Privacy Policy

This Privacy Policy describes how Tallisa ("Tallisa," "we," "us," or "our") collects, uses, and shares information when you use the Enki mobile application (the "App").

1. Information We Collect

We collect the following types of information:

• Account Information: When you create an account, we receive a token from Apple or Google to identify your data. We do not store your name, email address, or other personally identifiable information on our servers.
• User Content: This includes the text, links, and other content you save using the App's "Create" page and share extension.
• Usage Data: We collect anonymized information about how you use the App, such as the features you use, the frequency and duration of your activities, and other statistical data. This information is collected through Google Analytics.
• Device Information: We may collect general information about the device you use to access the App, such as the device type, operating system, and unique device identifiers. This information is typically anonymized and used for analytics purposes.
• Interaction Data with AI: We temporarily store recent (25 chats) and similar (10 based on cosine similarity) interactions with the AI chatbot to provide context and improve the AI's responses during your current session. This data is not persistently stored in a way that identifies you.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Providing and Improving the App: We use your User Content to provide you with the core functionality of Enki, such as saving, browsing, and interacting with your notes. Usage data helps us understand how users interact with the App and identify areas for improvement.
• Personalization and Context: We use the context of your saved data and recent/similar AI interactions to provide relevant and helpful responses within the "Chat" feature.
• Analytics: We use anonymized usage data collected through Google Analytics to analyze trends, monitor the performance of the App, and make data-driven decisions to enhance user experience.
• A/B Testing: We may use remote configuration tools to conduct A/B testing, which involves showing different versions of the App to different users to see which performs better. This helps us optimize the App's design and functionality.
• Communication: We may use your contact information (if you provide it for support or feedback) to respond to your inquiries and provide support.

3. Data Storage and Security

We are committed to protecting the privacy and security of your data. To that end, we employ end-to-end encryption to safeguard your information. When you create an account, a unique, randomly generated encryption key is created specifically for you. This key is securely embedded within your Firebase ID token as a custom claim and is never stored persistently on our servers.

Each user has their own physically isolated database. Your data is encrypted at rest within this database using your unique encryption key, leveraging the SQLite3 Multiple Ciphers (SMC) extension within our forked version of SQLite, LibSQL.

When your app sends a request to our backend, it includes your Firebase ID token. Our backend, built with Rust and the Axum framework, verifies this token and extracts your unique encryption key. This key is then used to decrypt your database in memory, allowing us to process your request. Once the request is completed, your database is immediately re-encrypted and saved back to disk.

This robust encryption mechanism ensures that your data is protected both in transit and at rest. Because your encryption key is never stored on our servers and is only accessible through your authenticated ID token, even in the event of a security breach, your data remains inaccessible to unauthorized parties, including Tallisa. We do not have a master key to decrypt individual user databases.

We take reasonable measures to protect your information from unauthorized access, use, or disclosure. However, no method of transmission over the internet or method of electronic storage is completely secure, so we cannot guarantee absolute security.

4. Sharing of Your Information

We may share your information in the following circumstances:

• With Third-Party Service Providers: We use third-party services like Google Analytics for analytics and error monitoring, and potentially other service providers to support the functionality of the App. These providers have their own privacy policies governing their use of your information.
• With AI Model Providers: When you use the "Chat" feature, your queries and relevant saved data are shared with our LLM providers, Gemini and Claude, to provide the conversational AI functionality. Their use of your data is governed by their respective privacy policies:
  • Google Privacy Policy (for Gemini)
  • Anthropic Privacy Policy (for Claude)
• For Legal Reasons: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a subpoena or court order).
• In Connection with a Business Transfer: If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our App of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

We do not sell your personal information to third parties.

5. Your Rights and Choices

You have the following rights regarding your information:

• Access: You can access the information you have saved within the App through the "Explore" page.
• Rectification: You can edit and update your saved information within the "Explore" page.
• Erasure: You can delete individual items on the "Explore" page or delete all your data and your account through the "Settings" page.
• Data Export: You can request a copy of your data in a machine-readable format by contacting us at [email protected].
• Withdraw Consent: To the extent our processing is based on consent, you have the right to withdraw your consent at any time. This can be done by deleting your account.
• Opt-out of Analytics: You may be able to opt-out of certain analytics tracking through your device settings. Refer to Google Analytics' currently available opt-outs for the web here.

6. Children's Privacy

Enki is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 (in compliance with COPPA). If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at [email protected]. If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to remove that information from our servers.

7. Data Transfers

As we are based in Sri Lanka, your information is stored in servers located in the EU region, specifically with our hosting providers, Hetzner and Google Cloud. We will protect your personal information in accordance with this Privacy Policy wherever it is processed.

8. Third-Party Links and Services

The App may contain links to third-party websites or services that are not owned or controlled by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party websites or services you visit.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. You are advised to review this Privacy Policy periodically for any changes. Your continued use of the App after the posting of a revised Privacy Policy signifies your acceptance of the revised policy.

10. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: [email protected]

Effective Date: 25th December 2024