← Back to Nativ

Privacy Policy

Last updated: April 1, 2026

1. Overview

This Privacy Policy explains how Nativ (“we”, “us”, “our”) collects, uses, and protects information when you use our AI-powered PDF language learning service. By using Nativ, you agree to the practices described here.

2. What We Collect

  • Account data — Your email address and profile information when you sign up via Google OAuth, stored and managed by Supabase Auth.
  • PDF files — Documents you upload for AI-powered learning, stored in Supabase Storage and linked to your account. Guest files are automatically deleted from our servers after a retention period.
  • Learning data — Chat history, vocabulary entries, annotations, notes, and folder structure you create within the app, stored in our database.
  • Usage analytics — Anonymized event data (e.g., pages visited, features used, PDF uploads) collected via PostHog. This data does not include the content of your documents or messages.
  • Error reports — Stack traces and error context collected via Sentry when the app encounters errors, to help us fix bugs. No document content is included in error reports.
  • Technical data — IP address, browser type, and device information collected automatically for security and service operation. Guest upload limits are enforced per IP address.

3. How We Use Your Data

  • To provide the core service — storing, indexing, and processing your PDFs so the AI can answer questions about them.
  • To personalize your experience — saving your vocabulary, annotations, chat history, and preferences across sessions.
  • To improve product quality — usage analytics help us identify friction points and prioritize features.
  • To maintain service reliability — error tracking helps us identify and resolve bugs quickly.
  • To enforce usage limits — IP-based rate limiting for guest users, subscription tier enforcement for registered users.
  • We do not sell your data to third parties.
  • We do not use your PDF content or chat history to train AI models.

4. AI Processing & Third-Party Services

To provide AI-powered answers, excerpts from your PDF documents are sent to third-party AI providers. By using Nativ, you consent to this processing.

  • OpenAI — Relevant portions of your PDF content (retrieved by our RAG system) are sent to OpenAI to generate chat responses and create text embeddings for search. OpenAI processes this data under their own privacy policy.
  • Supabase — Handles authentication, database storage, and file storage. Data is stored in US-based data centers.
  • PostHog — Anonymized product analytics. No document content is sent.
  • Sentry — Error monitoring. Stack traces only; no user content is included.
  • LemonSqueezy — Merchant of record for Plus subscriptions. Handles payment processing, invoicing, and sales tax. We do not store your payment card details.
  • Google Translate — Used as a translation provider for in-app word and sentence translation features. Text selections you translate are sent to Google's translation API.
  • Vercel / Koyeb — Frontend and backend hosting infrastructure.

5. Cookies & Local Storage

Nativ uses the following client-side storage:

  • Authentication cookies — Set by Supabase to maintain your login session. These are essential and cannot be disabled.
  • Local storage — Stores your PDF library metadata, active session state, and UI preferences (e.g., last viewed page, language settings) between visits.
  • IndexedDB — Stores cached PDF files locally for offline access and faster loading.
  • Analytics cookies — PostHog may set cookies to track anonymous usage sessions. No personally identifiable document content is associated with these.

We do not use advertising or third-party tracking cookies.

6. Data Retention

  • Account and learning data is retained until you delete your account.
  • Guest session data (PDFs, chat history) is deleted when the browser session ends.
  • Upon account deletion, all associated data (PDFs, messages, vocabulary, annotations) is permanently removed from our systems within 30 days.
  • Anonymized analytics data may be retained longer for product analysis purposes.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — Request a copy of the personal data we hold about you.
  • Correction — Request correction of inaccurate data.
  • Deletion — Request deletion of your account and all associated data. You can do this directly from the app's account settings menu.
  • Portability — Request your data in a portable format.
  • Objection — Object to certain types of data processing.

EU/EEA residents have additional rights under GDPR. To exercise any of these rights, contact us at support@nativ.to. We will respond within 30 days.

8. Data Security

We implement technical and organizational measures to protect your data, including encrypted connections (TLS), Row Level Security on all database tables (enforced by Supabase), JWT-based authentication, and restricted access to production systems. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Children's Privacy

Nativ is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page. Your continued use of the Service after any changes constitutes your acceptance of the new policy.

11. Contact

Questions or concerns about this policy? Contact us at support@nativ.to.

Terms of ServiceRefund PolicyBack to app