Privacy Policy

Last updated: August 18, 2025

This Privacy Policy explains how OST Studio (“Alimonyfy,” “we,” “us,” or “our”) collects, uses, and shares information about you when you use our mobile app, website, and related services (the “Services”).

If you do not agree with this Policy, please do not use the Services.

1) Who we are & how to contact us

• Controller: OST Studio
• Email: support@oststudio.dev

2) What we collect (by design, we don’t see your case content)

Because Alimonyfy uses end-to-end encryption (E2EE), the case data you enter (numbers, notes, attachments, generated documents kept in-app) is encrypted on your device before it leaves your device; we cannot decrypt or view it on our servers. Only your signed-in devices hold the keys. This aligns with industry definitions of E2EE/“zero-access” encryption — data is encrypted such that the service cannot read it.

For an overview of our security posture and E2EE model, see our Data Protection statement.

3) Why we process your information (legal bases)

Where applicable (e.g., under GDPR/UK GDPR), we rely on:

• Contract – to provide and support the Services (account, entitlements, sync).
• Legitimate interests – to keep Services secure, measure aggregate usage (content-free), prevent abuse, and improve reliability (balanced against your rights).
• Consent – where required (e.g., optional marketing or certain analytics settings, if enabled in-app).
• Legal obligations – to comply with law, tax, accounting, and respond to lawful requests.

4) How we use information

• Provide, maintain, and secure the Services
• Manage subscriptions and entitlements
• Monitor reliability and diagnose issues (without reading your encrypted content)
• Communicate about updates, security, and changes to this Policy
• Comply with law

We do not use your encrypted content for advertising or model training, and we do not sell or share personal information for cross-context behavioral advertising as defined under California law.

5) When we share information

We share limited data with service providers acting as processors (see §2) under contracts that require them to protect your data and use it only per our instructions. We may also disclose information to comply with law, protect rights and safety, or as part of a corporate transaction. We cannot disclose encrypted case content because we cannot decrypt it (that is the nature of E2EE).

6) Your rights

U.S. state privacy laws (e.g., CA/CPRA): rights to know/access, delete, correct, portability; opt-out of sale/share of personal information; limit use/disclosure of sensitive personal information; and freedom from discrimination for exercising rights. If applicable, you may use an authorized agent and we will verify requests. We state here that we do not sell or share personal information for cross-context behavioral advertising.

How to exercise your rights: Email support@oststudio.dev with “Privacy Request” in the subject or use in-app Settings → Privacy. We will verify your request and respond within the time required by law.

7) Security

We use defense-in-depth security and E2EE for your case content (servers store only ciphertext; keys stay with your devices). Transport is additionally protected by TLS. You are responsible for safeguarding your devices and recovery secrets. Note: in true zero-access designs, providers cannot recover your keys if you lose them (compare, for example, 1Password’s Secret Key model).

8) Data retention

We keep personal information only as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Encrypted case content remains on our servers only as encrypted data tied to your account; if you delete your account, associated encrypted content scheduled for deletion is removed following our standard retention/ purge cycles.

9) Third-party links and apps

The Services may link to third-party sites/apps. Their privacy practices govern their handling of your information. For transparency, examples of vendors we may use and their notices:

• Firebase (Google) – core infrastructure and storage we use to run the Service. This includes hosting and backend functions, authentication (if enabled), and data/file storage. Case content is protected with end‑to‑end encryption; our servers store only ciphertext. Firebase acts as our processor under Google’s data processing terms and privacy policies.
• RevenueCat – subscription infrastructure acting as our processor.
• Amplitude (if enabled) – analytics/experiments under our instructions and data-processing terms.
• Sentry – error monitoring and performance diagnostics to improve reliability; configured to avoid capturing sensitive content.

10) Do Not Track & Global Privacy Control (GPC)

Your browser may send “Do Not Track” or opt-out preference signals (e.g., GPC). Where legally required and technically feasible, we treat applicable opt-out preference signals as requests to opt-out of “sale”/“sharing.”

11) Changes to this Policy

We may update this Policy from time to time. We’ll post the updated version here and, if changes are material, notify you in-app or by email.

12) Contact

Questions or requests?
OST Studio
support@oststudio.dev