TERMS OF USE →

Last updated · July 2, 2026

Privacy Policy

Kern is built to know as little about you as possible. This policy explains what we collect, why we collect it, who processes it, and what your rights are. It covers the Kern iOS app and the kern.cards website.

The short version

Who we are

The Kern app and the kern.cards website are operated by Quantum IT d.o.o., Bana Tome Erdodyja Bakaca 2, 34000 Pozega, Croatia ("Quantum IT", "we", "us", "our"). For the purposes of the EU General Data Protection Regulation (GDPR), Quantum IT is the data controller for the processing described in this policy.

You can reach us at any time at hello@kern.cards.

Information we process in the app

Anonymous installation identifier

When you first open Kern, we create a random identifier for your installation using Firebase Authentication's anonymous sign-in. This identifier contains no personal details, is not connected to your name, email, phone number, or Apple ID, and exists so our servers can respond to your requests and apply fair-use limits. If you delete the app, the identifier is abandoned and a reinstall creates a new one.

Books you search for and add

When you search for a book, your search text is sent to our backend (Google Cloud Functions running in the European Union) and forwarded to the Google Books API to find matching titles. When you add a book, its title and author are sent to Anthropic's Claude API, which generates the study cards. Anthropic acts as our service provider and, under its commercial terms, does not use this data to train its models.

Generated decks are stored in a shared cache in our database (Google Cloud Firestore, EU region), keyed to the book itself rather than to you, so the next reader who adds the same book gets the cards instantly. The cached deck contains no information about you.

To prevent abuse, we keep a short-lived counter of how many decks your installation has generated in the past hour, keyed to your anonymous identifier. These records delete themselves automatically within a few hours.

Usage analytics

We use Google Firebase Analytics to understand whether Kern actually works as a product. We log a small set of events: app first opened, first card seen, book added (with the size of your library as a number), free books finished, paywall shown, purchase completed (the product identifier only), and purchase restored. Firebase also automatically collects technical data such as your device model, operating system version, app version, IP address, approximate region derived from the IP address, and app-instance identifiers.

We use this data in aggregate only. We do not use it for advertising, and Kern does not track you across other companies' apps or websites. You can read about how Google processes this data at policies.google.com/privacy and firebase.google.com/support/privacy. If you would like analytics data associated with your installation deleted, contact us.

Crash reports

If Kern crashes, Firebase Crashlytics automatically sends us a crash report so we can find and fix the problem. A report contains technical details about the crash (stack traces, device model, operating system version, app version, and the app's state at the moment of the crash) together with a Crashlytics installation identifier. Crash reports do not include your books, cards, or any content you typed.

Purchases

All purchases (the Kern Plus subscription and single-book unlocks) are processed by Apple through the App Store. We never receive your name, billing address, or payment card details. The app reads Apple's transaction records on your device to unlock what you have bought, and our analytics record only which product was purchased.

App integrity

We use Firebase App Check with Apple's App Attest and DeviceCheck services to confirm that requests to our backend come from a genuine copy of Kern. This exchanges cryptographic tokens about your device's integrity, not about you.

Information stored on your device and in your iCloud

Your library, your cards, your review history, and your saved cards are stored locally on your device. A compact list of the books in your library and the books you have unlocked is synced through iCloud key-value storage in your personal iCloud account, so your purchases and library survive reinstalls and follow you across your devices. This data lives in your iCloud account under Apple's terms; we have no access to it.

Deleting the app removes the local data. The iCloud copy remains in your iCloud account so your purchases are not lost if you reinstall.

Information we process on the website

What we never collect

Why we process this data (legal bases under the GDPR)

Who we share data with

We share data only with the service providers needed to run Kern, and only what each one needs:

We do not sell personal data and we do not share it with advertisers or data brokers. We may disclose information if required by law, to protect our rights, or as part of a business transfer such as a merger or acquisition, in which case this policy continues to apply to it.

Where data is processed

Our backend and database run in the European Union (Google Cloud region europe-west1). Some of our providers, including Google, Anthropic, Cloudflare, and Web3Forms, may process data in the United States or other countries. Where personal data leaves the European Economic Area, the transfer is protected by recognized safeguards such as the EU-US Data Privacy Framework or the European Commission's Standard Contractual Clauses.

How long we keep data

Your rights

Depending on where you live, you have the right to access, correct, delete, or receive a copy of your personal data, to restrict or object to its processing, and to withdraw consent at any time. To exercise any of these rights, email hello@kern.cards.

One honest caveat: because Kern is anonymous by design, we usually cannot tell which data belongs to you. If you make a request, we may ask you for technical details from your device so we can locate the records tied to your installation.

If you are in the European Economic Area, you also have the right to lodge a complaint with a supervisory authority, either in the country where you live or with the Croatian Personal Data Protection Agency (AZOP, azop.hr).

California residents

If you are a California resident, the California Consumer Privacy Act (CCPA, as amended by the CPRA) gives you specific rights. In the last 12 months we have collected these categories of personal information: identifiers (anonymous installation identifiers, IP addresses, and, for waitlist members, an email address), internet or network activity (interactions with the app and website as described above), and commercial information (records of in-app purchase events, without payment details).

We collect this information directly from you and automatically through your use of the Service, for the purposes described in this policy. We do not sell personal information and we do not share it for cross-context behavioral advertising. We do not knowingly collect or sell the personal information of anyone under 16.

You have the right to know what personal information we hold about you, to request its deletion or correction, and not to be discriminated against for exercising those rights. To make a request, email hello@kern.cards; we will verify it and respond within the time the law requires.

Children

Kern is not directed at children under 13, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, contact us and we will delete it.

Security

All communication between the app, the website, and our servers is encrypted in transit. Access to backend systems is restricted, and we collect the minimum data needed for each feature, which is the best security measure of all. That said, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Links to other services

The app and the website may link to services we do not operate, such as the App Store or our providers' privacy pages. Their privacy practices are their own; we encourage you to read their policies.

Changes to this policy

We may update this policy as Kern evolves. We will post the new version on this page and update the date at the top. If a change is material, we will point it out in the app or on the website before it takes effect.

Contact

Quantum IT d.o.o.
Bana Tome Erdodyja Bakaca 2
34000 Pozega, Croatia
hello@kern.cards