Wisen — Privacy Policy

Effective Date: March 11, 2026 · Last Updated: March 11, 2026

Thank you for using Wisen. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Wisen mobile application (the “App”). By creating an account or using the App, you agree to the practices described in this policy.

This policy is written to meet the requirements of Apple’s App Store Review Guidelines, the EU General Data Protection Regulation (GDPR), and applicable Finnish and European data protection law.

1. Who We Are

Wisen is developed and maintained by Daria Lenskaja (“we”, “us”, or “our”), operating as an independent solo developer. If you have any questions or concerns about this Privacy Policy or your data, please contact us:

2. Information We Collect

We collect only what is necessary to provide the features you use.

2.1 Account Information

When you create an account, we collect:

  • Email address — used for authentication, account recovery, and account management via Supabase Authentication.
  • Password — stored securely via Supabase Authentication. We never have access to your plaintext password.

2.2 Note Content

The App allows you to create notes containing text, headings, vocabulary pairs, to-do items, tables, handwritten drawings (via Apple PencilKit), photos, and other content you choose to add. All note content is encrypted on your device using AES-256-GCM encryption before being transmitted to or stored in the cloud. This means we cannot read your note content.

Note content is stored:

  • Locally on your device in the app’s Documents directory.
  • In your encrypted cloud storage on Supabase (as ciphertext only).
  • Temporarily in an App Group shared container on your device for the EchoWidget — see Section 2.9.

2.3 AI-Powered Learning Features (OpenAI)

Wisen includes an intelligent tutoring system that generates personalised study questions and feedback based on your notes. To power this feature, portions of your note content are sent to OpenAI’s API.

⚠️ Important: Note text submitted to the AI Tutor is transmitted to OpenAI’s servers in the United States as readable (unencrypted) text. Only note titles and plain text content are sent — photos, drawings, audio, location data, and table data are never sent to OpenAI.

  • Only text content from notes you actively choose to study in an AI Session is transmitted.
  • We send only the minimum content necessary to generate a relevant question.
  • The AI Tutor is an opt-in feature. You may use all note-taking and storage features of Wisen without ever using the AI Tutor.
  • OpenAI’s use of this data is governed by OpenAI’s Privacy Policy. We recommend reviewing it at openai.com/policies/privacy-policy.

2.4 Voice Recordings and Speech Transcription

The App includes a Voice Note feature that records audio and converts it to text using Apple’s Speech Recognition framework (SFSpeechRecognizer).

  • The App requests permission to access your device’s microphone to record audio.
  • Speech recognition is performed via Apple’s servers. Audio data is sent to Apple for processing in order to produce a text transcript. Apple’s privacy policy governs this data.
  • Audio recordings are not saved to your device storage or uploaded to our servers. Only the resulting text transcript is saved as part of your note.
  • The App also supports importing pre-recorded audio files (m4a, mp3, wav) for transcription, subject to the same Apple Speech Recognition processing.
  • Speaker identification is performed locally on your device using audio waveform analysis — no voice data is sent externally for this purpose.

2.5 Learning Progress and Gamification Data

The App’s Spaced Repetition System (SRS) and gamification engine track your study performance. This includes:

  • Mastery levels per note block (a numerical score from 0–30+)
  • Last review dates and review history per note block
  • Session accuracy, correct and incorrect answer counts
  • Experience points (XP), current level and daily goal progress
  • Day streaks and daily XP history (used to render the XP heatmap in the Analytics tab)
  • Knowledge weak-spots (notes and concepts where you have answered incorrectly most often)

This data is used solely to personalise your study sessions, prioritise review content, and display your progress. It is encrypted before being synced to the cloud.

2.6 Knowledge Graph Data

The App analyses your notes to detect shared keywords and suggest connections between notes (the Constellation / Map view). This analysis happens entirely on-device using Apple’s NaturalLanguage framework and on-device word embeddings — no note content is sent to external servers for this purpose. Confirmed note links and deleted link records are stored locally and in your encrypted cloud sync.

2.7 Location Data

With your explicit permission, the App may access your device’s location to allow you to attach geographic coordinates to notes, displayed on the Map tab. Location data is:

  • Only collected when you actively use the location tagging feature.
  • Embedded in your encrypted note data — not stored independently on our servers.
  • Never shared with third parties for advertising or tracking purposes.

