Student Trove
Overview
Student Trove is designed with privacy in mind. Core planning features work entirely offline with data stored locally on your device. Optional features like cloud sync and premium subscriptions require an account and may transmit data to secure third-party services.
Data stored on device
Student Trove stores timetable, task, grade, attendance, and study data locally on your device. On supported platforms, this local database is encrypted with SQLCipher.
Network access
- Core planning features work offline with local storage.
- Optional account sign-in uses Supabase authentication.
- Optional cloud sync stores encrypted snapshot payloads linked to your account.
- Premium setup may fetch a public RevenueCat SDK key from Supabase remote config.
- Premium purchase and restore use RevenueCat and Google Play Billing services.
- When cloud sync is enabled, timetable/task/grade/attendance/study data is uploaded to your Supabase project.
What we do not collect
- No ad tracking identifiers.
- No analytics tracking for advertising purposes.
- No access to your device contacts list or location data.
- No session recordings or screenshots of your data.
- No academic data (timetable, tasks, grades, attendance) is ever sent to analytics services.
Account and cloud data
- If you create an account, your email and auth identifiers are stored by Supabase Auth.
- If you use cloud sync, backup snapshot data is stored in your Supabase project and protected by row-level security.
- When cloud sync is active, a randomly generated device identifier is stored alongside your sync record to prevent data conflicts when syncing across multiple devices. This identifier is not your hardware ID, is not used for advertising, and resets if you reinstall the app.
- Premium entitlement status may be linked to your account so it can sync across devices.
- You can sign out and manage account details from the app settings.
Analytics and crash reporting
Student Trove uses PostHog to collect anonymous usage analytics and crash reports. This helps identify bugs and understand how the app is used in aggregate. No academic data (timetable, tasks, grades, or attendance) is ever included in analytics events.
What PostHog collects
- App lifecycle events (app opened, sent to background, foregrounded).
- Screen views — the name of each screen navigated to, without any content from that screen.
- App interactions — general usage events such as feature usage patterns.
- Crash logs and stack traces when the app encounters an unhandled error.
- An anonymous randomly-generated identifier used to distinguish devices in aggregate reporting. This is not your hardware device ID, is not linked to your identity, and resets if you reinstall the app.
In-app feedback
When you choose to submit feedback via Settings → Send Feedback, the following is sent to PostHog: your feedback message, the feedback type you selected (e.g. bug report, feature request), and optionally your email address if you choose to provide it for follow-up. Submitting feedback is entirely voluntary.
Your choice
You can opt out of analytics and crash reporting at any time in Settings → Data Management → Share analytics & crash reports. Turning this off stops all PostHog data collection for your device. This does not affect any other app functionality.
Permissions
| Permission | Why it is needed |
|---|---|
| Storage / Files | Import timetable files, export calendar data, and create backups. |
| Camera (Optional) | Scan printed timetables for OCR import when you choose to use the camera. |
| Notifications | Send reminders for classes, tasks, and events at scheduled times. |
| In-app purchases | Process premium upgrades through Google Play Billing and RevenueCat. |
Export and import
Export
You can export data at any time, including calendar files (ICS), spreadsheets (CSV), and full JSON backups. Exports are created locally and shared by you.
Import
Timetable import can use images or PDFs. Text recognition runs on-device and does not upload your files to external servers.
Third-party services
Student Trove uses the following third-party libraries/services:
- PP-OCRv5 runtime (on-device text recognition for timetable import)
- SQLCipher (encrypted local database on supported platforms)
- Supabase (remote config delivery for RevenueCat public SDK key)
- RevenueCat (premium purchase entitlement management)
- Google Play Billing (premium purchase processing)
- PostHog (anonymous analytics and crash reporting — see the Analytics and crash reporting section above for full details)
Data security
- Local data is stored in an encrypted SQLite database on supported platforms.
- Encryption keys are stored in the device's secure storage.
- Cloud sync is optional and account-controlled.
Contact
Email: studenttrove@gmail.com
Changes to this policy
Updates will be posted here with a new "Last updated" date.