Your data isn't the product. There is no product. Just the news.

Scrollan is a news reader that doesn't ask you to sign up, doesn't track you, and doesn't link your reading habits to a third party. This page is the long version of that — the version Apple wants on file.

The short version. We don't collect personal data. We don't ship advertising or analytics identifiers. The only thing that ever leaves your device is the ID of an article you asked us to summarize or read aloud — and that's because we have to fetch the AI output from our backend. Everything else (your ZIP, language, saved articles, source picks) lives in UserDefaults on your phone.

1. Who we are

Scrollan ("we", "us") is an independent iOS app published by Berkay Dinçer, based in New Jersey, United States. You can reach the privacy contact at privacy@scrollan.app.

2. What we don't do

No tracking. Our iOS privacy manifest sets NSPrivacyTracking = false. We don't use Apple's IDFA, we don't fingerprint you, and we don't link any data to identifiers held by data brokers or advertisers.
No accounts. There is no sign-up, sign-in, social login, or email collection inside Scrollan.
No analytics SDK. We don't ship Firebase, Mixpanel, Segment, Amplitude, Meta SDK, AppsFlyer, or similar. The only network you touch is our own Supabase backend, on your request.
No ads. Scrollan does not show ads and does not share data with advertising networks.
No selling or sharing. We do not sell personal information and we do not share it with third parties for cross-context behavioral advertising.

3. What stays on your device

The following preferences live exclusively in iOS UserDefaults on your phone. They never leave it unless you explicitly back them up to iCloud (Apple's setting, not ours):

Your selected language (one of nine)
Your ZIP code, if you provided one to enable the local "Your lens"
The list of news sources and categories you picked during onboarding
The article IDs you saved with the bookmark button
A flag for whether you finished the first-launch tour

Delete the app, or tap Start over in your Profile, and every one of these is gone.

4. What we receive, briefly, when you ask for AI output

When you tap an article and request an AI brief, the counter view, or audio playback, your device sends a request to our Supabase Edge Functions containing:

The article ID you're requesting AI output for
The language code you have selected (e.g. tr, fr)
A standard anonymous API key — the same one shipped with every install

That is all. We do not log your IP for analytics. We do keep short-lived rate-limit counters keyed by IP for sixty seconds at a time to prevent abuse — they age out automatically and are never joined against any other table.

5. AI processing (OpenAI)

To produce the polished headline, multilingual summary, opposing view, and premium audio, our backend calls OpenAI's API. We send:

The original article title and RSS-provided summary (already public web content)
Instructions to rewrite it neutrally in nine languages

We do not send your ZIP, your language preference, your device ID, or any other personal data to OpenAI. OpenAI does not use API content to train their models per their API Data Usage Policies.

6. iOS required-reason APIs

Per Apple's May 2024 manifest requirement, we declare three required-reason API categories in PrivacyInfo.xcprivacy:

UserDefaults (CA92.1) — to store your language, ZIP, picks, and saved articles locally.
File timestamp (C617.1) — used implicitly by AVFoundation when it caches downloaded MP3s for audio playback.
System boot time (35F9.1) — used implicitly by AVAudioPlayer to schedule playback.

7. Children

Scrollan is intended for a general audience aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child has provided us information, contact us and we will delete it.

8. Your rights

Because we don't hold an account or profile for you, there is no personal record on our servers to access, correct, or delete. Your preferences and history live on your phone — you control them directly through iOS settings and the in-app Start over button. If you believe we are nevertheless holding personal information of yours, email privacy@scrollan.app and we will investigate within 30 days.

If you reside in California, the EU, the UK, or another jurisdiction with a comprehensive privacy law, the rights granted to you under those laws — to know, to delete, to opt out of sale or sharing — are described in more detail on our User Privacy Choices page.

9. Security

Traffic between the app and our backend is encrypted with TLS. Our Supabase database uses row-level security so that even the public read-side cannot enumerate personal data — because there isn't any to enumerate. Service-role credentials are kept exclusively in Supabase Vault and never embedded in the iOS binary.

10. Changes to this policy

If we change anything material — new vendors, new data flows, new platforms — we'll update this page, bump the "Last updated" date at the top, and link to a diff from the previous version. We will never make changes that allow tracking, ads, or account-required features without first issuing a clear in-app notice.

11. Contact

Privacy questions, requests, or just a friendly note: privacy@scrollan.app.