2.8 Photos and Camera

The App may request access to your photo library and camera to allow you to:

  • Attach photos to notes via the system photo picker.
  • Scan documents using your device camera (VisionKit).
  • Import PDF files and images, with text extracted via on-device OCR (Apple Vision framework).

All image processing and OCR are performed locally on your device. If a photo is saved to a note, it is compressed and encrypted before being synced to the cloud. Raw photos are never uploaded to any external service other than your own encrypted cloud storage.

2.9 Widget Data (EchoWidget)

Wisen includes a home screen widget (EchoWidget) that surfaces brief content fragments from your notes as memory prompts three times per day. To enable this:

  • A small number of note content fragments (note title, a short text excerpt, and an age label) are written to an Apple App Group shared container on your device. This data is stored locally only — it is never transmitted to our servers.
  • Tapping a widget cell deep-links back into the App via the notez://echo URL scheme.

2.10 Push Notifications

The App may request permission to send you local push notifications as Echo reminders (scheduled at 17:00). These notifications are generated and scheduled entirely on-device — no notification content is sent to our servers. You can disable these at any time in your device’s Settings.

2.11 Usage and Technical Data

We may collect limited technical data to operate and improve the App, including:

  • App crash reports and error logs
  • General usage analytics (e.g., feature interaction counts — not content)
  • Device type and operating system version

This data does not include your note content and cannot be used to identify you personally.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the App and its features
  • Authenticate your identity and secure your account
  • Sync your encrypted notes across your devices
  • Generate AI-powered study questions via the OpenAI API (opt-in)
  • Transcribe voice recordings via Apple’s Speech Recognition framework (opt-in)
  • Track your learning progress and personalise your study sessions
  • Suggest connections between your notes (on-device knowledge graph)
  • Display memory prompts in the EchoWidget and via push notifications
  • Respond to your support requests
  • Detect and prevent fraud, abuse, or security incidents
  • Improve the App’s performance and user experience

We do not sell your personal information. We do not use your data for advertising.

4. Data Sharing with Third Parties

We do not share your personal data with any third party except as described below. We do not integrate with advertising networks, social media trackers, or analytics SDKs that collect personally identifiable information.

4.1 OpenAI

Note text content submitted through the AI Tutor feature is shared with OpenAI, LLC, 3180 18th Street, San Francisco, CA 94110, USA. This is necessary to generate personalised study questions. Only plain text from notes you actively study is transmitted. Photos, drawings, audio, location data, and table data are never sent to OpenAI. OpenAI’s data handling is subject to their own privacy policy.

4.2 Supabase

Encrypted note data, account information, learning progress, gamification data, knowledge graph links, and Echo state are stored using Supabase, a third-party backend-as-a-service provider. Supabase stores data in data centres that comply with industry security standards. Your note content is stored exclusively as encrypted ciphertext that Supabase cannot read.

4.3 Apple Frameworks and Services

The following Apple service involves data leaving your device:

  • SFSpeechRecognizer (Speech framework): Audio is sent to Apple’s servers for transcription when you use the Voice Note feature. Governed by Apple’s privacy policy.

The following Apple frameworks operate entirely on your device:

  • CoreLocation — location access for geo-tagged notes
  • VisionKit / Vision — document scanning and OCR
  • PencilKit — handwriting and drawing
  • NaturalLanguage / NLEmbedding — keyword extraction and knowledge graph
  • PhotosUI (PHPickerViewController) — photo selection
  • MapKit — map display for geo-tagged notes
  • PDFKit — PDF rendering for import
  • WidgetKit / UNUserNotificationCenter — widget and notifications, on-device only

5. Data Storage and Security

5.1 Client-Side Encryption

Your note content is encrypted on your device before it leaves the App. We use AES-256-GCM, a strong symmetric authenticated encryption algorithm. Your encryption key is derived from your password using PBKDF2-SHA256 with 100,000 iterations, with your email address used as the salt. Only you hold the key to decrypt your data.

We operate a zero-knowledge architecture for stored data — even if our servers or Supabase were compromised, your note content would remain unreadable.

⚠️ Important exceptions: Note text sent to the AI Tutor is transmitted as readable text to OpenAI and is not covered by this zero-knowledge guarantee. Voice audio is transmitted to Apple for transcription and is not covered either. Both features are opt-in.

