We'd like to describe how we deal with your information, both technical and personal, in simple human terms, rather than the hard-to-read legal lingo.
However, if you read our EULA, you may have noticed a section where you allow us to collect some data. And here's why. There are a few exceptions to our general "no data collection" rule. And for those exceptions, we require your legal consent explicitly provided in the EULA.
We'd like to be very straightforward about those exceptions. Here's the list of cases when some your information may actually be collected and sent to us, and/or to a 3rd-party:
- This website. Every page of it may contain a special user analytics script, usually provided by Google. This script collects some site usage stats, such as how much time you spend on each page, how many links you click, etc. This is the same set of scripts virtually every website out there uses. The collected data is then forwarded to Google and processed. We can then see the processed stats, but what happens with that collected raw data, how it's processed, and whether or not Google shares it with anybody, we don't know.
- Please remember, when you're inside our app, it's not just our code you're interacting with. You're also using infinitely more of somebody else's code - the operating system, the hardware chips of your device, your cellular and Internet providers. Whether or not those companies collect any of your data is absolutely out of our control.
- Every time you connect to a remote server to download or upload a data file, your information is being transferred through regular Internet channels. Whether or not your cellular or Internet provider, government or private agencies are mining that traffic for sensitive data, we have no idea.
- Every time you send an email to our support mailbox or receive a reply from us, those messages go through multiple relay servers before they arrive at the destination. Emails are practically sent in an open form, for the entire world to see. Please be mindful of what kind of sensitive information you send out there without protection.
Okay, now to the more relevant cases, where we actually do have some control over what's happening to your data:
- PDF Lookup. If you select a text in a PDF and press the magnifying glass button, a Lookup menu will be presented to you. Some items on that menu, such as Define, Google, and Wikipedia, will send the selected text to respective companies - Apple, Google, and Wikipedia. The text will be sent via regular Internet channels. What those companies do to that text and whether or not they share it with anybody is out of our control.
- Customer Support. Every time you write an email to us, it is stored in a 3rd-party platform that facilitates customer support workflow, assigns case numbers, priorities, etc. Every bit of information you email to us, including all your messages, our responses, your email address, your name, is stored there. And it's not our system, it's an outside third party, we have no control over that party's servers and data security practices.
- Crash Reports. Sadly, the world isn't perfect. We hate to admit it, but there may be bugs in the app, and the app sometimes crashes. At the precise moment of the crash, the app tries to collect and save some data relevant to the crash. The next time you run the app, it will offer you to send a crash report. If you say yes, that data will be sent to us, and stored on our and/or 3rd-party servers. And yes, it will be sent via open email channels (see above.) If you say no, this collected crash data will be deleted from your device. The data collected may include some technical information, such as the device model, processor type, iOS version, the state of some of the app's variables pertinent to the crash, etc. But also, some personal or semi-personal information, such as a name of the file that caused the trouble. Anything that remotely resembles something personal will be encrypted into a string of bytes, not easily readable without some hacking.
- Service Logs. Probably, the most privacy-challenging case is when we ask you to send us Service Logs. It may happen if you experience some trouble with a remote server connection and request our support. We may ask you to go to the app settings, and explicitly turn on the logging mode. This is probably the toughest privacy challenge, because these logs may truly contain A LOT of information. Rest assured, no such log is being created unless you explicitly turn it on inside the app by your own hand. Even after you do, those log files are simply recorded and placed inside the app's "My Documents" or "Unencrypted" folder. Only when you explicitly take those files and manually email them to us, only then we get that information. This is probably a good time to remind what happens to all emails you ever send to us - they are being stored on a 3rd-party's customer support platform servers, stored for who knows how long, out of our control - see the warning above. Here's what may be in those log files: everything relevant to your system - device model, processor type, iOS version, the remote connections you're making while logging - all the parameters, the names and URLs of the servers, all the sent/received network traffic, including the names - and sometimes the contents! - of files you're sending or receiving, your login details - login name/email, sometimes even password!, various access tokens from remote servers, many additional information about the state of variables of the app during the connection, etc. That's a lot of information, and some of it may really be sensitive. We advise you to only transfer files you don't care about during logged sessions, and also, change your remote connections' password to something temporary, then revert it back after done logging. If any of that sounds like a problem to you, please turn the logging off immediately, and delete all produced log files from the app. We'd like to explicitly assure you that should some sensitive information actually arrive to us, we would never do anything to abuse it. However, this information travels through the Internet, and will be stored on 3rd-party customer support platform servers, where we have little or no control over what's happening.
It's actually not as scary as it sounds, but we felt like we had to warn you upfront.
This is a living document, we may make occasional updates to it.