Todait Adaptive Study Planner Exam schedule rebalanced daily
TODAIT

Privacy Policy

Effective date: May 23, 2026 Last updated: May 23, 2026

Loopetto ("Loopetto," "Company," "we," "us," or "our") operates the Todait mobile application, websites, APIs, and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, transfer, and protect information when you use the Service.

If you do not agree with this Privacy Policy, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

We may collect information that you provide directly to us, including:

  • Account information, such as email address, display name, nickname, password credentials, and authentication settings.
  • Profile information, such as profile preferences, display settings, uploaded profile or cover images, and onboarding information.
  • Study and planning content, such as study plans, tasks, study schedules, daily allocations, progress records, completion history, reminders, and related preferences.
  • Images or documents you choose to upload or scan for text recognition, table-of-contents recognition, curriculum generation, study plan creation, or similar Service features.
  • Subscription-related information, such as your Todait account identifier, RevenueCat app user identifier, subscription entitlement state, product identifiers, store environment, renewal or expiration dates, and purchase or restore events.
  • Communications with us, such as support requests, feedback, and messages sent to our support email.

We do not receive your full payment card number when you purchase subscriptions through the Apple App Store. Payment processing is handled by Apple and related subscription service providers.

1.2 Information Collected Automatically

When you use the Service, we and our service providers may automatically collect:

  • Device and app information, such as device model, operating system version, app version, build number, bundle identifier, locale, timezone, and notification environment.
  • Identifiers, such as your Todait user ID, analytics anonymous ID, analytics session ID, push notification installation ID, Firebase Cloud Messaging registration token, and APNs device token where applicable.
  • Usage and interaction data, such as screens viewed, features used, onboarding events, plan creation and update events, progress submissions, paywall and subscription actions, settings interactions, and other app interaction events.
  • Log and diagnostic data, such as access time, IP address, user agent, request metadata, server logs, error codes, crash or diagnostic information if enabled in the app build, and security or session events.
  • Notification data, such as notification permission state and push token registration metadata.
  • Upload metadata, such as file type, file size limits, generated upload URLs, storage object paths, and processing job status for uploaded images or documents.

We do not currently use the Apple advertising identifier (IDFA), AppTrackingTransparency permission, precise location, contacts, HealthKit, or motion/fitness data for the Service.

1.3 Information from Third-Party Sign-In Services

If you sign in using Apple or Google, we receive the information permitted by that provider and your settings, such as provider user ID, email address, and name. We do not receive your Apple or Google password.

2. How We Use Information

We use information for the following purposes:

  • To provide, operate, maintain, and improve the Service.
  • To create and manage accounts, authenticate users, maintain sessions, and secure the Service.
  • To generate, update, restore, and display study plans, tasks, schedules, progress, reminders, curriculum features, and related app experiences.
  • To process uploaded images or documents for text recognition, table-of-contents recognition, curriculum generation, and study plan creation.
  • To send service-related notifications, including study reminders, plan updates, subscription messages, security notices, and operational messages.
  • To manage subscriptions, purchase validation, entitlement status, customer support for purchases, and fraud prevention.
  • To analyze usage patterns, product performance, feature reliability, and user experience.
  • To diagnose, prevent, and address technical issues, abuse, fraud, security incidents, and policy violations.
  • To respond to support requests and other communications.
  • To comply with legal obligations and enforce our agreements.

3. Third-Party Services and Service Providers

We use service providers to operate the Service. These providers may process information on our behalf according to their own terms and privacy practices.

Provider Purpose
Amazon Web Services (AWS) Hosting, backend infrastructure, database, deployment, logs, and operational infrastructure.
Cloudflare DNS, proxy/network services, Cloudflare Workers for first-party analytics ingestion, and Cloudflare R2 object storage for uploaded images and profile assets.
Apple Sign in with Apple, App Store subscriptions, StoreKit, Apple Push Notification service, and Apple platform services.
Google Google sign-in/OAuth and Firebase services.
Firebase Cloud Messaging Push notification token management and message delivery.
Firebase Crashlytics Crash and diagnostic reporting if enabled in the app build.
RevenueCat Subscription management, receipt validation, entitlement state, purchase history, customer center, and subscription support.
Alibaba Cloud DashScope AI-assisted text recognition and table-of-contents processing for images or documents you choose to process through supported features.
Better Stack Uptime and health monitoring for production API endpoints.

