Skip to content
Imprimo

Privacy Policy

Last updated: May 2026

This Privacy Policy explains what Imprimo collects, how we use it, and what stays private. It covers the Imprimo iOS app and the imprimo.app website (together, the "Service"). Imprimo is operated by Imdad Ismail. By using the Service, you agree to the practices below.

Privacy-first by design

Your study data lives on your device by default. If you turn on sync, your flashcards, decks, review history, and notes are sent over an encrypted TLS connection and stored encrypted at rest on our servers. Only the backend services that need your data to make sync work can reach it.

Offline-first study is part of that. Core review sessions work on your iPhone without a network connection, so review activity does not need to be sent to a server just to keep your daily queue moving.

What we collect

Account information. When you sign in with Apple or Google, we receive an account identifier and, if you allow it, your name and email address. We use this only to authenticate you, sync your data across devices, and send account or security notices.

Study content you create. Flashcards, decks, concepts, learn-mode progress, review history, and any media you attach are stored locally on your device. If sync is on, encrypted copies are uploaded so the same data is available on your other Imprimo devices.

Source material for AI features.When you ask Imprimo to generate flashcards from a PDF, URL, image scan, or pasted text, that material is sent to our backend and forwarded to AI model providers so cards can be generated and returned to you. See "AI card generation" below.

Subscription and purchase data. Apple handles all purchases. We use RevenueCat to check whether you have an active Imprimo Pro subscription. RevenueCat gets a pseudonymous user ID and the purchase metadata Apple returns. It does not get your card content.

Device and diagnostic info. We collect basic technical information such as iOS version, app version, device model, locale, crash reports, and performance metrics. This helps us fix bugs and keep the app reliable.

First-party product analytics. Product analytics are enabled by default so we can understand whether Imprimo is working reliably and which features need improvement. These events may include basic usage signals such as screen views, feature usage, app version, platform, and whether a review session or deck action happened. We do not collect the contents of your flashcards, notes, source documents, scans, or other study material through analytics. You can disable product analytics for each device in Settings at any time.

Push notifications. If you allow them, we store a device push token so we can deliver review reminders and updates about long-running AI jobs you started. You can disable notifications in iOS Settings.

Support communications. When you contact us, we receive your email address and the content of your message. We use this to respond.

How we use it

We use the information above to:

  • run, maintain, and secure the Service;
  • authenticate you and sync your encrypted data across devices;
  • generate flashcards from the source material you submit;
  • verify subscription entitlements and handle plan changes;
  • send notifications and service messages you asked for;
  • detect and prevent fraud, abuse, and security issues;
  • measure first-party product usage and improve features, unless you disable analytics;
  • comply with legal obligations.

We do not sell your personal information, and we do not use your study content to train third-party AI models.

Storage and encryption

Study data you create stays on your device in a local database, which your device encrypts automatically. When sync is enabled, data is sent to our servers over TLS 1.3 and stored encrypted at rest with server-side keys. Only the services that run sync have access to these keys.

Some metadata required to operate sync (record identifiers, timestamps, conflict resolution markers) is stored on the server so updates can be routed to the right account. We keep this metadata to the bare minimum.

AI card generation

When you use AI features (Smart Scan, PDF upload, URL import, paste-to-cards, Learn Mode topic clarification, and similar), the source material you provide is sent to our backend and forwarded to AI model providers acting as our processors. These providers process the content only to return the requested output.

We retain AI job inputs and outputs for a short operational period so long-running jobs can complete, retries can run, and results can be delivered to your device. We do not use this material to train our own or third-party models.

Do not upload private, regulated, or confidential material (for example, identifiable patient records, privileged legal documents, or other sensitive third-party data) unless you have the right to do so.

Service providers

We rely on a small set of trusted providers. They process information only on our instructions and under written data protection terms.

  • Apple: Sign in with Apple, push notifications (APNs), and App Store payments.
  • Google: Sign in with Google.
  • RevenueCat: subscription entitlement verification.
  • Hosting and infrastructure providers: backend servers, databases, and storage.
  • AI model providers: processing the source material you submit to AI features and returning generated cards.

Data retention

Data you create stays on your device until you delete it or uninstall the app. Encrypted synced data is kept on our servers while your account is active. If you delete your account, we delete or irreversibly anonymize your synced data within 30 days, except where we must retain limited records for legal, tax, or fraud-prevention reasons.

Backups may persist for a limited additional period before they are rotated out. Aggregated, non-identifying analytics may be kept longer.

Your rights

Depending on where you live, you may have the right to:

  • access the personal information we hold about you;
  • correct information that is inaccurate;
  • delete your account and associated synced data;
  • object to or restrict certain processing, including analytics;
  • port your data in a machine-readable format; and
  • withdraw consent at any time where processing is based on consent.

You can manage product analytics per device and notification preferences in the app's Settings, and you can delete your account and synced data from within the app. To exercise any other right, email hello@imprimo.app. If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.

International transfers

Imprimo is operated from outside the EEA and the UK. When we transfer personal data internationally, we rely on lawful transfer mechanisms such as the European Commission's Standard Contractual Clauses, and we require our providers to apply equivalent protections.

Children

Imprimo is not directed at children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

Security

We use TLS 1.3 in transit, encrypt synced study content at rest on our servers, require authentication on all APIs, and apply standard security controls to protect the Service. No system is perfectly secure, but we work to keep your data safe and to notify you if a breach affects you, as required by law.

Changes to this policy

We may update this Privacy Policy as Imprimo evolves. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you in the app. Continued use of the Service after a change means you accept the updated policy.

Contact

Questions about your privacy or this policy? Email us at hello@imprimo.app.