𓀁bolster

Privacy Policy

Last updated: June 2026

Overview

Bolster is a learning and memory reinforcement application. This policy explains what information we collect, how we use it, who helps us process it, and the choices you have. We do not sell your personal information and we do not use third-party advertising SDKs.

Information We Collect

We collect the information needed to create your account, operate the product, generate learning material, and keep the service reliable. This may include:

  • Account information, such as your email address, account ID, name if you provide one, authentication provider details, timezone, and app settings.
  • Learning content, such as topics, focus descriptions, source text, source URLs, source titles, generated cards, questions, answers, grounded sources, edits, feedback, and public sharing settings.
  • Review and usage information, such as answers you submit, card scheduling data, liked/disliked cards, starred or archived topics, generation counts, rate-limit counters, subscription tier, and feature usage.
  • Reminder information, such as notification preferences, push notification tokens, device identifiers used for notification delivery, platform, and reminder delivery timestamps.
  • Purchase and subscription information, such as RevenueCat and Apple subscription identifiers, entitlement status, product selected, renewal or expiration status, and purchase-related events. We do not receive or store your full payment card details.
  • Technical and diagnostic information, such as API endpoint usage, request IDs, response status, latency, token counts, error messages, approximate request and response sizes, device or browser information, cookies or session storage used for authentication, IP address, and server logs.
  • Communications you send us, including support messages, tester feedback, bug reports, and any information you choose to include in those messages.

Sensitive Information

Bolster is not intended for storing highly sensitive information such as Social Security numbers, payment card numbers, government IDs, private health records, legal files, or regulated student records. Please do not add that kind of information to your topics or support messages. If you choose to add sensitive information to Bolster, we will process it as part of providing the service.

How We Use Data

We use information to provide, secure, and improve Bolster. This includes creating and maintaining accounts, generating and editing learning cards, summarizing or parsing resources, scheduling reviews, sending reminders, syncing purchases, enforcing rate limits, preventing abuse, debugging issues, measuring reliability, responding to support requests, and complying with legal obligations.

AI Processing

Bolster uses Google Gemini to generate cards, summaries, source suggestions, edits, and related learning content. When you ask Bolster to process text or a URL, the relevant topic information, resource content, prompts, and context may be sent to Google for processing. Some features may use Gemini's URL or search grounding capabilities to retrieve or reference external sources.

We may also use LangSmith to trace and debug AI requests. When tracing is enabled, prompts, responses, metadata, errors, and performance information may be processed by LangSmith so we can diagnose quality and reliability problems. We do not intentionally use your private learning content to train our own AI models in version 1.

Public Topics

Topics are private by default. If you choose to make a topic public, the public version may include the topic title, focus description, cards, answers, source titles, source URLs, grounded sources, banner details, public author display information, and related topic metadata. Anyone with the public link may be able to view that content, and public topics may appear in public topic lists.

You can make a public topic private again. If another user copied a public topic into their own library before you made it private, their copy may remain as a separate topic in their account.

How We Share Information

We share information with service providers that help us run Bolster. These providers may include Supabase for authentication, database, storage, and edge functions; Google Gemini and Google Cloud for AI processing; LangSmith for AI tracing and debugging; RevenueCat and Apple for purchases and subscriptions; Expo for push notification delivery; Vercel for hosting, deployment, and server logs; and support or email tools used to respond to your requests.

We may also disclose information if required by law, to protect the rights and safety of users or Bolster, to investigate abuse or security issues, or as part of a business transaction such as a merger, acquisition, financing, or sale of assets.

Founder And Admin Access

Bolster is an early-stage product, and authorized administrators may be able to access user data in production systems. We limit that access to purposes such as providing support, debugging, investigating abuse or security issues, maintaining the service, complying with law, and responding to incidents. We do not permit casual browsing of private user content.

Security

We use technical and organizational safeguards designed to protect personal information, including authenticated access controls, row-level database security, service-role separation, encrypted transport, provider-managed encryption at rest, and restricted administrative access. No system is perfectly secure, and we cannot guarantee that information will never be accessed, disclosed, altered, or destroyed.

We do not intentionally store plaintext passwords. Authentication is handled through Supabase Auth and supported identity providers. Do not send us your password or private payment details.

Retention And Deletion

We keep personal information for as long as needed to provide Bolster, maintain security and backups, comply with legal obligations, resolve disputes, and enforce our agreements. You can delete individual topics, resources, and cards in the app where those controls are available.

If you delete your account, we delete your account record and associated personal data from active production systems, including your topics, resources, cards, push tokens, and usage data, except where retention is required or permitted for legal, security, backup, fraud prevention, tax, accounting, or dispute-resolution purposes. Backup deletion may take additional time.

Your Choices And Rights

You can update account settings, control review reminders, turn off push notifications, make public topics private, delete content, and delete your account through the app where those features are available. You can also contact us to request access, correction, deletion, export, or other privacy help.

Depending on where you live, you may have additional rights under privacy laws, such as the right to know what personal information we collect, correct it, delete it, receive a copy, object to or limit certain processing, or opt out of sale or sharing for targeted advertising. We do not sell your personal information or share it for cross-context behavioral advertising.

Children

Bolster is not directed to children under 13, and children under 13 may not create an account or use the service. If you believe a child under 13 has provided personal information to Bolster, contact us and we will take appropriate steps to delete it.

International Users

Bolster is operated from the United States. If you use Bolster from another country, your information may be processed in the United States and other countries where we or our service providers operate. Those countries may have privacy laws that differ from the laws where you live.

Changes To This Policy

We may update this policy as Bolster changes. If we make material changes, we will update the date above and provide additional notice when required by law. Your continued use of Bolster after an updated policy becomes effective means you accept the updated policy.

Contact

For privacy questions or requests, contact bolster.support@accession.studio.