EADly Privacy Policy

Effective date: June 25, 2026

EADly (“the app”) is operated by Ethos Systems, LLC (“we”, “us”, “our”), a limited liability company formed in the State of Wyoming, United States. Ethos Systems, LLC is the operator of the Service and the controller responsible for the personal data described in this policy. This policy explains what information the app handles, where it is stored, and the choices you have. EADly is built local-first and privacy-first: your immigration data belongs on your device, not on our servers.

This Privacy Policy works together with our Terms of Use.

1. Information stored only on your device

The following stays in local storage on your phone and is never transmitted to us unless you turn on cloud backup (Section 2):

• Profile and timeline information (program dates, OPT/STEM OPT dates, EAD validity dates, H-1B transition details).
• Employment records and unemployment-day tracking.
• Travel logs and travel-readiness checklists.
• CPT records and reporting logs.
• Documents you attach (PDF or JPEG files).
• USCIS case-status history (see Section 3).
• Reminders, notification schedules, and app settings.
• Your app PIN (stored only as a salted cryptographic hash; we never see your PIN).
• A local activity log (event types and timestamps only, such as sign-in, backup, export, or reset; never the contents of your records), kept on your device for security
• Your choice to enable Face ID or Touch ID unlock. The biometric match is performed entirely by your device’s operating system; we never receive or store your fingerprint or face data.

Reminders and notifications are generated locally on your device. We do not operate a push-notification server.

If you delete the app, this on-device data is deleted with it (subject to your device’s operating-system behavior).

2. Information we process if you create an account

Creating an account is optional and is only needed for cloud backup and certain online features (cloud sync, USCIS case-status checks, and in-app feedback).

• Email address. Used solely to sign you in via one-time codes (OTP) and for essential account messages. We do not use passwords. Sign-in uses short-lived session tokens that expire and rotate automatically.

Cloud backups. Cloud backup is off until you enable it. When it is on, the app uploads a backup of your data to our database. Every cloud backup is end-to-end (zero-knowledge) encrypted on your device before it is uploaded. A random per-backup data key encrypts your data (AES-256-GCM); that data key is then wrapped under (a) the passphrase you set and (b) a one-time recovery code, each derived using PBKDF2-SHA256. We store only the resulting ciphertext together with the wrapped keys. Your passphrase and recovery code never leave your device, and we cannot decrypt your backup or reset your passphrase. A backup can be unlocked only with your passphrase or your recovery code. If you lose both your passphrase and your recovery code, your cloud backup cannot be recovered by anyone, including us (your on-device data is unaffected). Setting up cloud backup therefore requires you to choose a passphrase and to save the recovery code we generate for you. The recovery code is shown only once, and we keep no copy. If you would rather not create an account at all, you can instead keep a free local backup file (Settings → Export backup file), which stays on your device unless you choose to share it.

The only non-encrypted technical metadata we store alongside a backup is operational and cannot reveal your data: the encryption mode, the payload encoding, the data size, a schema version, timestamps, and the wrapped (already-encrypted) keys that can be opened only with your passphrase or recovery code.

Session data. Standard authentication tokens with automatic expiry, used to keep you signed in securely.

Database access is restricted by row-level security so an account can only ever access its own records.

Your choices, and the trade-offs of sharing

Sharing any data with our backend is optional and within your control:

• Stay fully local. If you never create an account, your data stays on your device and we receive nothing. The trade-off is that you get no cloud backup or multi-device restore, and no automatic USCIS case-status checks.
• Enable cloud backup. The benefit is that you can restore your data if you lose or replace your phone. The risk is that a copy leaves your device — reduced because it is end-to-end encrypted, so we cannot read it. The limitation is that if you lose both your passphrase and your recovery code, the backup cannot be recovered.
• Use USCIS case-status checks. The benefit is live case updates. The trade-off is that your receipt number is sent to the U.S. government’s USCIS service to return the result.
• Turn on analytics. The benefit is helping us improve the app. It is off by default, anonymous, and limited to a fixed list of non-personal events, and you can turn it off at any time.

3. USCIS case status checks

USCIS case-status tracking is optional and requires a signed-in account. If you use it, the app sends your USCIS receipt number through our backend function to the U.S. government’s USCIS Case Status API and returns the result to your device.

• Case-status history is stored on your device, not on our servers (and is included in your cloud backup if you have enabled it, per Section 2).
• We do not retain your receipt number on our servers beyond what is technically necessary to process the request, and we apply per-account rate limits to protect the service.
• Your receipt number is shared with USCIS (a U.S. government service) only when you use this feature, so that USCIS can return the matching case status.

