APAH Assist Privacy Policy
APAH Assist Privacy Policy
Last Updated: May 10, 2026
Introduction
This Privacy Notice for Jordan Feldstein LLC (doing business as APAH Assist) ("we," "us," or "our") explains how and why we collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:
Download and use our mobile application (APAH Assist) or any other application of ours that links to this Privacy Notice
Create an account, sync your study progress, purchase a subscription, or restore a previous purchase
Engage with us in other related ways, including any sales, marketing, or events
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at support@jordanfeldstein.com.
SUMMARY OF KEY POINTS
This summary provides key points from our Privacy Notice. You can find more details about any of these topics by reading the full notice below.
What personal information do we process? When you create an account, sign in, sync progress, or purchase a subscription, we may process your email address, a Supabase user ID, your study progress (quiz results, flashcard reviews, custom sets), your purchase status, and — if you grant App Tracking permission — an advertising identifier used by Google AdMob.
Do we process any sensitive personal information? No.
Do we collect any information from third parties? Yes. We receive limited information from Apple (Sign in with Apple), Apple App Store / RevenueCat (purchase status), and Google AdMob / Google User Messaging Platform (ad delivery and consent).
How do we process your information? To operate, maintain, and improve the Services; to authenticate you; to sync your progress across devices; to deliver and verify in-app purchases; to show ads to free users; to communicate with you; and to comply with law.
In what situations and with which parties do we share personal information? Only with the service providers listed in Section 3 (Supabase, RevenueCat, Superwall, Google AdMob, Apple) and only as needed to provide the Services. We do not sell your personal information.
How do we keep your information safe? We use industry-standard administrative and technical measures, including HTTPS, server-side authorization (Supabase Row Level Security), and the security controls of our service providers.
What are your rights? You can review, update, export, or delete your data from inside the app at any time. Account deletion permanently removes your account and synced data.
How do you contact us? Email support@jordanfeldstein.com.
TABLE OF CONTENTS
1. WHAT INFORMATION DO WE COLLECT?
Personal information you disclose to us
In Short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide to us when you register for the Services, express an interest in obtaining information about us or our products and Services, or otherwise contact us. The personal information we collect may include:
Email address — used to sign you in via one-time code or Sign in with Apple, and to look up promotional Pro grants we may offer you.
Authentication identifier — a Supabase-issued user ID (UUID) that uniquely identifies your account on our servers.
Apple identity token — when you choose Sign in with Apple, Apple provides us a token verifying your identity. We do not receive your Apple ID password.
Purchase information — subscription status, transaction identifiers, and entitlement state, provided to us by Apple App Store and RevenueCat. We never see your full payment instrument.
Information automatically collected
In Short: Some information — such as your device-level identifiers and ad identifiers — is collected automatically when you visit our Services.
Study progress data — quiz history, scores, flashcard confidence ratings, custom quiz sets, study streaks, achievements, and preferences. We sync this to Supabase so your progress survives device loss and follows you to new devices.
Device and usage information — device model, operating system version, app version, and similar diagnostic information collected via Apple's standard frameworks for crash reporting and store integrity.
Advertising identifier (IDFA) — only when you grant App Tracking Transparency permission. Used by Google AdMob to deliver more relevant ads to free-tier users. If you decline, we still serve ads but they are non-personalized.
Information from other sources
We receive information from:
Apple — Sign in with Apple identity tokens; transaction receipts and subscription status from the App Store.
RevenueCat — entitlement status, subscription expiration, renewal events.
Google User Messaging Platform — your consent choices for personalized advertising in regions that require GDPR / CCPA-style consent.
2. HOW DO WE PROCESS YOUR INFORMATION?
In Short: We process your information to provide, improve, and administer our Services, communicate with you, comply with law, and protect your rights.
We process your personal information for a variety of reasons, including:
To provide and maintain the Services: authenticate you, sync your study progress, present quiz content, and deliver purchases you have made.
To deliver and process subscriptions and purchases: verify entitlements with the App Store and RevenueCat, provide promotional Pro grants when offered.
To deliver advertising to free-tier users: serve interstitial ads via Google AdMob; show ads with reduced personalization where you have not granted tracking permission.
To respond to user inquiries and provide support: when you email us at support@jordanfeldstein.com.
To request feedback and improve the Services: aggregated analytics and crash diagnostics.
To comply with our legal obligations and to enforce our Terms of Service.
To protect our Services and our users: detect fraud, abuse, or illegitimate use of accounts.
We do not use your information for purposes unrelated to delivering the Services or for automated decision-making that produces legal or similarly significant effects on you.
3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
In Short: We share information with vetted service providers who help us operate the Services. We do not sell your personal information.
We share your information with the following categories of service providers, each only as necessary to provide the Services:
Service provider Purpose What is shared Supabase, Inc. Authentication, database hosting, account deletion Email, user ID, study progress RevenueCat, Inc. In-app subscription management and entitlement verification Anonymous user identifier (Supabase user ID), purchase events Superwall Holdings, Inc. Paywall delivery and conversion analytics Anonymous user identifier, paywall view events Google LLC (AdMob & UMP) Interstitial advertising and consent management Advertising identifier (only with ATT permission), aggregated impression data Apple, Inc. (App Store / Sign in with Apple) App distribution, payment processing, identity verification Information governed by Apple's privacy policy
We may also disclose information:
To comply with legal obligations, including in response to valid legal process.
To protect rights, privacy, safety, or property of us, you, or others.
In connection with a business transfer (merger, acquisition, asset sale), provided the receiving party honors this Privacy Notice.
We do not sell or rent your personal information to third parties.
