← Back

Privacy Policy

Last updated: 2026-05-19

This Privacy Policy explains how Manualo ("Manualo", "we", "us", "our") collects, uses, stores, shares, and protects personal data when you use the Manualo mobile app and the manualo.app website (together, the "Service"). We act as the data controller for the personal data described below.

Manualo is operated from the United Arab Emirates. This policy is written to comply with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the "UAE PDPL") and is intended to satisfy equivalent requirements under the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) where they apply to you.

1. Data we collect

We collect only what we need to provide the Service:

  • Account identifiers — an opaque user ID, plus either an Apple Sign In relay address or the email address and password hash you provide.
  • Profile — optional display name, birthday (date only, used for age-appropriate content), chosen avatar, daily-goal preference, notification preference.
  • Your library — bookmarked cards, custom playlists, saved highlights, course/lesson progress, streak history.
  • Purchase records — subscription tier and renewal state derived from Apple's StoreKit receipt. We do not see your payment card or Apple ID password.
  • Diagnostics — aggregated, anonymised crash and performance reports delivered by Apple's MetricKit if you have shared analytics with Apple in iOS Settings.

We do not collect contacts, photos, microphone audio, precise location, advertising identifiers (IDFA), or persistent device fingerprints. We do not use third-party advertising or marketing SDKs.

2. Why we collect it (purposes & legal basis)

  • Operate the Service — sign you in, store your library, deliver content. Legal basis: performance of our contract with you (UAE PDPL Art. 4; GDPR Art. 6(1)(b)).
  • Bill and manage subscriptions — verify your subscription state via Apple. Legal basis: contract.
  • Improve the Service — diagnose crashes and slow paths from anonymised reports. Legal basis: legitimate interest (and your iOS-level consent to share analytics with Apple).
  • Communicate with you — respond to support emails. Legal basis: legitimate interest.
  • Comply with the law — respond to lawful requests from UAE authorities or your local jurisdiction. Legal basis: legal obligation.

3. Third-party processors

We use a small number of established providers to operate the Service. Each is bound by a data-processing agreement and processes data only on our instructions. Your data is never sold and never shared for advertising.

  • Apple Inc. — Sign in with Apple, App Store, in-app purchases, MetricKit diagnostics. Apple Privacy Policy: apple.com/legal/privacy.
  • Supabase Inc. — authentication and user-data hosting (PostgreSQL). Region: EU (Ireland). Privacy: supabase.com/privacy.
  • Cloudflare, Inc. — content delivery (R2 storage for course images and audio, edge CDN for manualo.app). Privacy: cloudflare.com/privacypolicy.
  • Vercel Inc. — hosting for the manualo.app marketing and legal pages. Privacy: vercel.com/legal/privacy-policy.

We do not use Google Analytics, Meta Pixel, Firebase Analytics, Mixpanel, Amplitude, or any other third-party analytics or advertising SDK in the app.

4. International data transfers

Our service providers store and process data outside the UAE: Supabase data lives in Ireland (EU); Cloudflare and Apple operate globally. Under UAE PDPL Art. 22 and Art. 23, such transfers are made on the basis that the destination jurisdiction provides an adequate level of protection, or under contractual safeguards equivalent to the UAE Data Office's requirements. You can request copies of these safeguards by emailing us.

5. How long we keep it

We retain account and library data for as long as your account is active. If you delete your account from inside the app (Settings → Account → Delete Account) we remove your authentication row and all linked personal data within 30 days, except where retention is required by law (for example, tax or fraud-prevention records linked to a purchase, which we keep for the period required by the applicable authority). Anonymised, aggregated diagnostics are kept indefinitely as they no longer identify you.

6. Your rights

Under the UAE PDPL (and GDPR / CCPA where applicable) you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data (the in-app Delete Account flow exercises this right).
  • Restrict or object to certain processing, including automated decisions.
  • Receive your data in a portable, machine-readable format.
  • Withdraw any consent you have given, without affecting the lawfulness of processing already carried out.
  • File a complaint with the UAE Data Office (uaedataoffice) or your local supervisory authority.

To exercise any of these rights, email hello@manualo.app. We respond within 30 days as required by Art. 13 of the UAE PDPL.

7. Security

We encrypt data in transit using TLS 1.2 or higher, and at rest using AES-256 on the storage layer. Access to production data is limited to authorised personnel and logged. Authentication uses short-lived access tokens and rotating refresh tokens stored in the iOS Keychain. No system is perfectly secure, so we cannot guarantee absolute security, but we take reasonable and industry-standard measures consistent with UAE PDPL Art. 20.

8. Children

Manualo is not directed to children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at hello@manualo.app and we will delete it.

9. Changes to this policy

If we make material changes we will update the date at the top and, for changes that materially affect your rights, we will surface an in-app notice on next launch. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

10. Contact

For any privacy question, request, or complaint, email hello@manualo.app.