Privacy Policy

1. Introduction

Welica ("the App," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (iOS and Android) and related services.

Welica is a Life Skills, Careers, Feed, and Wellness content platform designed for teenagers and young adults. We take your privacy seriously and are committed to transparency in how we handle your data.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our App. By accessing and using Welica, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy.

2. App Identity and Contact Information

App Name: Welica (formerly StudentPlus)
Developer/Operator: Welica (independent developer)
Contact Email: support@welica.app
Effective Date: April 2026

For any questions, concerns, or requests related to this Privacy Policy, please contact us at the email address above. We will respond to your inquiry within 30 days of receipt.

3. Information We Collect

We collect information in several ways, including directly from you, automatically through your use of the App, and from third-party services we work with. Below is a comprehensive overview of the data we collect:

3.1 Information You Provide Directly

• Authentication Data: When you create an account, we collect your email address, phone number (optional), display name, profile photo URL, and the authentication provider ID (Google, Apple, Phone, or Email sign-in).
• Learning Profile Data: We collect data about your learning journey, including your learning progress, quiz responses, reflection text entries, and career fit profile information.
• Wellness Data: When you use the Wellness features, we collect check-in data, mood indicators, and wellness-related interactions.
• Interaction History: We track your interactions with our Feed content, including views, likes, shares, and comments.
• Notification Preferences: Your choices about which types of notifications you wish to receive.

3.2 Information Collected Automatically

• Device Information: Device type, operating system version, unique device identifiers, app version, and network connectivity details.
• Usage Analytics: Information about your interactions with the App, including screen views, feature usage, engagement metrics, time spent on different sections, and navigation patterns.
• Crash and Error Logs: Information about app crashes, errors, and stability issues, including stack traces and device state at the time of the crash.
• Advertising Identifiers: If enabled on your device (GAID on Android, IDFA on iOS) for analytics purposes only. We do not use these for third-party advertising.

3.3 Information from Third-Party Services

• Firebase Authentication Providers: When you sign in using Google or Apple, those services provide us with verified authentication information.
• App Store Information: Apple and Google provide transaction and subscription information for in-app purchases.

4. How We Use Your Information

We use the information we collect for the following purposes:

• Account Management: Creating and maintaining your account, authenticating you, and managing your profile.
• Service Delivery: Providing learning content, tracking progress, delivering feedback, managing quizzes, and enabling wellness check-ins.
• AI-Powered Features: Processing your reflection text to generate personalized educational feedback (see Section 5 for details).
• Push Notifications: Sending learning reminders, wellness nudges, new content alerts, and re-engagement notifications based on your preferences.
• Analytics and Improvement: Understanding how users interact with the App, identifying issues, improving features, and optimizing user experience.
• Crash Reporting and Stability: Identifying and fixing bugs, improving app stability, and preventing future issues.
• Customer Support: Responding to your inquiries and providing technical support.
• Security and Compliance: Protecting against fraud, unauthorized access, and abuse; ensuring compliance with legal obligations.

5. AI-Powered Reflection Feedback (OpenAI)

IMPORTANT: The Welica app includes AI-powered feedback features that use OpenAI's technology.

5.1 What Data Is Sent to OpenAI

When you complete learning exercises that include AI-powered features (specifically LS09 and LS17 lesson types), your written reflection text is sent to OpenAI's API (via our Firebase Cloud Functions) to generate personalized educational feedback. Only your reflection text and exercise context/prompts are sent. We do not send personally identifying information such as your name, email address, profile photo, or other account details to OpenAI.

5.2 Purpose

The purpose of sending data to OpenAI is to provide you with intelligent, personalized feedback on your reflections to enhance your learning experience.

5.3 OpenAI's Data Usage

Per OpenAI's API terms: Data you submit via the API is not used to train OpenAI's models or improve their services. Your reflection text is processed solely to generate feedback and is treated according to OpenAI's privacy and data retention policies. For more information, please review OpenAI's Privacy Policy.

5.4 Your Rights Regarding AI Features

• Opt-Out: You have the right to skip AI-powered features. Exercises with AI feedback are optional, and you can complete them without AI assistance if you prefer.
• Access: AI-generated feedback is stored in your account and accessible within the App.
• Deletion: When you delete your account, all reflection text and associated AI feedback are deleted from our systems within 30 days.