4. Feedback

In-app feedback requires a signed-in account. If you submit feedback, we deliver the message you write to our support mailbox through our email delivery provider so we can respond. We include it with the email address associated with your account (and a separate reply email if you provide one), a reference to your account, and which app screen you were on. Please do not include sensitive information you do not want to share.

5. Analytics (opt-in)

Analytics is disabled by default. If you opt in:

• Events are sent to PostHog (hosted in the United States) using a random install identifier that is not linked to your name, email, or account.
• Only a fixed allowlist of product events is sent (for example, “screen viewed”, “feature used”), with properties filtered through a blocklist so that emails, names, dates, employers, schools, receipt numbers, files, notes, and similar personal values are never transmitted.
• We do not use cookies for analytics, autocapture, session replay, or heatmaps, and we do not build personal profiles.

You can turn analytics off at any time in Settings, with immediate effect.

6. Service providers and our data processor

Our backend is operated on our behalf by our backend service provider, Arkand Labs Private Limited (India), which acts as our data processor under a Data Processing Agreement and may process your data only on our instructions. To deliver specific functions, we and our processor rely on the following sub-processors. They process data on our instructions and under their own security and privacy commitments:

All of the providers above are contractually bound, under our Data Processing Agreement or equivalent terms, to protect your data, to use it only to provide their service to us, and to handle it consistently with this Privacy Policy and only on our instructions. They are prohibited from using or disclosing your information — including any de-identified, anonymized, or pseudonymized data — for their own purposes, or for any other reason, without your active consent. We do not permit any third party to sell your data or use it for their own advertising or marketing.

7. International data transfers

EADly is operated from the United States by Ethos Systems, LLC. Our backend is run on our behalf by our processor, Arkand Labs Private Limited, in India, and our sub-processors operate in the United States and other countries. If you use the optional online features, your account email, cloud backup, and, where applicable, your USCIS receipt number are processed in the United States, India, and other countries where our processor and sub-processors operate. Where the law requires it, we rely on appropriate safeguards for these transfers, such as standard contractual clauses and our Data Processing Agreement with our processor. By using the optional online features, you understand that this data is processed outside your country of residence.

8. What we do NOT do

• We do not sell, rent, or trade your personal information.
• We do not show ads or use advertising networks or cross-app trackers.
• We do not collect your location, contacts, photos (beyond documents you explicitly attach), or device identifiers for tracking.
• Because every cloud backup is end-to-end encrypted on your device, we cannot read your backups, your documents, or your timeline data.

Your information concerns only you. Apart from the service providers in Section 6, who act on our behalf, the only external recipient of your information is the U.S. government’s USCIS Case Status service, and only the receipt number you choose to check. EADly does not collect genetic information, family-history information, biometric identifiers, or financial or payment-card details. Any purchases are handled by the Apple App Store or Google Play, not by us. We also do not collect data about anyone other than you, so sharing your own immigration information does not expose another person’s personal data.

9. Data retention and deletion

• Local data: under your control; delete it in-app (reset) or by removing the app. You can also keep a free local backup file (Settings → Export) that stays on your device.
• Account and backups: use Settings → Delete Account in the app. This permanently deletes your cloud backup and your account record from our systems immediately, and in any case within 30 days of your request. You can also disconnect cloud sync at any time without deleting local data.
• Feedback emails: retained in our support mailbox as long as needed to handle your request.
• Operational records: transient technical records such as rate-limit counters are kept only as long as needed for security and abuse-prevention.
• Inactive (dormant) accounts: we keep your account and any encrypted cloud backup until you delete them, so a dormant account does not lose data. If an account has had no activity for 24 months, we may email you and then delete the account and its cloud backup if you do not respond within 30 days. Your on-device data is never affected.

Business transfer, change of operator, or closure

If ownership of EADly changes, if the operator of record changes, or if the Service is wound down or discontinued, your personal data held in our backend (your account email and any encrypted cloud backup) is handled under the return-or-deletion obligations of our Data Processing Agreement. Under that agreement, it is either securely returned to a successor operator or securely deleted. We will give in-app notice of any material change in who operates the Service before it takes effect, where reasonably possible. Any successor operator will be required to honor a privacy policy materially consistent with this one. If it will not, we will give you notice and the chance to export or delete your data before the change takes effect.

Because every cloud backup is end-to-end encrypted with keys only you hold, no successor operator, backend provider, or cloud provider can read your cloud backup contents. Access to the USCIS Case Status service is granted specifically to the current operator and is not transferable. A successor operator must obtain its own access before that feature can resume, which may take time.

