Privacy Policy

1. Who We Are

Aporia ("we," "us," "our") operates the website and application at aporia-app.com. Aporia is a product of Aporia App, based in Florida, United States.

For questions about this policy, contact us at: [email protected]

2. What We Collect

Information You Provide

• Account information: Your name and email address when you create an account. If you sign up through a third-party service (such as Google), we receive the name and email associated with that account.
• Payment information: When you purchase lifetime access, your payment is processed by Stripe. We do not store your credit card number, expiration date, or CVC. We retain only a Stripe payment identifier and the date of your transaction.
• Dialogue content: The questions you bring and the messages you write during Socratic examinations. This is the most sensitive data we handle, and it is treated accordingly (see Section 4).

Information Collected Automatically

• Usage data: We collect basic analytics on how you use the app — pages visited, features used, dialogues started and completed, and which pre-made questions you select. This helps us improve the product.
• Device and browser information: Standard technical data including your IP address, browser type, operating system, and device type. This is used for security, troubleshooting, and basic analytics.
• Cookies: We use essential cookies for authentication (keeping you logged in) and session management. We do not use third-party advertising or tracking cookies.

3. How We Use Your Information

We use your information to:

• Operate the product — deliver your Socratic dialogues, manage your account, process payments
• Improve the product — understand usage patterns, identify technical issues, and inform product decisions
• Communicate with you — transactional emails (payment receipts, account updates) and, only with your consent, product announcements
• Maintain security — detect abuse, prevent fraud, and protect our infrastructure

We do not use your dialogue content for any purpose other than delivering your examination in real time. We do not read your conversations. We do not use them to train AI models. We do not sell them.

4. How Your Conversations Are Protected

Your dialogue content is encrypted at rest in our database using AES-256 encryption. This means that even in the unlikely event of a database breach, your conversations would be unreadable without the encryption key.

How AI Processing Works

To provide the Socratic examination experience, we send your messages to a third-party AI provider (currently Anthropic) via their API. Here is what that means for your privacy:

• Your messages are transmitted securely (TLS encrypted in transit) to the AI provider to generate responses.
• The AI provider processes your messages to produce a response and returns it to us.
• Under our agreement with our AI provider, your messages are not retained by the provider after processing and are not used to train their AI models.
• The system prompt that guides the Socratic method is sent alongside your messages. It contains no personal information.

What We Cannot Do

We want to be transparent about the limits of our privacy protections:

• During an active dialogue, your messages must be sent to the AI provider in plaintext for processing. Encryption at rest protects stored data, not data in transit to the AI provider.
• We hold the encryption keys for the database. This means we technically can decrypt your conversations, though we have no reason to and do not do so.
• If compelled by a valid legal order (such as a court order or subpoena), we may be required to decrypt and produce conversation data. We would notify you unless legally prohibited from doing so.

5. Who Can Access Your Data

• Our team: Access to production databases is restricted to essential personnel. We do not access individual dialogue content unless required to resolve a technical issue you report, and only with your explicit permission.
• Stripe (payment processor): Processes your payment. Receives your email address and payment details. Subject to Stripe's Privacy Policy.
• Anthropic (AI provider): Processes your dialogue messages to generate responses. Subject to Anthropic's API Data Usage Policy. Under our API agreement, your data is not retained or used for model training.
• Hosting provider: Our application and database are hosted on infrastructure that may be operated by a third-party cloud provider. Data is encrypted at rest and access is restricted.

We do not share, sell, or rent your personal information to advertisers, data brokers, or any other third parties.

6. Data Retention

• Account information: Retained as long as your account is active. If you delete your account, your data is deleted within 30 days.
• Dialogue content: Retained in encrypted form as long as your account is active. You can delete individual dialogues at any time from within the app, which permanently removes the encrypted content from our database.
• Payment records: Retained for 7 years as required by tax and financial regulations, even if you delete your account. These records contain transaction identifiers and amounts only — not dialogue content.
• Usage analytics: Retained in aggregated, non-identifiable form. Individual-level analytics data is deleted within 90 days.

7. Your Rights

Depending on where you live, you may have the following rights:

• Access: You can request a copy of the personal data we hold about you.
• Deletion: You can delete your account and all associated dialogue content at any time. Contact us or use the account deletion feature in the app.
• Export: You can request an export of your dialogue history in a portable format.
• Correction: You can update your account information at any time through the app.
• Objection: You can object to our processing of your data for specific purposes.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

For California Residents (CCPA)

You have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. To make a request, contact us at the address above.

For European Residents (GDPR)

Our legal basis for processing your data is: contract performance (delivering the product you signed up for), legitimate interest (improving the product and maintaining security), and consent (for optional communications). You have the right to lodge a complaint with your local data protection authority.

8. Children

Aporia is not directed at anyone under 16 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

9. Security

We implement reasonable technical and organizational measures to protect your data, including:

• AES-256 encryption of dialogue content at rest
• TLS encryption for all data in transit
• Restricted access to production systems
• Regular security reviews

No system is perfectly secure. If we become aware of a data breach that affects your personal information, we will notify you in accordance with applicable law.

10. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you by email or through a notice in the app before the changes take effect.

11. Contact

For any questions, concerns, or requests related to this privacy policy:

Email: [email protected]