5.5 Apple Guideline Compliance

We comply with Apple Guideline 5.1.2(i) by clearly disclosing that we collect and process user reflection data via third-party AI services (OpenAI) and allowing users to opt out of AI features entirely.

6. Firebase and Google Cloud Services

Welica uses Google Firebase and related services to power our infrastructure. Here's how each service handles your data:

6.1 Firebase Authentication

Data Collected: Email address, phone number, display name, profile photo URL, authentication provider IDs, and account credentials. Purpose: Securely managing your account and verifying your identity.

6.2 Cloud Firestore

Data Stored: Your user profile, learning progress, quiz responses, reflection text, career fit profiles, wellness check-in data, feed interaction history, and notification preferences. Purpose: Storing and managing your personal data and learning records. Security: Cloud Firestore data is encrypted at rest and in transit. Access is controlled by Firebase Security Rules that restrict data access to your own account.

6.3 Firebase Storage

Data Stored: Admin-uploaded content assets and learning materials (images, videos, documents). Note: Firebase Storage does not store user-generated uploads. Only administrators can upload content.

6.4 Firebase Analytics (GA4)

Data Collected: App usage events, screen views, engagement metrics, device information, and OS version. Purpose: Understanding user behavior and improving the App. We analyze data in aggregate to identify trends and opportunities for enhancement. Third-Party Advertising: We do NOT use Firebase Analytics data for third-party advertising or retargeting. Your Rights: You can opt out of analytics collection in the App settings (see Section 9.2).

6.5 Firebase Crashlytics

Data Collected: Crash reports, stack traces, and device state at the time of the crash. Purpose: Exclusively for identifying and fixing bugs and improving app stability. Data Retention: Crash reports are retained for 90 days and then automatically deleted.

6.6 Firebase Cloud Messaging (FCM)

Data Collected: Device tokens required for push notification delivery. Purpose: Sending push notifications to your device based on your preferences. Your Rights: You can manage notification preferences in the App settings or disable notifications at the device level.

6.7 Firebase Cloud Functions

Purpose: Server-side processing of requests, including generating AI-powered feedback, processing quiz submissions, and other backend operations. Data Security: Cloud Functions are configured with strict access controls and validate all incoming requests.

7. Data Collection Summary Table

For a quick reference, here's a summary of the types of data we collect, how we use it, and whether it's shared with third parties:

8. Children and COPPA Compliance

Welica is designed for teenagers and young adults ages 13 and older. We are committed to protecting the privacy of children and complying with the Children's Online Privacy Protection Act (COPPA).

8.1 Age Verification

• Date of Birth Required: During account creation, you must provide your date of birth to verify you are at least 13 years old.
• Under-13 Blocking: Users who indicate they are under 13 years old are blocked from creating an account.

8.2 Protection of Children Under 13

• No Intentional Collection from Under-13: We do not intentionally collect personal information from children under 13.
• Parental Consent: If we inadvertently collect information from a child under 13, we will delete that data promptly upon discovery, unless parental consent has been obtained.
• Data Deletion: If we become aware that a user under 13 has created an account and provided personal information, we will delete all that information within 30 days and notify the parent or guardian if possible.

8.3 Parental Requests

If a parent or guardian believes their child under 13 has provided information to Welica, please contact us immediately at support@welica.app, and we will investigate and take appropriate action.

9. Your Privacy Rights and Choices

Depending on your location, you may have certain rights regarding your personal data. Below are the rights available to all Welica users:

9.1 Right to Access Your Data

You have the right to access the personal information we hold about you. Within the App, you can view and download your profile, learning progress, and interaction history. To request a comprehensive data export, email us at support@welica.app.

9.2 Right to Opt Out of Analytics

You can disable analytics collection in your App settings. Go to Settings > Privacy > Analytics and toggle the switch to disable. Please note that crash reporting and error logs (used for bug fixes) cannot be disabled, as they are essential for app stability.

9.3 Right to Opt Out of AI-Powered Features

You can skip any learning exercise that includes AI-powered feedback. These features are optional, and you can complete lessons without AI assistance. To disable AI features entirely, go to Settings > Privacy > AI Features.

9.4 Right to Manage Notification Preferences

You can customize your notification preferences in App Settings > Notifications. You can opt in or out of specific notification types (learning reminders, wellness nudges, new content alerts, re-engagement). You can also disable notifications entirely at the device level.

