Privacy Policy
Poeia (“the App”) is a creative writing tool developed by Cognitales LLC. It helps poets and writers find emotionally resonant words through AI-assisted suggestions. This Privacy Policy describes what data the App handles, how it is used, and your rights.
By using Poeia you agree to the practices described in this policy. If you do not agree, please do not use the App.
1. Account & Authentication
Poeia requires Sign in with Apple to use the App. When you sign in, Apple provides us with:
- A unique user identifier (Apple “sub”) — used as your account identity. This is an opaque, app-scoped string that Apple generates; it is not your Apple ID.
- Your email address — only if you choose to share it. You may use Apple’s private relay (“Hide My Email”) to receive a unique, random address instead.
- Your name — only if you choose to share it during first sign-in. We do not require it.
This data is stored in a user profile on our servers (hosted on Supabase, a cloud database provider) for the sole purpose of identifying your account, managing your subscription, and enabling account deletion. We do not use it for marketing or advertising.
Sign-in metadata. When you sign in, the App also sends a small amount of technical metadata to our authentication server alongside your sign-in request:
- App version — the version of Poeia you are running (e.g. “1.2.3”), used to diagnose version-specific issues.
- Operating-system version — a general OS identifier (e.g. “iOS 26.0”), used for compatibility and support.
- A fraud-prevention identifier — to protect our sign-in service from abuse, our authentication system may use a fraud-prevention identifier: a random value generated by the App and stored in your device’s iOS Keychain. It is not the IDFA, IDFV, or any hardware-derived or advertising identifier, and it is not used to track you across apps or websites. When used, it serves only to detect and prevent abuse of our sign-in service (for example, automated or fraudulent account creation). It is sent only to our own authentication server, never to advertisers or AI providers, and it is removed when you delete your account.
2. Data Processed Off-Device
To generate word suggestions, Poeia sends each query to a cloud backend operated by Cognitales LLC. Our backend forwards the query to a third-party AI inference provider, returns the suggestions to your device, and briefly logs the request for operational purposes (see Section 6).
What is sent off your device:
- Your seed word or search term.
- Any refinement text you provide (e.g., “but darker”).
- If you have an active poem project, its title and up to 20 of your most recent word selections from that poem — used to tune suggestions to your poem’s tone.
- Your suggestion-count preference and similar request settings.
What is NOT sent to AI providers: your name, email address, Apple user identifier, device identifiers, location, contacts, or photos. Queries sent to the AI inference provider do not contain your identity.
Recipients of off-device data:
- Supabase (database provider) — stores your account profile and subscription status. Hosted on AWS infrastructure.
- Cognitales’ cloud infrastructure (Google Cloud Platform) — hosts the AI proxy used for routing, rate-limiting, and prompt construction.
- Third-party AI inference providers — used to generate the word suggestions. Data sent to these providers is governed by their own privacy and data-handling policies and by data-processing agreements we maintain with them.
We reserve the right to change AI and infrastructure providers at our discretion as the technology evolves. Material changes to the categories of data we send, the purposes of processing, or our retention practices will be reflected in a published update to this policy.
3. Data Stored on Your Device
The following data is stored locally on your device only using Apple’s SwiftData framework. It is not uploaded to our servers.
- Poem projects — titles and creation dates for your poem workspaces.
- Word selections — words you save, with their definitions and the poem they belong to.
- Query history — your past search terms and refinements, for easy re-use.
- Preferences — settings such as result count, theme, and cached subscription tier, stored via UserDefaults.
- Authentication tokens — session credentials for your signed-in account, stored in the iOS Keychain (encrypted, hardware-backed).
4. Data We Do NOT Collect
- No advertising identifiers. We do not collect the IDFA, IDFV, or advertising identifiers, and we do not use any identifier to track you across other companies’ apps or websites. The only device-stored identifier our sign-in system may use is the random fraud-prevention identifier described in Section 1 — generated by the App, kept in your device Keychain, and used exclusively for abuse prevention, never for advertising or tracking.
