Antik
中文English

Antik Privacy Policy

Effective Date: 15 Feb 2026
Last Updated: 15 Feb 2026

0. Overview

Antik is an offline-first learning app that helps you build AI-assisted knowledge frameworks. Your frameworks, nodes, and study records are stored locally on your device by default. Optional sign-in enables cloud sync across devices. This Privacy Policy describes what data we collect, how we use and share it, and your rights. It applies to the Antik website, mobile apps, and related services (collectively, the “Services”).

1. Scope and Legal Basis

1.1 Scope of Application

This Policy covers every Antik user, including account holders, visitors, beta testers, educational organisations, and enterprise clients. Where a feature presents an in-product privacy notice, that notice and this Policy apply together.

1.2 Legal Basis

We process data in accordance with applicable laws such as the PRC Personal Information Protection Law (PIPL), the EU General Data Protection Regulation (GDPR), U.S. state privacy statutes, and other regional requirements. We follow the principles of legality, transparency, necessity, and proportionality.

1.3 Enterprise and Education Customers

If you deploy Antik on behalf of an organisation, we may sign supplementary agreements that detail bespoke data protection obligations. Those agreements work alongside this Policy.

2. Personal Data We Collect

2.1 Account and Identity Data

Email address, nickname or real name, optional avatar, preferred language, third-party login identifiers, subscription tier, time zone.

2.2 Usage and Log Data

Feature usage and engagement metrics, page views, search queries, learning duration, flashcard activity, crash reports, performance telemetry, referral channels, and diagnostic logs.

2.3 Learning Content (Local-First)

Your frameworks, mind maps, knowledge nodes, tags, notes, review feedback, and study records are stored locally on your device in the first place. When you sign in, we may sync this content to the cloud for cross-device access. AI prompts and responses are processed via our backend when you use AI features (e.g., framework initialization, node expansion).

2.4 Payment and Transaction Data

Order IDs, subscription status, invoices, refund requests, promotions, and receipts handled by Apple, Stripe, RevenueCat, or other payment processors. We never store full card numbers or CVV codes.

2.5 Technical and Device Data

Device model, operating system, browser details, IP address (for security and localisation), network status, mobile device identifiers, app version, cookie identifiers.

2.6 Communications and Support Records

Emails, support tickets, feedback forms, product surveys, interview notes, and related attachments.

2.7 Compliance and Security Data

Identity verification materials, authorisations, audit logs, and risk-control data required to satisfy legal or regulatory obligations.

3. How We Use Personal Data

| Data Type | Purpose | Legal Basis | | ---------------- | ------------------------------------------------------------------ | -------------------------------------------- | | Account data | Provision of the Services, authentication, display preferences | Contract performance | | Usage data | Analytics, product optimisation, troubleshooting | Legitimate interest | | Learning content | Knowledge structuring, reminders, cross-device sync, AI generation | Contract performance; consent where required | | Payment data | Billing, invoicing, fraud detection, regulatory reporting | Contract performance; legal obligation | | Technical data | Security monitoring, compatibility, anti-abuse controls | Legitimate interest; security obligation | | Communications | Handle support requests, improve service quality | Contract performance or legitimate interest | | Compliance data | Identity verification, legal investigations, regulatory response | Legal obligation |

4. How We Share Personal Data

4.1 Service Providers

We engage trusted vendors under data protection agreements, including:

  • Supabase (cloud database and authentication; used when you sign in for sync)
  • RevenueCat, Apple (in-app subscriptions and payments)
  • Cloudflare Workers (backend API for AI generation and subscription checks)
  • Third-party AI providers (for knowledge node and expansion generation)

4.2 Legal and Regulatory Requests

We may disclose data in response to lawful requests from courts, regulators, or law enforcement, providing only the minimum information required and notifying you where allowed.

4.3 Business Transfers

If Antik undergoes a merger, acquisition, asset sale, or reorganisation, we will require the successor to honour equivalent privacy commitments and will notify you when feasible.

4.4 Aggregated and De-identified Data

We may aggregate or anonymise information for analytics, research, or public reporting. Such data cannot identify an individual.

