Privacy Policy
Effective date: 16 July 2026
Endlo is operated by Lucian Vaduva, its sole developer, operator, and owner, referred to in this Privacy Policy as “Endlo”, “we”, “us”, or “our”.
This Privacy Policy explains what information is collected when you use the Endlo mobile application or visit Endlo’s website, how that information is used, and what choices and rights you have.
For privacy-related questions or requests, contact legal@endlo.app.
The short version. Endlo has no accounts and no login. We do not collect your name, email, phone number, contacts, or precise location. Your reading progress and reminder preference are stored only on your device. Endlo does not currently collect usage analytics. We do not sell data and we show no ads.
1. About Endlo
Endlo is a finite nightly discovery application. It presents a small collection of editorial content and allows you to progress through and complete each nightly edition. Endlo does not require you to create an account or provide your name, email address, phone number, or password.
2. Information we collect
2.1 On-device application data
To make the ritual work, Endlo stores the following only on your device (in the app’s local storage). It is not transmitted to our servers:
- A randomly generated, anonymous installation identifier and session identifier;
- Your progress through the current edition and whether it has been completed, including completion timestamps;
- Your reminder-time preference.
This data stays on your device and is removed when you clear the app’s storage or uninstall the app. The installation identifier is not connected to your name, email, telephone number, or other directly identifying information.
2.2 Analytics
Endlo does not currently collect usage analytics. The application includes Google’s Firebase SDK, but analytics auto-collection is disabled, so no usage or telemetry data is collected or sent to Google or to us. If we introduce analytics in the future, we will update this Privacy Policy and, where required by law, ask for your consent first.
2.3 Notifications
Endlo may ask for permission to display nightly reminders. Reminders are scheduled locally on your device. Your selected reminder time is stored on the device and used only to schedule these notifications. Endlo does not store remote push-notification tokens and sends no reminder data to our servers. You can disable notifications at any time through your device settings.
2.4 Content delivery
Each nightly edition and its images are fetched from our content backend (hosted on Supabase) when you open the app. As with any internet request, serving that content necessarily processes your device’s IP address and standard connection metadata. Endlo only reads published content from this backend; it does not write your personal data to it.
2.5 Communications with us
If you contact us by email, we may receive your email address, your name (if included), the content of your message, and anything you voluntarily provide. We use this to respond, provide support, investigate problems, and meet legal obligations. Please do not send sensitive personal information unless necessary.
2.6 Website information
When you visit Endlo’s website or legal pages, the hosting provider may automatically process standard technical information such as IP address, browser and device type, date and time of access, requested page, and security/server-log information. This is used to deliver the site, maintain security, prevent abuse, and diagnose technical problems.
3. Information we do not collect
Endlo does not require or intentionally collect: account credentials, full name, postal address, telephone number, precise GPS location, contacts, photos or videos, microphone recordings, health data, financial or payment-card information, private communications, or advertising-profile information. Endlo displays no third-party advertisements and uses no advertising identifiers.
4. How we use information
- To provide and operate Endlo and deliver nightly editions;
- To save your edition progress and completion state on your device;
- To schedule the reminders you select;
- To respond to support and privacy requests;
- To detect and prevent misuse or technical problems, and maintain security;
- To comply with applicable law and enforce our legal terms.
We do not sell personal information, and we do not use your activity for behavioural advertising.
5. Legal bases for processing
Where the GDPR or similar laws apply, we rely on one or more of these bases:
- Performance of a contract — processing necessary to provide Endlo’s functionality, such as delivering editions.
- Legitimate interests — securing and operating Endlo, diagnosing technical problems, and preventing misuse, weighed against your interests given the limited data involved.
- Consent — where required (for example, device notifications, or any analytics we might introduce later). You may withdraw consent at any time; this does not affect processing before withdrawal.
- Legal obligations — where processing or preservation is required to comply with law or protect legal rights.
6. Service providers
We use a small number of providers that process information on our behalf:
- Supabase — provides the database, storage, and backend infrastructure that hosts and delivers Endlo’s published editions and images. Endlo reads this content; it does not store your personal data there.
- Google Firebase — the Firebase SDK is included for app infrastructure, but Firebase Analytics collection is disabled, so no analytics data is processed. If enabled in future, Google would process technical data under its own terms, and we would update this policy.
- Website hosting — our website and legal pages are delivered through a hosting provider (Cloudflare Pages) that processes standard server and security logs.
We may also disclose information when required by law or a valid legal request; to investigate fraud, security incidents, or misuse; to protect the rights, safety, and property of Endlo, its users, or others; or as part of a merger, acquisition, or transfer of the application, subject to appropriate safeguards.
7. International data transfers
Our service providers may process information in countries outside Romania or the European Economic Area. Where required, such transfers are protected through appropriate legal safeguards, such as adequacy decisions, standard contractual clauses, or other recognised transfer mechanisms.
8. Data retention
On-device data (installation identifier, progress, reminder preference) remains until you clear the app’s storage or uninstall. Support communications are kept only as long as necessary to respond, maintain records, resolve disputes, and comply with legal obligations. We may retain aggregated or de-identified information that no longer identifies a device or individual.
9. Deletion requests
Because Endlo has no personal accounts and stores your application data only on your device, you can remove that data yourself at any time by clearing the app’s storage or uninstalling the app. As Endlo does not currently store your personal data on our servers, there is generally no server-side personal record to delete. If you have contacted us by email and would like that correspondence deleted, or have any other request, contact legal@endlo.app. We may retain limited information where required by law or to establish, exercise, or defend legal claims.
10. Your privacy rights
Depending on your location and applicable law, you may have the right to request access to, correction of, or deletion of personal information; to restrict or object to certain processing; to data portability; to withdraw consent; and to lodge a complaint with a data-protection authority. Users in Romania may contact the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP). To exercise your rights, contact legal@endlo.app. We may need to verify that a request relates to the person making it.
11. Security
We use reasonable technical and organisational measures to protect information against accidental loss and unauthorised access, alteration, disclosure, or destruction — including encrypted network communications, access controls, and restricted administrative access. No method of transmission or storage is completely secure, but because the app collects so little, the risk to you is low.
12. Children’s privacy
Endlo is intended for adults aged 18 and over and is not designed for children. We do not knowingly collect personal information from children. If you believe a child has provided personal information through Endlo, contact us so we can investigate and, where appropriate, delete it.
13. External sources and third-party links
Endlo links to original articles, publications, videos, museums, research organisations, and other third-party sources. When you open an external link, that third party’s privacy policy and terms apply. We do not control how third-party sites collect or use information; please review their practices before providing information.
14. Changes to this Privacy Policy
We may update this Privacy Policy when Endlo changes, when our service providers change, or when legal requirements change. The updated version will be published on this page with a revised effective date. Where a change materially affects your rights, we may also provide an in-app notice.
15. Contact
Endlo is operated by Lucian Vaduva, Romania. Email: legal@endlo.app.