9.5 Right to Data Deletion

Account Deletion: You can delete your account in App Settings > Account > Delete Account. This will remove your profile, learning data, wellness records, and interaction history from our systems within 30 days. Email Request: You can also submit a data deletion request by emailing support@welica.app with the subject line "Data Deletion Request." Right to be Forgotten: Once deleted, your data will not be recoverable, and we will not use it for any further purpose.

9.6 Right to Data Portability

You have the right to request a copy of your data in a portable, machine-readable format. Email support@welica.app with the subject line "Data Portability Request," and we will provide your data within 30 days.

10. Data Retention and Deletion

We retain your data for the duration necessary to provide our services and comply with legal obligations. Here's our data retention policy:

• Active Accounts: All user data (profile, learning progress, wellness data, interaction history) is retained while your account is active.
• Deleted Accounts: When you delete your account, all personal data is deleted from our live systems within 30 days. Backup copies are retained for up to 90 days for disaster recovery purposes.
• Crash Reports: Crash logs and error reports are automatically deleted after 90 days.
• Analytics Data: Firebase Analytics data is retained per Google's default policy (14 months). You can request deletion of your analytics profile in your account settings.
• AI Reflection Data: Reflection text and AI-generated feedback are stored in your account and deleted when you delete your account or request data deletion.
• Notification Tokens: Device tokens are retained until you log out or delete your account.

11. Data Security

We implement industry-standard security measures to protect your data from unauthorized access, alteration, disclosure, or destruction.

11.1 Encryption

• In Transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS protocols.
• At Rest: Data stored in Cloud Firestore and Firebase Storage is encrypted at rest using Google's encryption standards.

11.2 Access Control

• Firebase Security Rules: Cloud Firestore and Storage access is strictly controlled by Firebase Security Rules that ensure users can only access their own data.
• Server-Side Validation: All Cloud Functions include server-side validation to prevent unauthorized access and data manipulation.
• Authentication: Your account is protected by secure authentication methods (email/password, Google Sign-In, Apple Sign-In, or phone-based authentication).

11.3 Security Limitations

While we strive to protect your information, no security system is impenetrable. If you believe your account has been compromised, please contact us immediately at support@welica.app.

12. Third-Party Services

Welica uses the following third-party services to deliver our App:

These third-party services have their own privacy policies, and we encourage you to review them. We are not responsible for the privacy practices of third-party services.

13. California Consumer Privacy Act (CCPA)

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You have the right to request what personal information we collect, use, and share about you.
• Right to Delete: You can request deletion of personal information we have collected from you (subject to certain exceptions).
• Right to Opt-Out: You have the right to opt out of the "sale" or "sharing" of your personal information. We do not sell your information to third parties for monetary consideration.
• Right to Non-Discrimination: You will not face discrimination for exercising your CCPA rights.
• Right to Correct: You can request correction of inaccurate personal information.

To exercise any of these rights, please submit a request to support@welica.app with the subject line "CCPA Request." We will respond to your request within 45 days.

14. Data Processing and International Users

Welica is developed and operated from India. Your data is stored and processed using Google Firebase infrastructure, which operates data centers in the United States and other countries. By using the App, you consent to the transfer, storage, and processing of your personal information in these locations.

If you are located in the European Union or other jurisdictions with data protection laws, please be aware that your data will be processed according to applicable data protection regulations (such as GDPR). If you are located in India, your data is handled in accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, as applicable.

15. Cookies and Local Storage

While Welica is a native mobile app, certain web-based features and the marketing website may use cookies and local storage technologies:

• Authentication Tokens: Secure, encrypted tokens are stored locally on your device to keep you logged in and protect your account.
• Firebase Offline Persistence: Cloud Firestore uses local caching to provide offline functionality and improve performance.
• App State Storage: The App stores local preferences, cache data, and user interface state on your device to enhance user experience.
• Web Analytics: If you visit our marketing website, Google Analytics may use cookies to track user behavior.

You can manage cookies and local storage settings at the device level (iOS Settings > Welica > Clear Cache or Android Settings > Apps > Welica > Storage > Clear Cache).

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Effective Date" at the top of this policy.

If we make material changes that significantly affect your privacy rights, we will notify you through the App (an in-app notification or email notification) and ask for your consent to the new policy.

Continued use of the App after changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy regularly to stay informed about how we protect your information.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

18. Your Acknowledgment

By downloading, installing, and using the Welica app, you acknowledge that you have read, understood, and agree to all terms of this Privacy Policy. If you do not agree with any part of this policy, please do not use the App.