

Data is stored in AWS regions specified for each environment (currently us-west-2). We retain user information only as long as necessary for the purpose collected or as required by law. We employ encryption in transit, role-based access, automated monitoring, and least-privilege controls to protect your data. If we use subprocessors, they must meet comparable security standards and sign data-protection agreements.

6. Your Choices

• Access, update, or delete account information by contacting the app owner or emailing privacy@learnandbecurious.com.
• Request a copy of the data we maintain about you; we will respond within 30 days unless a longer period is required by law.
• Ask us to delete your data; we honor verified requests and confirm once removal from personalization, logs, and backups (where feasible) is complete.
• Revoke Sign in with Apple permissions via your Apple ID settings or revoke Google access via your Google Account.
• Opt out of marketing emails by using the unsubscribe link or contacting us directly.
• Control AI data: by default your AI conversations are used only to personalize your experience (e.g., remember preferences). We do not use them to train global AI models unless you opt in. You can export or delete AI data at any time; deletion removes it from personalization and logs and prevents future training.
• Change system permissions (push notifications, location, tracking) in iOS Settings at any time. We honor your choices and will not reduce baseline app access because of them.

7. International Data Transfers

We operate primarily in the United States. If you access our services from other regions, your data may be transferred to and processed in the U.S. where data protection laws may differ.

8. GDPR / UK Data Protection Rights

For users in the European Economic Area or United Kingdom, we process personal data on the basis of (i) providing the Services under contract, (ii) legitimate interests (e.g., securing our infrastructure), or (iii) consent (when required). You have the right to access, correct, delete, restrict, or object to processing, the right to data portability, and the right to lodge a complaint with your local supervisory authority. To exercise these rights, email privacy@learnandbecurious.com. We verify identity before fulfilling requests and respond within 30 days unless an extension is permitted.

9. California Privacy Rights

California residents have the right to know what personal information we collect, use, and disclose; the right to delete personal information (subject to legal exceptions); and the right to opt out of the sale or sharing of personal information. We do not “sell” or “share” personal information as defined by the California Consumer Privacy Act (CCPA/CPRA). To submit a request, contact us at privacy@learnandbecurious.com. We will verify your identity before fulfilling the request and respond within 45 days (with one 45-day extension if necessary).

10. Children

Our platform is not directed to children under 13, and we do not knowingly collect personal information from children. If you believe a child provided data, contact us so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The “Effective” date above reflects the latest revision. Material changes will be communicated via our website or app release notes.

12. Contact

Questions or requests? Email privacy@learnandbecurious.com or write to Learn and Be Curious, 548 Market St PMB 32112, San Francisco, CA 94104.