Privacy Policy — Contextly by DaelVista

Last Updated: June 11, 2026 · Effective: June 11, 2026

1. Introduction

Welcome to Contextly ("we," "our," or "us"). This Privacy Policy explains how DaelVista LLC collects, uses, shares, and protects your information when you use the Contextly mobile application (the "App").

Company Information:

Legal name: DaelVista LLC
Address: 30 N Gould St Ste N, Sheridan, WY 82801-6317, United States
Contact: support@daelvista.com

Age Requirement: Contextly is intended for users 13 years of age or older. We do not knowingly collect personal information from children under 13. If we discover a user is under 13, we will delete their data immediately. Because the App displays advertising from Google AdMob, we treat all users as a general (non-child-directed) audience.

2. Information We Collect

2.1 Information Stored Locally (No Account Required)

The following data is stored on your device using AsyncStorage. It does not leave your device unless you sign in with Google:

Learning progress — completed situations, correct answers, XP points
Unlocked circles and levels
Daily streak and session history
App preferences (theme, onboarding status, personalization answers)
Mistake records — situations you answered incorrectly (Mistake Notebook)
Saved items — phrases and expressions you bookmarked (Review Box)
Spaced repetition data — SM-2 scheduling intervals for flashcards
Slang Hub progress — completed phrase lessons and themes
Daily lesson counter used by the lesson gate (for free users)
Push notification preferences and permission status

2.2 Information You Provide Optionally (Google Sign-In)

If you choose to sign in with Google to sync your progress and to make your credit balance portable across devices:

Google account name and email address
Google unique user ID
Your learning progress data (backed up to Supabase)
Your credit balance, credit ledger entries, and welcome-grant status (stored server-side so they survive reinstall)

Google Sign-In is optional. Most of the App works without it, but credits, the Pro subscription, and AI features require a signed-in account because they are enforced server-side.

2.3 Information Collected Automatically

Device identifier: A stable device ID is generated and stored in the iOS Keychain (with the AFTER_FIRST_UNLOCK_THIS_DEVICE_ONLY attribute, so it survives reinstall) or via Android ID on Android. It is used for: (a) RevenueCat purchase verification, (b) preventing abuse of the one-time welcome credits across reinstalls and new accounts, and (c) server-side rate limiting and account-device binding to prevent shared-account abuse.
Purchase & subscription status: Collected and verified by RevenueCat and Google Play Billing.
AI session data: Text sent to AI practice tools (including voice audio sent to the Pronunciation Check tool) is routed through a Supabase Edge Function proxy to OpenAI (GPT-4o-mini and Whisper). We do not retain your AI conversation content or audio recordings on our servers beyond temporary processing for the request. OpenAI may retain data per its own privacy policy.
AI-generated content cache: When you use AI Custom Practice or the AI Coach (Insights), the AI-generated output is cached in Supabase's ai_generated_content table to avoid redundant API calls. This cache contains generated situations and coaching summaries — not your personal inputs. It is keyed to an anonymous fingerprint of your weak-area profile, not your identity, and is deleted with your account.
Server-side usage & security logs: Each AI call is logged server-side (user ID, device ID, tool ID, timestamp, token usage, estimated cost) in api_call_log to enforce daily caps and detect abuse. This log is retained for operational and fraud-prevention purposes.
Credit ledger: Every grant (welcome, ad, purchase, subscription) and every spend (per tool, per session) is recorded server-side in a credit ledger that is the source of truth for your balance.
Push notification token: If you grant notification permission, your device's local push token is used by expo-notifications (via Google FCM on Android) to deliver scheduled reminders. We do not store the token on our servers.
Voice/audio input (Pronunciation Check): When you use the Pronunciation Check tool, a short audio recording (up to 10 seconds) is captured on your device and forwarded through our Supabase Edge Function proxy to OpenAI Whisper for transcription and scoring. The audio is not stored on our servers — it is processed transiently and discarded immediately after the API response is returned.
App version enforcement: The App checks a minimum required version against a server-side configuration on launch. If your installed version falls below the minimum, you will see a Force Update screen and the App will not allow further use until updated. This check is performed anonymously (no personal data is transmitted).
Advertising identifier (when ads are shown): When ads are shown to free users, Google Mobile Ads (AdMob) accesses your device's advertising ID (AAID on Android, IDFA on iOS) and standard ad-request signals (approximate location derived from IP, device model, OS version, language, connection type) as governed by Google's own policies. You can reset or limit this ID in your device settings.