5. Cross-Border Data Transfers

When personal data crosses borders, we implement safeguards such as standard contractual clauses, encryption, data minimisation, and local regulatory filings where applicable. Recipients must guarantee protection levels consistent with this Policy.

6. Retention and Deletion

6.1 Retention Periods

  • Local data: Frameworks, nodes, and study records on your device remain until you delete them or clear app data. Export options are always available.
  • Account data (cloud): retained for the account lifetime and 12 months after deletion unless legal obligations require longer retention.
  • Transaction records: retained 5–10 years in accordance with tax and accounting laws.
  • Logs and diagnostics: typically retained for up to 18 months to maintain security and service quality.

6.2 Deletion Requests

Request deletion through in-app settings or by emailing parafzx@gmail.com. We will verify your identity and respond within 30 calendar days (extendable to 60 days with notice). Data in encrypted backups may persist for up to 90 days but is isolated from production systems.

6.3 Exceptional Circumstances

We may retain certain data to resolve disputes, comply with investigations, enforce agreements, or prevent fraud and abuse.

7. Your Privacy Rights

You may exercise the rights to access, rectify, delete, restrict processing, port data, withdraw consent, and lodge complaints. To do so:

  1. Navigate to “Settings → Privacy” within the product; or
  2. Email parafzx@gmail.com with sufficient identity verification.

We will respond within the statutory timeframe. If you believe your rights were not respected, contact your supervisory authority.

8. Local Storage and Cookies

In the mobile app, we use local storage (e.g., SQLite, AsyncStorage) to store your frameworks, nodes, study records, and preferences. This data stays on your device; cloud sync occurs only when you sign in. You can clear local data via Settings or by signing out.

On the website, we use essential and functional cookies for sessions and language preferences. You can adjust browser settings to block cookies; some features may be limited.

9. AI and Automated Decisions

Antik leverages AI to generate recommendations and reminders. AI outputs are advisory and do not constitute automated decisions with legal or similarly significant effects. You are responsible for reviewing and editing outputs to ensure accuracy.

10. Marketing Communications

We may send product updates, learning resources, or event invitations. You can unsubscribe via the email footer or in-app settings. Critical notifications (security alerts, billing, terms changes) will continue regardless of subscription status.

11. Third-Party Sites and Services

Our Services may contain links or integrations to third parties. Their privacy practices are governed by their own policies. Evaluate risks independently before sharing data with them.

12. Data Security

12.1 Technical Safeguards

We employ HTTPS/TLS encryption, access controls, least-privilege frameworks, audit logs, vulnerability assessments, encryption at rest (where feasible), backups, and disaster recovery plans.

12.2 Organisational Measures

Employees undergo privacy training and sign confidentiality undertakings. We enforce role-based access, maintain incident response playbooks, and commission independent audits or penetration tests.

If a data incident occurs, we will assess the impact, mitigate harm, and notify affected users and regulators as required by law.

13. Children’s Privacy

We do not knowingly collect personal data from children under 13. For educational deployments, schools or parents must secure the necessary consent and provide ongoing supervision. Upon discovering unauthorised child data, we will delete it promptly and notify the guardian.

14. International Disclosures

  • EU/UK Residents: You have GDPR rights (access, rectification, erasure, restriction, portability, objection). You may file a complaint with your local supervisory authority.
  • California Residents: Under CCPA/CPRA, you may request access, deletion, and opt out of “selling or sharing” personal information. Antik does not sell personal data; if sharing occurs, opt-out choices are provided.
  • Other Regions: We comply with relevant local privacy laws. Contact us for region-specific provisions.

15. Contact Information

  • Email: parafzx@gmail.com
  • Mailing Address: Please email us to obtain the latest postal address
  • Data Protection Lead: Antik Legal & Compliance Team

16. Document Control

| Version | Date | Summary | | ------- | ---------- | ------------------------------------------------------------------------- | | 1.0.0 | 1 May 2025 | Initial publication | | 2.0.0 | 8 Nov 2025 | Comprehensive revision covering AI, cookies, and international compliance | | 2.1.0 | 15 Feb 2026| Updated for offline-first architecture; clarified local storage and sync |

17. Questions or Complaints

For privacy-related questions, feedback, or complaints, email parafzx@gmail.com. We respond within the timelines permitted by applicable law.