Privacy Policy

1. Overview

Anato (“Anato”, “we”, “our”, “the app”) is an educational anatomy learning app operated by Anato Limited, a private limited company registered in Hong Kong (registered address: Flat B, 21/F, Yen Kung Mansion, Kam Din Terrace, No. 1 Tai Mou Avenue, Taikoo Shing, Hong Kong). This policy explains what personal data we collect, why, how we use it, and the choices you have.

Anato is an educational product and does not provide medical advice, diagnosis, or treatment.

2. Who this policy covers

Anato is intended for users aged 13 and older. Users who indicate they are under 13 are blocked from creating an account at onboarding and no account data is stored for them.

If you are between 13 and the age of digital consent in your jurisdiction (for example, 16 in parts of the EU/UK), we recommend using Anato with a parent or guardian's awareness.

3. What we collect

3.1 Account information

• Email address (required for sign-up and sign-in)
• Display name / username
• Optional profile fields you choose to provide (e.g. avatar, league opt-in)
• Authentication provider identifier if you sign in with Google (a Google-issued user ID; we do not receive your Google password)

3.2 Learning and usage data

• Lesson progress, quiz answers, accuracy, session history
• Spaced repetition (FSRS) scheduling state
• XP, streaks, energy, in-app currency balances, achievements
• Friends list and weekly league membership
• Crash and diagnostic events generated by the app at runtime

3.3 Subscription data

• Whether you have an active Pro or Family subscription (status only — purchase and billing are processed by Apple via the App Store; we do not receive your payment card details)

3.4 Advertising data

We display ads from Google AdMob between lessons to keep Anato free for non-subscribers. Depending on your choices, AdMob may collect:

• Advertising identifier (IDFA on iOS / Ad ID on Android) — only if you grant permission via the Apple App Tracking Transparency (ATT) prompt on iOS, or do not opt out on Android
• Ad interaction data (impressions, clicks)
• General device information (model, OS version, language, coarse location inferred from IP for ad serving)

If you decline ATT on iOS (or opt out on Android), AdMob serves non-personalized ads based on contextual signals only. In regions where the GDPR or UK GDPR applies, we also show a Google User Messaging Platform (UMP) consent form on first launch to collect the legal basis for advertising.

Google's processing of this data is governed by the Google Privacy Policy and Google's advertising policies. We do not sell this data.

4. What we do NOT collect

• We do not collect your contacts, address book, photos, camera feed, microphone, or precise location
• We do not sell personal data to data brokers
• We do not use cross-app tracking SDKs beyond the AdMob behavior described above
• We do not collect health data or biometric identifiers

5. How we use your data

• Deliver the learning experience (progress tracking, spaced repetition, camera targeting)
• Manage your account, subscription, and preferences
• Show weekly leaderboards (displays username and weekly XP only)
• Serve ads to non-subscribers and measure their delivery (Google AdMob)
• Diagnose crashes and improve reliability
• Comply with legal obligations (tax, accounting, fraud prevention)

6. Third-party service providers

We share the minimum data required with the following processors:

Your data may be transferred to and processed in countries outside your home jurisdiction (for example, the United States). Where required, these transfers are protected by standard contractual clauses or equivalent safeguards.

7. Your choices and rights

Depending on your jurisdiction (GDPR, UK GDPR, CCPA, Hong Kong PDPO and others), you may have the right to:

• Access the personal data we hold about you
• Request correction or deletion
• Withdraw consent for advertising (via iOS Settings → Privacy & Security → Tracking, or Android Settings → Privacy → Ads)
• Object to certain processing
• Lodge a complaint with your local data protection authority

You can delete your account and all associated data at any time from Settings → Profile → Delete Account. This removes your progress, streaks, currency, friendships, and subscription records from our systems.

8. Data retention

• Account + learning data: retained until you delete your account
• Revlog (answer history): retained for FSRS parameter optimization; anonymized after account deletion
• Crash logs: retained for up to 90 days
• Advertising data: retained by Google per AdMob's retention policy

9. Security

Data is stored on Supabase (hosted on AWS) with row-level security policies. All traffic between the app and our servers uses HTTPS (TLS 1.2+). Authentication credentials are hashed and salted by Supabase.

10. Children

Anato does not knowingly collect personal information from children under 13. Our onboarding age gate blocks under-13 users from creating accounts. If we become aware that we have inadvertently collected data from a user under 13, we will delete it. Parents or guardians who believe their child under 13 has provided data to Anato may contact us at the address below.

11. Changes

We may update this policy as Anato evolves. Material changes will be announced in-app. The “Last updated” date at the top of this policy reflects the most recent revision.

12. Contact

Anato Limited
anatoapplication@gmail.com

For data-access, correction, or deletion requests, email the address above with “Privacy Request” in the subject line. We will respond within 30 days.