Privacy Policy

Last Updated: February 26, 2026

Introduction

Lexiom ("we", "our", or "the app") is a vocabulary acquisition app that helps you learn words and phrases through AI-enriched flashcards and spaced repetition. This Privacy Policy explains how we collect, use, and safeguard your information.

Privacy-First Design: Lexiom uses anonymous, per-device authentication. We do not collect your name, email address, or any personally identifiable information. You never need to create an account or sign in.

Information We Collect

1. Anonymous Device Identifier

When you first use the app, we generate a random, anonymous device identifier stored securely in your device's Keychain. This identifier:

Contains no personal information: It is a randomly generated string that cannot be traced back to you.
Is used for authentication: It allows our backend to verify requests and enforce rate limits without knowing who you are.
Is verified cryptographically: We use Apple's AppTransaction API to verify that requests come from a legitimate copy of the app.

2. Vocabulary Data

The words, phrases, and sentences you add to Lexiom are stored locally on your device using Apple's SwiftData framework.

iCloud Sync: If you have iCloud enabled, your card data (including AI-generated definitions, examples, and audio) syncs across your devices via Apple's CloudKit. This data is stored in your personal iCloud account and is governed by Apple's Privacy Policy.
We do not store your cards: Your vocabulary data is never stored on our servers. It exists only on your devices and in your iCloud account.

3. Text Sent for AI Processing

To enrich your flashcards, we send the words and phrases you add (and optional context sentences) to our backend server, which forwards them to AI services:

Enrichment (Google Gemini): Your word/phrase and optional context sentence are sent to Google's Gemini API to generate definitions, example sentences, cloze deletions, and morphology hints. No personal data is included in these requests.
Pronunciation (OpenAI TTS): The headword and example sentence text are sent to OpenAI's text-to-speech API to generate pronunciation audio. No personal data is included.
Transient processing: Text is processed in real-time and is not stored on our servers or by the AI providers beyond their standard processing.

4. Subscription Data

Payments: All subscription transactions are processed directly by Apple via StoreKit 2. We do not process or store credit card information.
Entitlement tracking: We check your subscription status locally using Apple's StoreKit APIs to determine whether you have access to premium features.

5. Crash Reports

We use Sentry for crash reporting in release builds. Crash reports contain:

Device model, OS version, and app version
Stack traces and error messages
No personal data: Crash reports do not contain your vocabulary, card content, or any identifying information.

6. Share Extension & OCR

Lexiom includes a Share Extension that can extract text from screenshots using Apple's on-device Vision framework.

Fully on-device: OCR processing happens entirely on your device. No images are uploaded to any server.
Extracted text: The recognized text is passed to the main app for adding as a new card. It follows the same processing path described above.

Third-Party Services

Google AI (Gemini)

Data processed: Word/phrase text and optional context sentences for flashcard enrichment.
No personal data: Only vocabulary learning content is sent.
Privacy: Processed under Google's Cloud AI terms. Not used to train models.

OpenAI (Text-to-Speech)

Data processed: Short text strings (headwords and example sentences) for pronunciation audio generation.
No personal data: Only vocabulary text is sent.
Privacy: Processed under OpenAI's API terms.

Apple (iCloud & StoreKit)

iCloud: Card data and audio sync through your personal iCloud account.
StoreKit: Subscription payments handled entirely by Apple.

Cloudflare (Backend Infrastructure)

Our backend runs on Cloudflare Workers. It acts as a secure proxy between the app and AI services, holding API keys so they never appear on your device.
No persistent storage of user data: The backend processes requests in real-time and does not maintain a database of user content.

Sentry (Crash Reporting)

Release builds only: Crash reporting is disabled in debug builds.
Anonymous: Reports contain technical diagnostics only, no user content.

How We Use Your Information

Service provision: To generate AI-enriched flashcards and pronunciation audio for the words you add.
Rate limiting: To prevent abuse of our AI processing services using anonymous device identifiers.
App stability: To identify and fix crashes using anonymous crash reports.

Data Retention & Deletion

Retention

Card data: Stored on your device and in your iCloud account. We do not retain copies.
AI requests: Processed in real-time and not stored on our servers.
Crash reports: Retained by Sentry for 90 days for debugging purposes.

Data Removal

You have full control over your data:

In-App deletion: Go to Settings → Delete All Data to permanently remove all cards and audio from your device and all synced devices.
iCloud: Deleting data in the app removes it from iCloud sync as well.
Device identifier: Deleting the app removes the Keychain-stored device identifier. Reinstalling generates a fresh one.

Data We Do NOT Collect

                Names, email addresses, or phone numbers
Location data
Browsing history or tracking data
Contacts or address book data
Photos or camera data (OCR is on-device only)
Advertising identifiers

            

Security Measures

Encryption: HTTPS/TLS for all network communication.
JWT authentication: Per-device tokens with 24-hour expiry, verified via Apple's AppTransaction.
Keychain storage: Sensitive tokens stored in iOS Keychain (hardware-encrypted).
Rate limiting: Per-device limits to prevent abuse (100 requests/hour).
No API keys on device: All third-party API keys are stored securely on our backend.

Children's Privacy

Lexiom is not intended for use by children under the age of 13. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last Updated" date at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: app.thedifferential@gmail.com
Developer: The Differential

By using Lexiom, you consent to this Privacy Policy.