Privacy Policy

This policy explains what data the Kwots app collects, where it is stored, and what we do with it. We aim to keep collection minimal and to be specific about what does and doesn't leave your device.

Sign-in and your account

Kwots requires you to sign in to use the app. Sign-in is handled by Firebase Authentication (a Google service) using either Sign in with Apple or Sign in with Google.

When you sign in, we receive and store the following from the auth provider:

• A unique account identifier (Firebase UID)
• Your display name
• A unique @username you pick on first sign-in (used to attribute shared quotes — see "Sharing" below)
• Your email address
• A profile picture URL, if your auth provider exposes one
• Which provider you used (Apple or Google)

This information is stored in Google Cloud Firestore under a document scoped to your UID. You can edit your display name in the app's profile screen at any time. Your @username is reserved at first sign-in and is fixed in this release; the username-to-account mapping is stored in a separate top-level usernames/ collection that any signed-in user can read in order to check whether a handle is already taken.

Cloud sync of your quotes

Quotes you save in Kwots are stored in two places:

• Locally on your device, using Apple's SwiftData framework, so the app works offline.
• In Firestore, under your account (users/{your-uid}/savedQuotes/), so your collection follows you when you reinstall the app or sign in on another device.

We can technically read these documents because they live in our Firebase project, but the app does not display them to anyone other than you, and we do not access them for any analytical or commercial purpose.

We also store, under your account:

• A small per-quote record of which quotes you've seen in Discover, used to avoid re-suggesting them (users/{your-uid}/seenQuotes/).
• Inbox rows recording quotes other users have shared to you via a Kwots share link (users/{your-uid}/sharedWithMe/) — see "Sharing" below.

The public quote catalog

Kwots maintains a public catalog of quotes (quotes/ in Firestore) that powers the Discover screen and the app's share-link functionality. Catalog entries are readable by anyone using the app or the kwots.app website.

A quote enters the public catalog in two ways:

• You save a catalog quote we already have. This increments a "save count" on the existing entry. No new entry is created.
• You publish a quote you wrote yourself. The first time you share or otherwise publish one of your own quotes, the app shows a one-time consent prompt asking whether to add your quotes to the public catalog. If you confirm, that quote and any future ones you save are published to quotes/, attributed to your display name. Each published quote also goes through automated content moderation; quotes that fail moderation are not published.

A quote you've published to the catalog can be hidden from your public profile at any time using the "Hide from my profile" toggle on the quote. Hidden quotes have your name removed from the catalog entry but the quote text itself remains in the catalog so existing share links continue to resolve.

Sharing quotes

When you share a quote from Kwots, the app generates a link of the form:

https://kwots.app/quote/{quote-id}?t={share-token}

The {share-token} is a long random string that points to a record in a public shares/ collection in Firestore. That record contains:

• Your Firebase UID (the system identifier of your account)
• Your @username at the time of sharing
• Your display name and profile picture URL at the time of sharing
• The id of the quote you shared
• The time of sharing

This record is publicly readable so that anyone who receives the share link — whether they're signed in to Kwots or just visiting kwots.app/quote/... in a browser — can see who shared the quote. The token itself acts as the access control: it is long enough that an attacker cannot guess valid tokens. The record is created at the moment you tap share and cannot be modified afterward.

When a recipient who has the Kwots app opens your share link:

• An inbox row is written under their account (users/{recipient-uid}/sharedWithMe/{quote-id}) recording the share. This includes a snapshot of your @username, display name, profile picture URL, and the quote text at the time of sharing.
• The recipient sees the quote in their "Shared with me" inbox along with your @username.

If you share a quote you previously hid from your profile, Kwots will prompt you to confirm and re-publish it to the catalog with your name attached — Kwots does not support anonymous sharing.

Older share links generated by previous versions of the app used a different format (?sharedBy={your-uid}) that placed your account identifier directly in the URL. Those links continue to work but no new attribution information is fetched for them; you do not need to take any action.

AI features

When you use AI-powered features (Discover, AI's Take, Morning Brew, Find More, mood-based suggestions, or text-to-speech), the relevant quote text or your mood-description text is sent to the following third-party services:

• Google Generative AI (Gemini) — for quote suggestions, reflections, stories, and insights.
• Google Cloud Text-to-Speech — for reading AI content aloud.

These requests are made over encrypted HTTPS connections. Only the quote or mood text needed to fulfill your request is sent. No personal information, device identifiers, or account data is included.

When Google services are unavailable, the app may fall back to Apple Intelligence (on-device processing). In that case no data leaves your device.

For more information about how Google handles data:

• Google AI Privacy
• Google Cloud Privacy

Camera, microphone, and photos

Kwots may request access to your camera, microphone, photo library, and speech recognition. These are used exclusively for capturing quotes:

• Camera — to photograph text for OCR (optical character recognition)
• Photo Library — to extract text from existing images
• Microphone & Speech Recognition — to dictate quotes by voice

OCR and speech recognition run on your device. No images, audio, or recordings are sent to external servers.

Notifications

Kwots may send you local push notifications (such as Morning Brew reminders) if you grant permission. These notifications are scheduled entirely on your device using Apple's UNUserNotificationCenter and do not involve any external server. The app does not currently use Firebase Cloud Messaging or any other remote-push system.

What we do NOT do

• No analytics or tracking. The app does not include Firebase Analytics, Crashlytics, advertising SDKs, or any third-party usage tracking. We do not collect behavioral data about how you use the app.
• No advertising. The app shows no ads.
• No selling of data. We do not share or sell any user data with third parties for marketing purposes.

Data retention and deletion

• Saved quotes — kept until you delete them. Deleting a quote in the app removes it from your local SwiftData store and from users/{your-uid}/savedQuotes/ in Firestore.
• Account data — kept while your account exists. To delete your account and associated data, sign out and contact us at the address below.
• Public catalog quotes you've published — your authorship is removed when you toggle a quote to "Hide from my profile". The quote text itself remains in the public catalog so existing share links to that quote continue to work for other users.
• "Shared with me" inbox rows — kept until you delete the underlying quote.
• Share-link records (shares/{token}) — created when you share a quote and kept indefinitely so that already-distributed share links continue to display attribution. They cannot be edited or deleted in this release.
• Username reservation (usernames/{your-handle}) — kept while your account exists.

Children's Privacy

Kwots is not directed at children under 13. Account creation requires Sign in with Apple or Google, both of which have their own age requirements. We do not knowingly collect data from children under 13.

Changes to this policy

We may update this privacy policy from time to time. Material changes will be reflected here with an updated "Last updated" date.

Contact

Questions about this privacy policy: Aviv1989@gmail.com