4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
In Short: Our mobile app does not use browser cookies, but we do use mobile identifiers and SDKs as described above.
The mobile application uses the iOS advertising identifier (IDFA) only with your express App Tracking Transparency permission. You can revoke this permission at any time in iOS Settings → Privacy & Security → Tracking, or via the in-app Account → Ad Privacy Choices option.
Apple's StoreKit and your device's purchase history are subject to Apple's own privacy policies and controls.
5. HOW LONG DO WE KEEP YOUR INFORMATION?
In Short: We keep your information for as long as your account is active, unless a longer retention period is required by law.
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Notice, which generally means as long as you maintain an active account. When you delete your account through the app's Account → Delete Account option, we delete your account record from our authentication system and your synced study progress from our database immediately, subject to the retention requirements of our service providers (which typically retain backups for a short window before permanent deletion).
Aggregated, de-identified data that cannot be reasonably linked back to you may be retained indefinitely.
6. HOW DO WE KEEP YOUR INFORMATION SAFE?
In Short: We use commercially reasonable safeguards to protect your information.
We have implemented administrative and technical safeguards designed to protect the security of your personal information, including:
HTTPS / TLS for all network traffic between the app and our backend.
Supabase Row Level Security policies that restrict each user to reading only their own records.
Service-role isolation — privileged operations (such as account deletion) run inside server-side Edge Functions with credentials never shipped in the app.
Public publishable keys only — the keys included in the app binary are intentionally limited to read/write your own data and cannot be used to access other users' accounts.
No electronic transmission or storage system is 100% secure. We cannot guarantee absolute security, but we work continuously to harden our Services against unauthorized access, alteration, disclosure, or destruction.
7. DO WE COLLECT INFORMATION FROM MINORS?
In Short: We do not knowingly collect data from or market to children under 13 years of age.
The Services are intended for AP Art History students, generally high-school age and above. We do not knowingly solicit data from or market to children under 13. If you believe we have collected information from a child under 13, please contact us at support@jordanfeldstein.com and we will promptly delete it.
For users between the ages of 13 and 18, we recommend that a parent or guardian review this Privacy Notice with you before you use the Services.
8. WHAT ARE YOUR PRIVACY RIGHTS?
In Short: You can review, update, export, or delete your data at any time, directly from inside the app.
Inside the APAH Assist app, under the Account tab, you can:
Export Study Data — download a summary of your study progress.
Sync Now — manually trigger a cloud sync.
Reset All Progress — clear your local progress and overwrite the cloud copy on next sync.
Sign Out — end the current session on this device.
Delete Account — permanently remove your account and synced data from our servers.
Ad Privacy Choices (free-tier users) — re-open the Google ad consent form.
Restore Purchases — re-synchronize entitlements purchased through your Apple ID.
You can also contact us at support@jordanfeldstein.com to exercise any of these rights or to ask questions about our processing of your information.
9. CONTROLS FOR DO-NOT-TRACK FEATURES
The Services do not currently respond to web browser Do-Not-Track ("DNT") signals because the app is a native iOS application and the relevant control mechanism on iOS is App Tracking Transparency. You can deny tracking permission at the system level at any time.
10. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
In Short: Yes — depending on your state of residence, you have rights of access, deletion, correction, and opt-out from sale or sharing.
If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, Virginia, or another U.S. state with comprehensive privacy legislation, you may have the right to:
Confirm whether we are processing your personal information.
Request access to and a copy of your personal information.
Request correction of inaccurate personal information.
Request deletion of your personal information.
Opt out of the processing of your personal information for purposes of targeted advertising.
Appeal a decision we make in response to one of your requests.
We do not sell personal information for monetary consideration. To the extent that targeted advertising or sharing for cross-context behavioral advertising is taking place via Google AdMob, you may opt out by denying App Tracking Transparency permission, by visiting Account → Ad Privacy Choices in the app, or by emailing us.
To exercise any of these rights, use the in-app controls in Account or email us at support@jordanfeldstein.com. We will not discriminate against you for exercising your rights.
11. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?
In Short: Yes. Residents of the European Economic Area, the United Kingdom, Switzerland, and certain other regions have additional rights under their respective laws.
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the GDPR and equivalent laws:
The right to access, rectify, or erase your personal data.
The right to restrict or object to our processing.
The right to data portability.
The right to withdraw consent at any time, where processing is based on consent.
The right to lodge a complaint with your local data protection authority.
The legal bases on which we rely are: (a) performance of a contract (providing the Services you requested), (b) legitimate interests (operating, securing, and improving the Services), (c) consent (for personalized advertising and tracking), and (d) legal obligation (where required to comply with law).
For Australian residents, you have rights under the Privacy Act 1988. For South African residents, you have rights under POPIA. To exercise any of these rights, contact us at support@jordanfeldstein.com.
12. DO WE MAKE UPDATES TO THIS NOTICE?
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last Updated" date at the top of this Privacy Notice. If we make material changes, we may notify you either by prominently posting a notice in the app or by sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.
13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
If you have questions or comments about this notice, you may email us at support@jordanfeldstein.com or by post to:
Jordan Feldstein LLC
Attn: Privacy
(mailing address available on request)
14. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
Based on the applicable laws of your country or state of residence, you may have the right to request access to the personal information we collect from you, change that information, or delete it.
The fastest way to do this is from inside the app: open the Account tab and choose Export Study Data, Reset All Progress, or Delete Account.
If you would like to make a request that cannot be handled in the app (for example, a formal data access request), email us at support@jordanfeldstein.com. We will respond within the timeframe required by your applicable law.