3. How We Use Your Information

Deliver the learning experience: Track your progress, unlock circles, calculate XP and streaks.
Operate the Credits system: Maintain your credit balance, grant welcome / ad / purchase / subscription credits, and debit credits when you use paid AI tools — all enforced server-side.
Power AI tools: Route your inputs to OpenAI to run the 11 AI tools (SlangDecoder, SlangRoleplay, ToneMaster, FillTheGap, WordSnap, SentenceBuilder, FixMySentence, AIReview, ScenarioChat, Write & Polish, Pronunciation Check) and AI Custom Practice.
AI personalization: Analyze your mistake patterns locally and send an anonymised weak-area profile to OpenAI to generate custom practice and AI Coach insights.
Smart Daily Practice: Build a personalized daily session on-device by combining your spaced-repetition due cards, weak-area situations, and recent mistake items — no data is sent to the server for this feature.
Insights dashboard: Process your locally stored activity data on-device to display performance trends, accuracy rates, and learning momentum.
Review Box & spaced repetition: Use SM-2 data stored on your device to schedule flashcard reviews.
Streak Restore: Allow you to spend 1 credit to restore a broken learning streak. The credit debit is processed server-side; no additional personal data is collected for this action beyond the standard credit ledger entry.
Show advertising to free users: Display Google AdMob rewarded ads (so you can earn credits) and interstitial ads via the lesson gate (after every 3 completed basic lessons for users with no credit balance). Pro subscribers see no ads.
Process subscriptions and purchases: Verify Pro subscription status and credit-pack purchases through RevenueCat & Google Play, and grant the corresponding entitlements / credits server-side.
Sync progress (optional): Back up your data to the cloud if you sign in with Google.
Prevent fraud and abuse: Use the device ID and server-side logs to enforce daily ad-credit caps, prevent welcome-credit farming via reinstalls or new accounts, and prevent shared-account abuse.
Send push notifications (optional): Daily reminders for streaks, available AI sessions, and new situations — only if you grant permission.
Improve the app: Analyze aggregate, non-identifying usage patterns to improve features.

4. Data Storage and Security

4.1 Local Storage

Learning progress is stored locally on your device. It does not leave your device unless you sign in with Google.

4.2 Cloud Storage (Optional — Google Sign-In)

If signed in, your progress, credit balance, and credit ledger are stored in Supabase (hosted on AWS). Data in transit is encrypted with TLS 1.3. Data at rest is encrypted by Supabase. Sensitive operations (credit spending, purchase grants, welcome grants) are gated by Supabase Row-Level Security (RLS) and service_role-only RPCs that the client cannot call directly.

4.3 AI Practice Tool Data

When you use any of the 11 AI practice tools, your text input (or short audio clip for Pronunciation Check) is sent to our Supabase Edge Function proxy and forwarded to OpenAI's API (GPT-4o-mini for text tools; Whisper for Pronunciation Check). We do not log or store your AI conversation content or audio on our servers, but the proxy does log per-call metadata (user ID, device ID, tool ID, timestamp, token usage, estimated cost) for billing accuracy, cap enforcement, and fraud prevention. OpenAI processes requests per its privacy policy.

