1. Scope and roles
This policy covers the yabt extension, website, and managed AI service. Supabase hosts authentication and quota data; Cloudflare runs the edge gateway and dictionary CDN; Creem acts as Merchant of Record for payment, tax, and refunds.
2. When reading content is processed
Local dictionary lookup stays between your device and the dictionary CDN cache and does not upload page context. Only an explicit context explanation, selection explanation, paragraph translation, or voice question sends the target, document outline, and a bounded nearby window through yabt’s gateway for AI inference. Whole pages are not sent by default.
AI Gateway prompt and response content logging is disabled. Model, token, cost, timing, and technical metadata that excludes page text may still be recorded for quotas, reliability, and cost control.
3. Accounts, quotas, and payment
Email-code sign-in processes your email address, Supabase user id, session tokens, entitlement, and usage counts. Checkout sends the signed-in email to Creem to prefill customer details and places the Supabase user id and selected plan in metadata; email is not placed in a URL. To open subscription management, the extension looks up the matching Creem customer by the signed-in email. Signed Creem webhooks are authoritative for entitlement.
4. Data on your device
Vocabulary, silent lookup history, settings, dictionary shards, session answer caches, and speech audio caches remain in browser or extension storage. Shadowing recordings live only for that practice session and are never uploaded. Voice-question audio is sent to the managed service for transcription.
5. Dictionary CDN and website
Dictionary shards are fetched on demand and stored in browser Cache Storage. The CDN receives ordinary network logs such as IP, time, and path. The website uses no ad or third-party analytics script and sets no marketing cookies. Uninstall feedback stores selected reasons, optional text, locale, and submission time.
6. D41 anti-abuse trial ledger
To stop repeated 50-request grants after deleting and recreating an account, deletion retains SHA-256 of lower(trim(email)) + a private salt and a monotonic used count. It contains no raw email, profile, prompt, response, or reading content; only service_role can access it. This processing prevents trial fraud and maintains service fairness.
7. Account deletion
Self-service deletion removes the Supabase Auth user and account, entitlement, usage, and content rows linked by user id. If the anti-abuse ledger cannot be written, deletion fails closed. The salted hash and pure D41 count survive deletion. Creem retains transaction records under its own policy and legal obligations.
8. Data retention
Account, entitlement, quota, and AI technical usage records are kept while the account exists and are deleted with self-service account deletion. Creem webhook idempotency records are kept as long as needed to reconcile entitlements, resolve disputes, and prevent duplicate events. Uninstall feedback is kept as long as needed for product improvement; you may ask support to delete it. The D41 salted hash and pure count remain while the 50-request lifetime-trial anti-abuse program operates. Cloudflare, Supabase, and Creem retain infrastructure, security, and transaction records under their own policies and legal duties.
9. Rights, transfers, and contact
The individual developer operating yabt is the data controller. Contact support@linknows.fun to request access, correction, deletion, or restriction where applicable; requests are handled after verification under applicable law. The service uses a single global overseas stack and data may cross borders to provider regions.