Lost Arrow Studios, LLC

Privacy Policy

Last Updated: [DATE] Effective: [DATE]

The short version: Digamo is built entirely on your device. Your conversations, your voice, and your learning data never leave your iPhone. We have no servers processing your language practice sessions, and we never will. This is not a promise — it is an architectural fact.

Introduction

Lost Arrow Studios, LLC ("Company," "we," "us," or "our") operates the Digamo mobile application (the "App"). This Privacy Policy explains our data practices. Please read it carefully. By using the App, you agree to the practices described herein.

Information We Collect

2.1 — What We Do NOT Collect

Digamo does not collect the following:

Your voice or audio — speech recognition runs entirely on your device using Apple's built-in speech recognition APIs
Your conversations — all dialogue with your AI language partner is processed on-device and never transmitted anywhere
Your learner profile — your progress, vocabulary gaps, grammar patterns, and learning history are stored on your device only
Your name, email address, or any account information — Digamo does not require an account
Your location
Device identifiers, hardware IDs, or advertising identifiers
Usage analytics or behavioral data
Payment or financial information — all purchases are handled entirely by Apple

2.2 — What We Do Collect

Digamo collects nothing directly. The only data associated with your use of the App flows through Apple's own systems:

Subscription status: Your subscription is managed entirely by Apple via StoreKit. We receive only a confirmation that a valid subscription exists — not your payment details, Apple ID, or any personal information. This confirmation is verified locally on your device using Apple's APIs.
Model and voice downloads: On first launch, the App downloads the AI language model (Qwen3) and text-to-speech voice files (Kokoro for most languages; Piper for Swedish) from content delivery servers. Additional voice files may be downloaded when you select a new language. These downloads are anonymous — no account or identity is associated with them. Your IP address may be visible to our CDN provider during the download, as is standard for any internet download. After the initial download, the App operates entirely offline.

2.3 — On-Device Storage

The following data is stored locally on your device and never transmitted:

Conversation history (text only, no audio)
Learner profile — inferred observations about your vocabulary, grammar patterns, and progress
Language and partner preferences
A boolean flag confirming you have passed the age verification screen during onboarding

All on-device data is deleted when you delete the App.

Age Verification

Digamo is not intended for children under the age of 13 (or 16 in the European Economic Area). During onboarding, you must confirm you meet the minimum age requirement. The date of birth you enter is evaluated locally on your device and is immediately discarded — it is never stored or transmitted. Only a boolean confirmation flag is retained on your device.

We do not knowingly collect information from children under 13. If you believe a child has used the App in violation of this policy, please contact us at support@digamo.ai.

Attorney Note Please advise on COPPA compliance requirements. Note: The App has been assigned a 17+ App Store age rating, which prevents download by anyone under 17 via Apple's enforcement. Given that the App also has no server-side data collection and no account creation, COPPA exposure should be minimal. Please confirm that the 17+ rating in combination with the on-device architecture satisfies applicable COPPA obligations and that no further age-gating measures are required.

Model and Voice File Downloads

The AI language model (Qwen3) and text-to-speech voice files (Kokoro for most languages; Piper for Swedish) are downloaded to your device on first launch or when you select a new language. These files are large and downloaded once; they do not need to be downloaded again unless you reinstall the App.

During these downloads:

Your IP address is visible to our content delivery network provider, Cloudflare (R2), as is standard for any internet download. Cloudflare's privacy policy is available at cloudflare.com/privacypolicy.
No account, identity, or personal information is associated with the download request
Download activity is not logged or retained by default. Cloudflare R2 does not retain HTTP request logs unless explicitly configured. We do not enable log retention for model and voice file downloads.

After the initial download is complete, Digamo operates entirely offline. No further network requests are made during normal use.

Attorney Note Our CDN provider is Cloudflare (R2). Cloudflare's privacy policy is available at cloudflare.com/privacypolicy. Please advise on whether a Data Processing Agreement with Cloudflare is required given that IP addresses may be transiently visible during downloads, and whether Cloudflare's standard DPA (cloudflare.com/cloudflare-customer-dpa) is sufficient for GDPR compliance.

Subscriptions and Payments

Digamo subscriptions are purchased and managed entirely through the Apple App Store. Apple handles all payment processing. We do not receive, store, or process your payment card information, Apple ID, or any other financial or identity data.

Subscription status is verified locally on your device using Apple's StoreKit APIs. No subscription data is transmitted to our servers because we have no servers receiving it.

To cancel your subscription, manage your subscription through your iPhone Settings → Apple Account → Subscriptions, or through the App Store app.

Third-Party Services

Digamo uses no third-party analytics SDKs, advertising networks, crash reporting services, or behavioral tracking tools. The App does not contain any code from Facebook, Google Analytics, Firebase, Amplitude, Mixpanel, Sentry, or similar services.

The only third-party relationship relevant to your privacy is Apple's App Store, which manages subscription purchases and delivery of the App in accordance with Apple's privacy policy at apple.com/legal/privacy.

Data Security

Because Digamo processes all data on your device and transmits nothing to external servers during normal use, the security of your data is governed by your device's own security model — iOS file protection, app sandboxing, and your device passcode or biometric authentication.

We recommend keeping your device software up to date and using a strong passcode. Deleting the App removes all Digamo data from your device.

Data Deletion

To delete all Digamo data from your device, delete the App. This removes all conversation history, your learner profile, preferences, and the age verification flag. The AI model and voice files are also deleted.

To cancel your subscription, do so through your iPhone Settings before deleting the App to avoid future charges. Subscription cancellation and any refund requests are handled by Apple.

Because we hold no personal data on our servers, there is no server-side data to request deletion of. If you have questions, contact us at support@digamo.ai.

Your Privacy Rights

Because Digamo does not collect personal information, most privacy rights frameworks (GDPR, CCPA/CPRA) have limited applicability to our data practices. We do not sell personal information, create advertising profiles, or share data with third parties.

9.1 — California Residents (CCPA/CPRA)

Attorney Note Please advise on whether CCPA/CPRA disclosure obligations apply given that we collect no personal information beyond what flows through Apple's own systems. Note: our CDN provider (Cloudflare R2) does not retain access logs by default and we do not enable log retention, which may simplify the analysis. Please advise on whether a 'Do Not Sell' link is required.

9.2 — EEA, UK, and Switzerland (GDPR)

Attorney Note Please advise on GDPR obligations. Key questions: (1) Given that Cloudflare R2 does not retain access logs by default and we do not enable log retention, does transient IP address visibility during downloads still constitute processing of personal data requiring a legal basis? (2) Is Cloudflare's standard DPA (cloudflare.com/cloudflare-customer-dpa) sufficient, or is a separate DPA required? (3) Is an EU/UK representative required? (4) Does the on-device processing of voice and conversation data constitute 'processing' under GDPR given that we never access it? The architecture may fall entirely outside GDPR's scope given no data is transmitted to us, but confirmation is needed.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via an in-app notification. The "Last Updated" date at the top of this policy reflects the most recent revision. Your continued use of the App after changes take effect constitutes acceptance of the revised policy.

Contact Us

Questions about this Privacy Policy or Digamo's privacy practices:

Lost Arrow Studios, LLC

Email: support@digamo.ai

PO Box 703, Intervale, NH 03845