Privacy Policy

Privacy Policy

Last updated: July 14, 2026

This policy describes how the boxlore Android app handles information. It is meant to be accurate and complete — including uncomfortable details — not a marketing brochure. If something here conflicts with an older screen or blog post, this page and the in-app Settings → Privacy screen should be treated as current.

Never sold Never for ads No ads in boxlore No in-app opt-out today

1. Our promise

boxlore isn’t meant for monetary gain. It’s a few friends finishing a childhood dream — watching code turn into magic on screens — and sharing a useful podcast app along the way. We collect product analytics so we can see how the app is used and which features work or don’t.

We commit
  • Never sell your data
  • Never use it to push ads
  • boxlore will never have ads
  • No AdMob / Meta ads SDKs in the app
We do not claim
  • That nothing can ever be linked to a person
  • That nothing leaves your phone
  • That analytics can be fully switched off in-app today

2. How boxlore handles data

There is no account. Your library (subscriptions, downloads, progress, likes) stays on your device. Analytics and some features still send data off-device — details below.

Analytics can suggest a rough sketch of a listener (for example rough place, device, podcast taste) — not age, gender, or a precise identity. We don’t ask for name or email to use the app. The only way those show up is if you type them into search or AI chat. Please don’t.

Two IDs: a PostHog distinct ID for analytics (resettable in Settings → Privacy), and a separate on-device device UUID for some backend features (recommendations / auto-transcripts). Resetting PostHog does not rotate the device UUID.

Analytics starts with the app. There is no in-app opt-out for PostHog capture. See section 5 for reset and deletion.

3. What we collect

Main analytics: PostHog
Also, depending on features: our API (api.aswin.cx), LLM providers via that backend for AI onboarding (currently described in-app as Groq; model may change), Google Firebase (Messaging, App Check, Crashlytics dependency), publisher CDNs, and RSS hosts for custom feeds.

App use

Screens, feature taps, settings, rough time spent, lifecycle events, and occasional PostHog surveys (for example NPS). Used to understand adoption and drop dead features (example: Radio was removed after almost nobody used it).

Search and AI onboarding text

Search queries/results and AI onboarding chat (your messages and replies) go to our backend and PostHog. We use this to improve search (catalog APIs lean on exact-word match) and keep AI onboarding relevant (including detecting when someone types a podcast name like a search query). Don’t type personal identifiers here.

Listening

Episode/podcast ids and titles, playback progress, likes, subscriptions, downloads, and related signals — to PostHog and, when requesting recommendations, to our backend. Used for product insight and community charts.

App and device

App version, OS/device details PostHog attaches by default, local hour, analytics ID. PostHog may also derive approximate geo from IP. No GPS tracking in the app.

Crashes

Error events to PostHog; Firebase Crashlytics may also receive crash diagnostics. An older crash-consent toggle is not an effective gate today.

Recommendations, transcripts, briefings

Recommendations can send country, subscriptions, interests, and listening history plus the device UUID. Auto transcript/chapters may send episode ids and audio URLs to our backend (and related PostHog events). Publisher chapters/transcripts are fetched from publisher URLs. Briefings may load from our backend.

Custom RSS, push, install

Custom RSS feeds are fetched directly from the feed host (they see your request). Firebase Cloud Messaging handles push; App Check tokens may protect APIs; Play Install Referrer may be read once for install context. Optional feedback email is only sent if you provide one.

What we don’t collect by design

No required account, name, email, phone, age, gender, or GPS. No ad-targeting SDK stack. Exception: free-text you type into search or AI chat.

4. Where it goes

We don’t control every publisher or RSS host you contact through the app.

5. Your controls

No in-app switch disables PostHog today. Older consent UI is not the live gate.

Reset analytics ID

Settings → Privacy → Start a new analytics ID. Future PostHog events use a new ID; past events stay unless you request deletion. Does not wipe your library or rotate the device UUID.

Request deletion

Settings → Privacy → Request deletion → send the email draft with your PostHog ID to support@aswin.cx (or privacy@aswin.cx). That deletes PostHog data for that ID when we process the request — not your on-device library, and not every log held by other processors you contacted.

Retention

PostHog retention follows our project configuration. On-device library data stays until you clear it or uninstall. Aggregated metrics may outlive individual events. Email us for a specific retention question.

6. Other notes

boxlore is general-audience. We don’t offer accounts for children or anyone else. If you think a child typed personal details into search or AI chat, contact us and we’ll take reasonable steps to delete related analytics we control.

We’ll update this page when practices change (see the date above) and reflect major changes in Settings → Privacy where practical.

The Android app is source-available: github.com/ashwkun/boxlore.

7. Contact

Privacy: privacy@aswin.cx

Support / deletion drafts: support@aswin.cx