Privacy Policy

Shtender is built local-first. The app is designed so you can use everything — daily shiurim, the full Torah library, progress tracking, reader preferences — without ever creating an account or sending data to a server.

Data stored on your device

When you use Shtender without signing in, the following is stored locally on your device only. None of it leaves the device.

• Your chosen display name and preferences (reader font size, language mode, theme).
• Your enrolled shiurim, schedule, and daily progress.
• Downloaded texts and commentary for offline reading.
• Diagnostic logs (recent errors/warnings), viewable in Settings.

Data we receive when you sign in

Sign-in is optional and only used to back up your data across devices. If you choose to sign in with Google or GitHub, we request only standard profile scopes (email and basic profile information), and the following is stored on Shtender's server:

• From Google: your email address, display name, profile image URL, and a Google-assigned user ID (opaque identifier specific to Shtender).
• From GitHub: your primary email address, username, display name, avatar URL, and a GitHub-assigned user ID.
• Your locally stored shiurim, enrollments, and progress — uploaded when you first sign in, and synced thereafter.
• Your Diaspora / Eretz Yisrael calendar preference (used to resolve daily-learning dates correctly).
• A last-login timestamp (used to show your own recent-activity indicators; not shared with anyone).

We never receive your password for either provider. Authentication tokens are handled directly between the app and the provider via OAuth 2.0. We do not request Gmail, Google Drive, GitHub repository, or any other sensitive scope — only identity.

How we use the data

Data from sign-in is used solely to identify your account across devices and sync your Torah learning. It is not shared with third parties (other than the error-monitoring provider noted below, which receives only an opaque internal user ID — no email, name, or token), not sold, and not used for advertising or profiling. The server keeps the minimum needed to let you sign in again later and restore your progress. Data obtained from Google and GitHub APIs is used in accordance with each provider's policies, including Google's API Services User Data Policy.

Error monitoring

Shtender uses Sentry to detect and diagnose crashes and errors so we can fix them quickly. When an error occurs, the app sends Sentry:

• The error itself — message, stack trace, and the recent in-app log entries leading up to it (with authentication tokens and other secret-shaped values redacted before sending).
• Device and app metadata — device model, manufacturer, OS version, locale, timezone, app version, free memory, and connection type.
• Approximate location derived from your IP address by Sentry (typically country + city). Your raw IP address is not stored beyond this derivation.
• If you're signed in: Shtender's own opaque internal user ID (a UUID), so we can correlate an error to the session that produced it. Your email, display name, and authentication tokens are never sent to Sentry.

You cannot be identified to third parties from what Sentry receives. If you'd prefer to opt out, uninstall the app or use it signed-out — signed-out reports contain no user ID at all.

What we never collect

• Your precise or coarse GPS location.
• Contacts, SMS, call logs, or persistent device identifiers (IMEI, advertising ID, etc.).
• Advertising profiles of any kind — we don't run ads.
• Browsing history outside the app or usage analytics beyond what's needed for error monitoring described above.
• The content of what you're reading — which texts you open stays on your device (and syncs only to Shtender's own server if you sign in).

Third-party services

• Google OAuth — used only if you choose Sign in with Google. Google receives the standard OAuth authorization request and is subject to its own privacy policy.
• GitHub OAuth — used only if you choose Sign in with GitHub. Subject to GitHub's privacy statement.
• Sentry — error and crash monitoring, as described in the previous section.
• Google Play Services / Google Play Store — required on Android for app install, updates, and (if you choose) Google Sign-In. Google Play collects its own telemetry outside Shtender's control; see the Play Store's privacy disclosures.
• Expo Updates — the app checks periodically for over-the-air JavaScript updates served from Expo's CDN. This check sends only the app's runtime version and a random install ID; no personal data.
• Sefaria — Shtender's text corpus is derived from the open Sefaria Project. Text content is bundled into the app and requested from our own servers; no data about you is sent to Sefaria.
• Buy Me a Coffee — the "Support the project" link opens Buy Me a Coffee's site in your browser. Shtender receives no data about whether or what you donate.

Data retention and deletion

Local data lives only as long as the app is installed. Uninstalling the app removes everything on the device.

If you signed in: your account and synced data live on our server until you request deletion. To delete your account, email privacy@shtender.dev from the address associated with your account. We'll delete everything within 30 days.

Security

Server traffic uses HTTPS with strict transport security. Authentication tokens are stored in the device's secure keystore (Android Keystore / iOS Keychain). Our servers log request metadata (IP, path, status) for abuse prevention; these logs are rotated and not sold or shared.

Children

Shtender is suitable for all ages but is not specifically directed at children under 13. We do not knowingly collect data from children under 13.

Changes

When we update this policy, we'll change the date at the top and note what changed. Material changes will be announced in the app before they take effect.

Contact

Questions and general inquiries: contact@shtender.dev
Privacy / deletion requests: privacy@shtender.dev.