LernisPrivacy
Legal

Privacy Policy

Lernis is built with respect for your privacy as a foundational principle. We collect the bare minimum, do not share your data with third parties and do not track you.

Last updated May 2026

1. Data controller

The data controller for your personal data is Andrea Furlani, developer of Lernis.

For any request regarding the processing of your data you can write to privacy@lernis.app

2. What data we collect

We only collect data strictly needed to operate the Service:

  • Email — used to authenticate your account
  • Name — optional, chosen by you during onboarding
  • Session data — tasks, notes, statistics and diary saved in your account
  • Preferences — theme, language, sounds, pomodoro durations, rituals
  • Minimal technical data — app version, operating system and anonymous crash logs

3. What we do NOT collect

We want to be explicit about what we do not collect:

  • Your geographic location
  • Your contacts, calendars or photos
  • Your conversations or messages outside the app
  • Biometric data
  • Advertising identifiers (IDFA, AAID)
  • Browsing behaviour on other apps or websites

4. How we use your data

We use the information we collect exclusively to:

  • Allow access to your account and sync data across devices
  • Save your preferences and customisations
  • Diagnose and fix technical issues
  • Improve the app based on aggregate, anonymous metrics
  • Send you, only with your consent, relevant service communications

5. Legal basis for processing

We process personal data on the following legal bases, under EU Regulation 2016/679 (GDPR):

  • Performance of contract — to provide the Service (art. 6.1.b GDPR)
  • Consent — for optional communications (art. 6.1.a GDPR)
  • Legitimate interest — for service security and abuse prevention (art. 6.1.f GDPR)
  • Legal obligation — to comply with regulatory requirements (art. 6.1.c GDPR)

6. Sharing with third parties

We do not sell, rent or trade your personal data. Ever.

We use only the following providers, all bound by confidentiality agreements and GDPR compliance:

  • Apple Inc. and Google LLC — for authentication via "Sign in with Apple" and "Sign in with Google"
  • Supabase / cloud hosting providers — to securely store your account data on servers within the European Union
  • Technical analytics services — exclusively for aggregate, anonymous crash reports

7. Data retention

We retain your data only for as long as needed for the purposes for which it was collected.

Your account data is retained while your account is active. When you delete your account, all data is permanently deleted within 30 days, except for data we are legally required to retain (e.g. for accounting or security purposes).

8. Security

We adopt appropriate technical and organisational measures to protect your personal data from unauthorised access, alteration or loss:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Data access restricted to authorised personnel only
  • Periodic backups and disaster-recovery procedures
  • Regular security audits of code and infrastructure
  • Prompt notification to the supervisory authority and to users in case of significant data breach

9. Your rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access — know whether we process your data and obtain a copy
  • Right to rectification — correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability — receive your data in structured, readable format
  • Right to object to processing on legitimate grounds
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority (in Italy: Garante per la Protezione dei Dati Personali — www.garanteprivacy.it)

10. Exercising your rights

To exercise the rights listed above you can:

  • Use the profile-management features in the App
  • Write to privacy@lernis.app, attaching a copy of an ID document so we can verify your identity

11. Cookies and similar technologies

The Lernis app is native and does not use cookies.

On this website we only use essential technical cookies (e.g. Supabase authentication session cookies). We do not use tracking, profiling or advertising cookies.

12. International transfers

Your data is stored on servers located within the European Union.

Any transfers outside the EU happen only to countries that guarantee adequate protection levels, or via Standard Contractual Clauses approved by the European Commission.

13. Children

Lernis is not intended for children under 13 years old. We do not knowingly collect data from children under that age.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@lernis.app and we will delete it.

14. Changes to this policy

We may update this privacy policy from time to time, for example to reflect regulatory changes or changes in our processing practices.

Significant changes will be communicated by email or in-app at least 30 days in advance. The last-updated date is shown at the top of the document.

15. Contact

For any question about privacy, to exercise your rights or to report issues, write to privacy@lernis.app

We will reply within 30 days of receiving the request, as required by GDPR.

— Lernis