- No analytics or tracking. The App contains no analytics SDKs, advertising frameworks, crash reporters, or usage telemetry. We do not track you across apps or websites.
- No location data. The App does not access your location.
- No contacts or photos. The App does not read your address book or photo library. (The App can save images you create to your Photos library at your request, but does not read from it.)
- No poem content on our servers. Your poems, word collections, and query history remain on your device. We never upload your creative content.
5. Third-Party Data Sharing
We do not sell your data. We do not share your data with third parties for advertising or marketing purposes. Off-device data transfers are limited to those described in Sections 1 and 2: account management (Supabase) and the word-suggestion queries sent to our cloud proxy and AI inference providers, operating on our behalf under data-processing agreements.
We may disclose data if required to do so by law, a valid legal process, or to protect the rights, property, or safety of Cognitales, our users, or others.
6. Data Retention & Deletion
On your device: All locally-stored data (poems, word selections, query history) is removed when you delete the App. Authentication tokens stored in the iOS Keychain may persist after app deletion depending on your iOS version; signing out before uninstalling clears them.
Account data on our servers: Your profile (Apple user identifier, optional email) and subscription record are retained for as long as your account exists. When you delete your account (see Section 7), this data is permanently removed.
Operational logs: Logs of API requests are retained for no longer than 90 days for security, debugging, abuse-prevention, and rate-limit enforcement. After that window they are automatically expired.
At third-party providers: Data forwarded to third-party AI inference providers is subject to those providers’ own data-retention policies and the data-processing agreements we maintain with them.
7. Account Deletion
You can delete your Poeia account at any time:
- In the App: Open Settings → Account Management → Delete Account. You will be asked to re-authenticate with Face ID or Touch ID (via Apple). Upon confirmation, your Apple token is revoked and your server-side profile is permanently deleted.
- Without the App: If you no longer have access to the App, visit poeia.app/delete-account or email support@cognitales.com to request account deletion. We will process requests within 30 days.
Account deletion removes your profile and subscription record from our servers. It also purges the fraud-prevention identifier described in Section 1 — the random device value is cleared from both your account profile and our fraud-prevention records, so it does not persist after your account is deleted. Poems and word collections stored on your device are not affected — they remain until you uninstall the App.
8. Subscriptions
Poeia offers optional paid subscriptions (“Poeia Premium”) managed entirely through Apple’s App Store in-app purchase system. We store a record of your subscription status (product identifier, expiration date) on our servers to enforce entitlements. We do not have access to your payment information — all billing is handled by Apple.
9. Children’s Privacy
Poeia is not directed at children under 13 and we do not knowingly collect personal information from children under 13. The App is intended for general audiences who can use a creative writing tool appropriately.
10. Security
All communication between the App and our servers, and between our
servers and our processors, uses encrypted HTTPS/TLS connections.
Requests to our backend are authenticated with user-scoped tokens,
rate-limited, and audited for abuse. Authentication tokens stored on
your device use iOS Keychain protection (kSecAttrAccessibleWhenUnlockedThisDeviceOnly), meaning they are encrypted at rest and accessible only while the
device is unlocked.
No system is perfectly secure. We use industry-standard practices and continually review our controls, but cannot guarantee absolute security of data transmitted over the internet or stored on any device.
11. International Users
Our cloud infrastructure and AI inference providers may process data in the United States or other countries where our providers operate. By using the App you understand that your data may be transferred to and processed in jurisdictions whose data-protection laws may differ from those of your country of residence.
12. Changes to This Policy
We may update this Privacy Policy from time to time. The “Effective Date” at the top reflects the most recent revision. Material changes will be noted in the App’s release notes. Continued use of the App after a material change constitutes acceptance of the updated policy.
13. Contact Us
If you have questions about this Privacy Policy, contact us:
Cognitales LLC
Email:
support@cognitales.com