Privacy Policy

EzyReader  ·  Last updated: May 2026

EzyReader ("we", "our", or "the app") is developed by MdaStudio (independent developer). This policy explains what data we collect, how we use it, and your rights.

1. Data We Collect

• Email address — collected when you create an account, used solely for authentication and account recovery.
• Reading content — text from the chapters you are currently reading is sent to Anthropic's servers to power Aura AI features (summaries, explanations, glossary, quiz, chat). This text is processed and is not stored by Anthropic beyond the duration of the request.
• Highlights and notes — stored on our servers (Supabase) so you can access them across devices. These are linked to your account and are not shared with third parties.
• Uploaded files — books, PDFs, and documents you upload are stored in private storage accessible only to your account. We do not browse or share user-uploaded content.
• Purchase information — managed entirely by Google Play or Apple App Store. We receive only a confirmation of your subscription status; we never see your payment card details.
• Advertising and Device Identifiers — On the free tier of the app, we display advertisements. Google AdMob may collect and use your device's advertising identifiers (Google Advertising ID on Android and IDFA on iOS) along with basic device information to serve and measure ads. You can manage your preferences at any time via the privacy settings in the app or your device settings.
• Device fingerprint (anti-abuse) — a non-personal device hash is recorded when you redeem the free trial, to prevent multi-account trial abuse. Not used for tracking or advertising.
• Copyright notice metadata — when a takedown notice is filed via our copyright form, we record the reporter's contact, the IP address of the submission, and the content claimed. This is retained for legal compliance under DMCA §512(c) and EU DSA art. 16.

2. Voice Input

EzyReader includes an optional speech-to-text feature. When activated, the app requests microphone access to transcribe your voice into text. Audio is processed on-device by your device's speech recognition service (Google Speech Recognition on Android) and is not recorded, stored, or transmitted to our servers.

3. Data We Do NOT Collect

• Location data
• Contacts or address book
• Audio recordings (microphone input is processed on-device only — see section 2)
• Photos or camera (except the optional scanner feature, which processes images locally and sends them to Anthropic only when explicitly activated)
• Device identifiers beyond what is required for in-app purchases and advertising (see section 5)

4. Third-Party Services

• Supabase — backend infrastructure (authentication, database, file storage). Supabase Privacy Policy
• Anthropic — AI processing for Aura features. Chapter text is sent to Anthropic's API for processing and is not retained. Anthropic Privacy Policy
• Google AdMob — Advertising network used to deliver banner and rewarded ads to free users. How Google uses ads data  ·  Google Privacy Policy
• Resend — transactional emails (support, copyright notices, account confirmations). Resend Privacy Policy
• Google Play — in-app purchases and subscription management on Android. Google Privacy Policy
• Apple App Store — in-app purchases and subscription management on iOS. Apple Privacy Policy

5. Advertising (Free Tier)

Free-tier users see two types of advertisements served by Google AdMob: a small banner at the bottom of selected screens, and an optional rewarded video that can be watched to unlock an additional AI call when the daily free quota is exhausted. Premium subscribers do not see any advertisements.

• Data shared with AdMob. Google AdMob receives your advertising identifier (Android Advertising ID / Apple IDFA), approximate device type, IP-derived approximate location, and the ad event (impression, click, reward earned). AdMob uses this data to serve relevant ads and prevent fraud. Reference: data collected by AdMob.
• Personalised vs non-personalised ads. By default the app requests non-personalised ads, which use only contextual signals (no behavioural profiling). If you reside in the EU/UK or another regulated region, the app shows a consent screen on first launch (Google's User Messaging Platform) where you can choose to refuse personalised advertising with one tap. Your choice is respected on every subsequent ad request.
• Reset your advertising ID. You can reset or disable your advertising identifier at any time from your device settings:
  • Android: Settings → Google → Ads → Reset advertising ID or Delete advertising ID
  • iOS: Settings → Privacy & Security → Apple Advertising → turn off "Personalised Ads"; or Settings → Privacy & Security → Tracking → turn off "Allow Apps to Request to Track"
• Server-side reward verification. When you finish watching a rewarded video, Google sends our server a signed callback confirming the view. The callback contains only an opaque ticket identifier (a random UUID we generated) — it does not contain any personal data about you.
• No advertising profiles built by us. EzyReader itself does not build advertising profiles, does not share your reading content with AdMob, and does not link advertising IDs to your account email or other identifiers.
• EU/UK consent revocation. You can change your advertising consent choices at any time from Settings → Privacy → Advertising preferences inside the app, which re-opens the Google UMP consent dialog.

6. How We Use Your Data

• To provide and maintain the app (authentication, sync of highlights and notes)
• To power Aura AI features on the content you choose to analyse
• To manage your subscription and verify premium access
• To send you support responses when you contact us
• To serve advertisements to free-tier users (see section 5)
• To process copyright notices and enforce our content policies

7. Data Retention

Your account data (email, highlights, notes, uploaded files) is retained until you delete your account. You can delete your account at any time from Settings → Danger Zone → Delete Account. Upon deletion, all associated data is permanently removed within 30 days. Copyright takedown records are retained for 3 years for legal compliance. Device fingerprints used for trial anti-abuse are retained for 12 months.

8. Children's Privacy

EzyReader is not directed at children under 13. We do not knowingly collect personal data from children under 13. Advertisements served by AdMob are configured to comply with the Google Families Policy and applicable child-protection regulations (COPPA in the US, GDPR-K in the EU). If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

9. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data (GDPR for EU users, CCPA for California). To exercise these rights, contact us at support@mdastudio.dev. For advertising-related choices, see section 5.

10. Security

We use industry-standard measures to protect your data. Authentication is handled by Supabase, which uses secure token-based sessions. No passwords are stored in plain text. Uploaded files are kept in private storage with per-user access control (Row Level Security).

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated through an in-app notice. The "Last updated" date at the top of this page always reflects the current version.

12. Contact

• Privacy / general: support@mdastudio.dev
• Copyright / DMCA / abuse: abuse@mdastudio.dev  ·  copyright form
• DMCA Agent (US Copyright Office): Registration No. DMCA-1073312 (MdaStudio)