We may update this list as our Service changes. We do not sell your personal information. We do not use your information for third-party advertising or cross-app behavioral advertising unless we update this Privacy Policy and our App Store privacy disclosures as required.

4. Data Storage, Security, and International Transfers

Our primary backend infrastructure and database are hosted on AWS in the United States, currently in the us-east-1 region (US East, N. Virginia). We also use service providers that may process or store information in the United States, South Korea, and other countries where they or their subprocessors operate.

We use commercially reasonable administrative, technical, and organizational safeguards designed to protect information, including access controls, HTTPS/TLS transmission, authentication controls, credential hashing, token hashing where appropriate, and operational monitoring. However, no method of transmission or electronic storage is completely secure, and we cannot guarantee absolute security.

5. Data Retention

We retain information for as long as reasonably necessary to provide the Service, maintain your account, comply with legal obligations, resolve disputes, enforce agreements, and protect the Service.

Current retention practices include:

  • Account, profile, subscription entitlement, and settings data are retained while your account is active. After account deletion is completed, direct account identifiers such as email address and display name are deleted or anonymized.
  • Study plan, task, progress, schedule, curriculum, and related user-generated study data may be retained after account deletion in anonymized form so it is no longer associated with your direct account identifiers.
  • Images or documents you upload or scan for text recognition, table-of-contents recognition, curriculum generation, or study plan creation may be retained while your account is active to provide, restore, troubleshoot, and improve those features.
  • Subscription, billing, tax, fraud-prevention, and dispute-related transaction records may be retained for the minimum period necessary for those purposes, using anonymized account references where deletion has been completed.
  • AWS RDS database backups are currently configured for approximately 7 days.
  • Security, audit, backup, and operational records may be retained for longer where necessary for security, fraud prevention, compliance, dispute resolution, or legal obligations.

You may request account deletion in the app or by contacting us at help@todait.com. In-app deletion requests are scheduled with a 7-day grace period. If you log back in during the grace period, your deletion request is cancelled and your account remains active. After the grace period, we will soft-delete your account and delete or anonymize personal information associated with your account within 30 days after your request is verified, unless retention is required or permitted by law. When account deletion is completed, push notification device tokens associated with your account are invalidated or removed. After deletion, study records and curriculum-related data may be retained in anonymized form, and subscription transaction records may be retained using anonymized account references for billing, tax, dispute resolution, fraud prevention, security, or legal obligations. Backup copies may persist for a limited period until overwritten or deleted according to backup retention schedules.

6. Your Choices and Rights

Depending on your location, you may have rights to:

  • Access the personal information we maintain about you.
  • Correct inaccurate personal information.
  • Delete personal information.
  • Object to or restrict certain processing.
  • Request a portable copy of certain information.
  • Withdraw consent where processing is based on consent.
  • Opt out of sale or sharing of personal information, where applicable.

We do not sell personal information. To exercise privacy rights, contact us at help@todait.com. We may need to verify your request before responding.

California Residents

If you are a California resident, you may have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, including rights to know, access, correct, delete, and opt out of sale or sharing of personal information. We do not sell personal information or share it for cross-context behavioral advertising.

European Economic Area, United Kingdom, and Switzerland

If you are located in the EEA, UK, or Switzerland, our legal bases may include performance of a contract, legitimate interests, consent, and compliance with legal obligations. You may also have the right to lodge a complaint with your local data protection authority.

7. Camera, Photos, and Notifications

The Service may request camera or photo library access when you choose to scan or import images for text recognition, study plan creation, curriculum generation, profile image, or related features. We only access camera or photo library content when you grant permission and choose to use those features.

The Service may request notification permission to send study reminders, plan updates, subscription-related messages, and service notifications. You can manage notification permissions in your device settings.

8. Children's Privacy

The Service is intended for users aged 17 and older. We do not knowingly collect personal information from children under 17. If we learn that we have collected personal information from a child under 17, we will take appropriate steps to delete it.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice as required by law, such as by updating the "Last Updated" date, posting the updated policy in the Service, or sending a notice where appropriate.

10. Contact Us

If you have questions, requests, or concerns about this Privacy Policy, contact us at:

Loopetto Room G-9, #709, 7F, 60, Mullae-ro 20-gil, Yeongdeungpo-gu, Seoul 07293, Republic of Korea Email: help@todait.com Website: https://todait.com