You can also export your own data as an encrypted backup file and import it again at any time (Settings → Export / Import backup file). That lets you keep an independent copy, or move it to another operator of the app.

10. Security

Security measures include:

• For cloud backups: end-to-end encryption performed on your device. A random per-backup data key (AES-256-GCM) encrypts your data; that key is wrapped under both your passphrase and a one-time recovery code (each via PBKDF2-SHA256, 210,000 iterations, with a fresh random salt and initialization vector). Our servers store only the ciphertext and the wrapped keys; we never receive your passphrase, your recovery code, or the keys derived from them.
• For all cloud data: encryption in transit (TLS), encryption at rest in our provider’s database, and row-level security so each account can access only its own data.
• Salted-hash PIN protection with lockout, OTP-only sign-in, and short-lived rotating session tokens.
• Server-side rate limiting on backend functions, and a strict content-security policy in the app.

No system is perfectly secure. Because every cloud backup is end-to-end encrypted on your device, a breach of our servers would expose only data that is encrypted with keys we do not have.

Data-breach notification

If we become aware of a personal-data breach that affects your information, we will notify you without undue delay, and within any timeframe required by applicable law. We will use the email associated with your account or an in-app notice. The notice will describe, to the extent known, what happened, what information was involved, what we are doing about it, and the steps you can take to protect yourself. Because every cloud backup is end-to-end encrypted with keys only you hold, a breach of our servers would expose only ciphertext we cannot read.

11. Your rights

Depending on where you live, you may have rights over your personal data. Because almost all data lives on your device, and cloud backups are end-to-end encrypted with keys only you hold, many of these rights are exercisable directly in the app (export, reset, delete account, analytics toggle, disconnect cloud sync).

United States (state privacy laws, including the California Consumer Privacy Act)

You have the rights to know, access, delete, and correct your personal information, and to be free from discrimination for exercising them. We do not “sell” or “share” your personal information as those terms are defined under U.S. state privacy laws. Where the California Consumer Privacy Act (CCPA), as amended by the CPRA, applies to you, we honor these rights. You can exercise them directly in the app or by contacting us, and we will not discriminate against you for doing so.

EU / UK (GDPR)

You have the rights of access, rectification, erasure, restriction, objection, and data portability, and the right to withdraw consent at any time. Our legal bases are: performing our agreement with you (providing the app’s online features), our legitimate interests (security and abuse-prevention), and your consent (optional analytics and optional cloud backup). You may lodge a complaint with your local supervisory authority (in the UK, the ICO).

India (DPDP Act, 2023)

Because our backend processor, Arkand Labs Private Limited, operates in India, Indian data-protection law may apply to the processing of your personal data. You may have the right to access, correct, and erase your personal data, to withdraw consent, to nominate another person to exercise your rights, and to grievance redressal, and, where unresolved, to approach the Data Protection Board of India.

To exercise any right not available directly in the app, contact us (see the Contact section below). We will verify your request as needed and respond within the period required by applicable law.

12. Children

EADly is intended for adults managing F-1 visa employment authorization and is not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us personal information, contact us and we will delete it.

13. Important note on immigration information

EADly provides informational tools only. It does not provide legal advice, and nothing in the app creates an attorney-client relationship. Immigration rules change and individual circumstances differ. Always verify deadlines and requirements with official USCIS sources, your Designated School Official (DSO), and a qualified immigration attorney before acting.

14. Governing law

This Privacy Policy is governed by the laws of the State of Wyoming, United States, and applicable U.S. federal law, without regard to conflict-of-laws rules, except where mandatory data-protection or consumer-protection law in your country or state of residence applies.

15. Changes to this policy

We will post any changes on this page with an updated effective date. For minor or clarifying changes, posting the update is enough.

For material changes to this Privacy Policy or our Terms of Use, we will notify you in the app before they take effect and show you a plain-language summary of what has changed. We will ask for your active consent — an explicit “I agree” — before the changed terms apply to you, and before you continue using the optional online features (account, cloud backup, and USCIS case-status checks). If you do not agree, you can keep using the on-device features under the prior terms, export your data, or delete your account.

16. Contact

For privacy questions, requests, or grievances, contact the operator and data controller:

EADly’s backend is operated on our behalf by our backend service provider, Arkand Labs Private Limited (India), as our data processor. For all privacy matters, please contact Ethos Systems, LLC using the details above.

See also our Terms of Use.