4.4 AI-Generated Content Cache

When you use AI Custom Practice or the AI Coach insight, the AI-generated output is cached in Supabase to avoid repeated API calls for the same anonymised weak-area fingerprint. This cache:

Contains only AI-generated content, not your personal messages
Is keyed to an anonymous hash of your weak-area profile — not your name or email
Is automatically deleted when you delete your account
Is encrypted at rest by Supabase and in transit with TLS 1.3

4.5 Advertising (Google AdMob)

Contextly displays advertising from Google AdMob to free users in two places:

Rewarded ads in the Credits screen — you choose to watch an ad to earn credits (2 completed ads = 1 credit, daily cap of 6 credits).
Interstitial ads / lesson gate — after every 3 completed basic lessons, free users with no credit balance see a choice screen (watch a rewarded ad to open the next lesson without spending credits, or buy a credit pack). Users with a credit balance and Pro subscribers never see this gate.

When an ad is shown, AdMob may collect and process: the device's advertising ID (AAID/IDFA), approximate location (from IP), device and OS information, language, connection type, and similar ad-targeting signals as governed by Google's policies. You can reset or limit the advertising ID in your device settings. Personalised ads availability depends on your jurisdiction and consent state (e.g., EU/EEA users are shown a Google-mediated consent form before personalised ads are served).

For more details, see Google's How Google uses information from sites or apps that use our services.

4.6 Push Notifications

If you grant notification permission, your device generates a local push token used by Google Firebase Cloud Messaging (FCM) on Android. All notification scheduling (streak reminders, sessions-ready, daily challenge) is handled entirely on your device via expo-notifications. We do not send server-side push notifications and do not store your push token on our servers.

4.7 Data Retention

Local data: Until you reset progress, delete the App, or request deletion.
Cloud progress (if signed in): Until you delete your account or request deletion.
Credit ledger entries: Retained while the account exists; deleted with the account, except where retention is required by law for financial records.
Server-side API call log: Retained up to 90 days for operational, billing, and fraud-prevention purposes, then deleted or aggregated.
Device welcome-grant record: Retained for the lifetime of the device record to enforce the one-time welcome bonus across reinstalls and new accounts. Contains only the device ID and the grant timestamp — no personal data.
AI-generated content cache: Deleted with your account, or within 30 days of last access.
Purchase records (RevenueCat / Google Play): Retained per financial regulations.

5. Third-Party Service Providers

We do not sell your personal information. Free users see Google AdMob advertising as described in Section 4.5. Pro subscribers see no ads.

Service	Purpose	Data Shared
Google Play Billing	Payment processing (credit packs & Pro subscription)	Purchase transaction info
RevenueCat, Inc.	Subscription & purchase verification, webhook-driven credit grants	Device ID, anonymous user ID, purchase & subscription status, transaction IDs
Supabase (hosted on AWS)	Auth, cloud backup, credit ledger, AI proxy, AI content cache, security logs	Account ID, device ID, progress data, credit ledger, AI inputs (forwarded, not retained as content), AI-generated cache (anonymised)
OpenAI, LLC	Powers all AI tools and AI personalization	Text inputs to AI tools and anonymised weak-area profiles (per OpenAI's privacy policy)
Supabase Auth (Google Sign-In)	Sign-in — optional but required for credits & subscription	Name, email, Google ID (only if you sign in)
Google AdMob (Google LLC)	Rewarded ads (earn credits) & interstitial ads (lesson gate) for free users	Advertising ID, IP-derived approximate location, device & OS info, ad-request signals
Google Firebase Cloud Messaging (FCM)	Local push notifications — Android	Device push token (handled on-device; not stored by us)
DeepL (via Supabase proxy)	Optional in-app translation feature	Short text snippets you ask to translate; no account data

6. Credits, Ads, and Subscription — Privacy Implications

6.1 The Credits System

The App uses a credits-based monetization model. Every credit grant (welcome, ad-reward, in-app purchase, monthly subscription allowance) and every spend (per AI tool use) is recorded in a server-side ledger tied to your account. This ledger is the source of truth for your balance and is what allows credits to follow you across devices when you are signed in.