5.2 Keychain Storage

Your encryption key is stored in your device’s system Keychain with the kSecAttrAccessibleWhenUnlockedThisDeviceOnly protection class. The key is never transmitted to our servers and is inaccessible when the device is locked.

5.3 Local Storage

Notes, the knowledge graph, learning history, confirmed links, and deleted item records are stored locally in the App’s Documents directory. Widget echo data is stored in an App Group shared container on your device only. Encryption keys are stored in the device Keychain and are never transmitted to our servers.

5.4 Cloud Storage

Encrypted notes, learning progress, gamification data, confirmed links, deletion tombstones, and Echo rotation state are synced to Supabase. All data is stored as AES-256-GCM encrypted ciphertext. Uploads are skipped when a SHA-256 hash comparison confirms the data has not changed, reducing unnecessary data transfer.

6. Data Retention

We retain your account and encrypted note data for as long as your account is active. If you delete your account, we will permanently delete your account information and all associated cloud-stored data. Deletion is processed through a secure server-side function and is irreversible.

Deleted note tombstones are retained for a limited period (typically 30 days) to enable cross-device deletion sync, after which they are pruned automatically.

Local data stored on your device can be cleared by deleting the App. You may request deletion of your cloud data at any time from within the App under Account Settings > Delete Account.

7. Children’s Privacy

7. Children’s Privacy

Wisen is not directed to children. We do not knowingly collect personal information from children without appropriate parental or guardian consent.

Depending on your location, the following age thresholds apply:

  • European Union / EEA (GDPR Art. 8): Children under the age of 16 may not use the App without verifiable parental or guardian consent. Some EU member states may apply a lower minimum age (no less than 13), but we apply the 16-year threshold as our default for EU/EEA users.
  • United States (COPPA): We do not knowingly collect personal information from children under the age of 13.
  • All other jurisdictions: We do not knowingly collect personal information from children under the age of 13, or a higher age if required by applicable local law.

If we become aware that a child below the applicable age threshold has provided us with personal information without appropriate consent, we will take steps to delete such information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@wisen.fi.

8. Your Rights and Choices

Depending on your jurisdiction (including under GDPR if you are located in the EU/EEA), you may have the following rights:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate data
  • Deletion — Request deletion of your account and associated data
  • Portability — Request your data in a portable, machine-readable format
  • Objection — Object to certain processing of your personal data
  • Restriction — Request that we restrict processing of your data in certain circumstances
  • Withdraw consent — You may opt out of the AI Tutor and Voice Note features at any time, which stops further transmission of your content to OpenAI or Apple Speech Recognition respectively

To exercise any of these rights, please contact us at info@wisen.fi. Because your note content is encrypted and we cannot access it, data access requests will be limited to account-level metadata only.

If you are located in the EU/EEA and believe we have not addressed your concern adequately, you have the right to lodge a complaint with your local data protection authority. In Finland, this is the Office of the Data Protection Ombudsman (tietosuoja.fi).

9. Legal Basis for Processing (GDPR)

If you are located in the EU/EEA, we process your personal data on the following legal bases:

  • Contract (Art. 6(1)(b) GDPR): Account information and encrypted note sync are necessary to perform the service you have requested.
  • Consent (Art. 6(1)(a) GDPR): AI Tutor (OpenAI), Voice Note transcription (Apple Speech), location tagging, photo access, and push notifications are all opt-in features requiring your explicit permission.
  • Legitimate interests (Art. 6(1)(f) GDPR): Limited technical and crash data is processed to maintain and improve the App’s security and performance.

10. International Data Transfers

If you are located outside the United States, your information may be transferred to and processed in the United States (where OpenAI and Supabase infrastructure is located). We ensure these transfers are carried out in accordance with applicable law, including by relying on the standard contractual clauses approved by the European Commission where required.

Apple’s Speech Recognition service may also process audio data in data centres outside your country of residence. Apple’s privacy policy governs these transfers.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via an in-app notice or by email to the address associated with your account. Your continued use of the App after any changes take effect constitutes your acceptance of the updated policy. The “Last Updated” date at the top of this document reflects the most recent revision.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out:

Developer: Daria Lenskaja
Website: wisen.fi
Email: info@wisen.fi

We will respond to all legitimate privacy requests within 30 days.

This policy was last updated on March 11, 2026.