Privacy Policy

Carolus (“we,” “us”) provides a saved-content curation service: an app, website, and browser extension that lets you bank articles, podcasts, and posts and receive a weekly AI- curated digest. This policy describes what we collect, why, and what control you have over it.

Account data

Your email address, the @handle you choose, your display name (if you provide one), your avatar (if you upload one), and any bio text you set. We use this to create and maintain your account and to display your public profile when you choose to make Papers public.

Content you save

When you save an item, we store the URL, the page’s text (fetched from the source), the title, source name, author, and any metadata available. Our AI generates a short summary, key points, tags, and a vector embedding for search. We also store the timestamp of when you saved it.

Your weekly Papers

Each weekly Paper we generate from your saved items - the title, theme, and references to the items it includes - is stored on your account. You can read it in-app, listen to an audio version (Pro), export it, sync to Notion (Pro), or have it emailed to addresses you nominate.

Settings & preferences

Your chosen delivery day, timezone, notification settings, custom digest title (Pro), digest email recipients, public/private toggle, and connected integrations (Notion).

Subscriptions

If you upgrade to Pro, we record your subscription status, plan, and renewal date. Payment information itself is collected and held by Stripe - we never see your full card number.

Device & usage

When you use the app, we receive a device push token (if you enable notifications) and basic usage signals like which Papers you opened. We use this to deliver notifications and to surface trending Papers and trending saved articles in Discover.

To provide the service:

• Authenticating you when you sign in
• Saving items to your vault and showing them back to you
• Generating your weekly Paper, audio digest, and Different Perspectives
• Delivering notifications, emails, and (when you opt in) Notion sync
• Showing trending Papers and most-saved articles in Discover
• Processing Pro subscription billing through Stripe

To keep the service safe and improving:

• Detecting abuse, spam, and security issues
• Diagnosing bugs from server logs
• Aggregating non-identifying signals to improve Discover ranking

We don’t sell your data. We don’t use your private saved content to train AI models.

To run Carolus, we rely on a small number of trusted third-party providers. Each one only receives the data it needs to do its job.

• Supabase - hosts our database, authentication, file storage, and edge functions. Your account, saved items, and Papers live here.
• Stripe - processes Pro subscription payments. Carolus never sees your full card number.
• Resend - sends transactional and digest emails (sign-in codes, your weekly Paper, curator notifications).
• Grok (xAI) - the AI that summarises items, curates your Paper, and generates Different Perspectives. Saved-item text is sent to Grok for processing.
• ElevenLabs - generates the optional audio version of your Paper (Pro). Paper text is sent for text-to-speech.
• Notion - only when you choose to connect a workspace. Your weekly Paper is exported there as a page.
• Expo - delivers push notifications to your device (if enabled).
• Vercel - hosts the Carolus website and the web Paper viewer.

We don’t share your data with anyone else for marketing or advertising purposes.

You control what’s public. By default, your weekly Papers are publishable at carolus.app/@yourhandle, and your @handle, display name (if you opted in), bio, follower count, and Paper titles are visible on your public profile. You can switch your Papers to Private in Settings at any time, which immediately turns the public URL off.

The most-saved articles surfaced in Discover (Trending Saves) are aggregated. We show the URL, source, and total save count across all Carolus users - never who specifically saved it.

You can:

• Access the data we hold about you - email hello@carolus.app and we’ll provide an export.
• Correct your profile and saved items at any time inside the app.
• Delete your account from Settings. We’ll remove your saved items, profile, and Papers from active systems within a reasonable period.
• Export your weekly Papers as Markdown or PDF (Pro), or sync them to your Notion workspace.
• Control sharing - flip your Papers between Public and Private at any time.
• Object or restrict certain processing (where applicable under GDPR/CCPA). Contact us at the email above.

Carolus is not directed at children under 13, and we don’t knowingly collect data from them. If you believe a child has provided data to us, contact us and we’ll delete it.

Carolus is provided globally. Your data may be processed in countries other than where you live - including the United States, where several of our sub-processors are based. We rely on standard contractual clauses and the providers’ own data-transfer mechanisms (e.g. Stripe, Supabase) where required.

We use HTTPS everywhere, server-side row-level security on all user data, and store passwords using industry-standard hashing. No system is perfectly secure, so we encourage you to use a strong, unique email account and to let us know immediately if you believe your account has been compromised.

We keep your saved items and Papers as long as your account is active. When you delete your account, we remove this data from active systems within 30 days. Encrypted backups may retain a copy for up to 60 additional days before being overwritten.

Aggregated, non-identifying analytics (like total save counts for a URL) may be retained longer for product improvement.

We’ll update this page when our practices change. The “Last updated” date at the top reflects the latest version. For material changes we’ll notify you in-app or by email before the change takes effect.

Privacy questions, requests, or complaints? Email hello@carolus.app. You also have the right to lodge a complaint with your local data protection authority.