6.2 Rewarded Ads (Earn Credits)

If you choose to watch a rewarded ad in the Credits screen, Google AdMob shows the ad and returns a verification token on completion. We send that token to our server to grant you the corresponding credit (2 ads = 1 credit, daily cap of 6 credits). The token itself is used to deduplicate grants and is then discarded. The data collected by AdMob during the ad is governed by Google's policies — see Section 4.5.

6.3 Interstitial Ads & the Lesson Gate

For free users who have zero credit balance, after every 3 completed basic lessons (situations + slang combined) the App shows a "lesson gate" screen offering two choices: watch a rewarded ad to open the next lesson for free, or buy a credit pack. Users who hold any credit balance and Pro subscribers bypass the gate entirely.

6.4 Pro Subscription

The Pro subscription ($9.99 / month) grants 700 monthly credits and removes all advertising. Subscription state is verified by RevenueCat against Google Play, and the monthly credit allowance is granted server-side via a RevenueCat webhook at each renewal (idempotent on the transaction ID). This means a Pro subscriber on a clean device does not need to share any extra data — the entitlement and grants happen through the existing RevenueCat/Supabase pipeline.

6.5 Anti-Abuse Measures

To prevent abuse of the welcome credits and the ad reward system, the App uses a stable device identifier (see Section 2.3). This identifier is used to: (a) enforce the one-time welcome grant per physical device, regardless of how many accounts sign in on it, (b) enforce the daily ad-credit cap, and (c) detect a single account being shared across many devices. It is not used for advertising or for tracking you across other apps.

7. Account Deletion and Data Removal

How to delete your account and data:

Open Contextly → go to the Profile tab
Scroll down to Delete Account & All Data
Confirm deletion — all cloud data (progress, credit balance, credit ledger, AI cache, subscription record) is deleted immediately

Full instructions: https://apps.daelvista.com/contextly/delete-account-en

If you never signed in, your data exists only on your device. Uninstall the App to remove it.

If you cannot access the App, email support@daelvista.com and we will delete your data within 7 business days.

Note: Purchase and subscription transaction records are retained by Google Play and RevenueCat as required by financial law, even after account deletion. The device welcome-grant record is also retained on a device-only, anonymous basis to prevent welcome-credit farming.

8. Your Rights

Access: Request a copy of data we hold about you
Deletion: Delete your account and data (see Section 7)
Correction: Request correction of inaccurate data
Portability: Request your data in a readable format
Withdraw consent: Disable notifications at any time via App or device settings; reset/limit the advertising ID via your device settings
GDPR (EU/EEA users): Right to object to processing, restrict processing, lodge a complaint with your local data protection authority. EU/EEA users are shown Google's mediated consent form for personalised ads before such ads are served.
CCPA (California): Right to know, delete, opt-out of "sale" or "share". We do not sell personal information. We disclose information to advertising partners (AdMob) only to display ads as described above.

Contact: support@daelvista.com. We respond within 30 days.

9. Children's Privacy

Contextly is intended for users 13 years of age or older and is treated as a general (non-child-directed) audience because it displays advertising. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has used the App, contact us at support@daelvista.com and we will delete all associated data immediately.

10. International Data Transfers

DaelVista LLC is based in the United States. If you use the App from outside the US, your data may be transferred to and processed in the United States and other countries where our service providers operate. By using the App, you consent to this transfer in accordance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via in-app notification. The "Last Updated" date reflects the most recent revision. Continued use of the App after changes constitutes acceptance.

12. Contact Us

Email: support@daelvista.com

Address:
DaelVista LLC
30 N Gould St Ste N
Sheridan, WY 82801-6317
United States

We aim to respond within 3 business days.

13. Governing Law

This Privacy Policy is governed by the laws of the State of Wyoming, United States.