Last updated 2026-05-24

Privacy policy.

Lectis is built by Spindlecode, LLC. This policy describes what data Lectis collects, why, and what we do (and never do) with it. It covers the iOS app, the web app at app.lectis.ai, and the "Save to Lectis" browser extension on Chrome, Firefox, and Safari.

Summary in plain language

  • We collect the URLs and content of articles you explicitly save, plus your account email + name + profile picture from Google sign-in.
  • We never collect your browsing history, the contents of pages you didn't save, your other tabs, your form input, your cookies, or anything you do outside Lectis.
  • We don't sell your data. We don't share it with advertisers. We don't include third-party analytics or behavioral tracking SDKs.
  • Authentication is via Google OAuth. We never see your Google password and we have no access to your Gmail, Drive, Calendar, or any other Google service.
  • Delete any saved article from inside the app to remove it (and its cached content). Email us to delete your whole account.

The web and iOS apps

What we collect

  • Account data from Google OAuth: your email address, display name, and profile picture URL. Used only to sign you in and show who you are signed in as.
  • Saved articles: the URL, title, byline, excerpt, cleaned article body, and a small viewport screenshot for each piece you explicitly save.
  • Reading metadata: which articles you've opened, how far you've scrolled, and whether you've marked them read. This is so the same state syncs across your devices.
  • Tags and notes you write on saved articles.
  • Preferences: typography, theme, time-bucket settings.

What we don't collect

  • Your browsing history outside articles you save.
  • Pages, posts, or feeds you don't explicitly save.
  • Behavioral telemetry, click streams, or session recordings.
  • Location.
  • Contacts, calendar, microphone, camera, or any other system data.

Where it's stored

Data is stored on Spindlecode-operated servers in the United States (AWS infrastructure). Cached article content (HTML, images, screenshots) is kept on our backend so the saved copy still renders if the source publisher takes the original down. All traffic between your device and our backend is over HTTPS.

Who has access

Spindlecode engineering staff can technically access stored data when responding to bug reports or account-deletion requests. We don't sell, rent, or share your data with advertisers, data brokers, or third parties. We don't use it to train models.

Deletion

You can delete any individual saved article from inside the app — that removes it from the database including the cached HTML and images. To delete your entire account (and everything in it), email privacy@lectis.ai. We complete account deletions within 7 days.

The browser extension (Chrome, Firefox, Safari)

"Save to Lectis" is the browser extension distributed through the Chrome Web Store, Firefox Add-ons, and the Mac App Store. It is what you use to add the article you're currently reading to your Lectis library.

What gets sent to Lectis when you click Save

  • The URL of the page you are saving (the canonical URL plus the original tab URL).
  • The visible title, byline, excerpt, and publication metadata.
  • A cleaned version of the article body, produced on your device by Mozilla Readability.js — site chrome, navigation, ads, and embeds are stripped out before anything leaves your browser.
  • The full raw HTML of the page, kept solely for re-extraction debugging and never exposed to other users.
  • A small JPEG of the visible viewport at save time, used as a thumbnail on your saved-articles list.
  • Inline images referenced by the article body, fetched from the origin site by our backend and stored so the saved copy still renders later.

What the extension does NOT do

  • It does not read or transmit pages you have not explicitly saved.
  • It does not track your browsing history.
  • It does not read your other tabs, your form input, your cookies, or your saved passwords.
  • It does not contain analytics or telemetry. The extension does not phone home with usage data.
  • It cannot make network requests to any host other than api.lectis.ai — that's enforced by the manifest's host_permissions declaration the browser checks.

Permissions the extension requests, and why

  • activeTab + scripting — to run Mozilla Readability.js against the current tab when you click Save, extracting the cleaned article body on your device.
  • tabs — so the extension can show a green checkmark on the toolbar icon when you're on a page you've already saved.
  • storage — to remember your sign-in token across sessions and cache which URLs you've already saved.
  • contextMenus + notifications — for the right-click "Save to Lectis" menu and the "Saved" / "Save failed" notifications.
  • sidePanel (Chrome only) — to open the Lectis reader in the browser side panel.
  • identity — for the "Sign in with Google" flow.
  • host_permissions: https://api.lectis.ai/* — the only host the extension may make network requests to. The browser enforces this; the extension cannot read or transmit data from any other site.

Authentication

Sign-in uses Google OAuth. When you click "Sign in with Google" you are redirected to Google's own consent screen; Google returns an identity token; the extension exchanges that token at Lectis for a session JWT. We store your Google profile email, display name, and profile picture URL — nothing else. We never receive your Google password, and we have no access to your Gmail, Drive, Calendar, or any other Google service.

The extension cannot create a new Lectis account on your behalf — sign-in only succeeds if a Lectis account already exists for the Google identity. If you try to sign in without an account, the extension shows you how to create one via the web app or mobile apps.

Cookies and similar technologies

The web app uses browser localStorage / sessionStorage to keep you signed in (your JWT) and to remember preferences. We don't use cookies for tracking, and we don't drop any first- or third-party advertising cookies.

Children

Lectis is not directed at children under 13, and we don't knowingly collect data from children under 13. If you believe a child has created an account, email privacy@lectis.ai and we'll delete it.

Changes

If we make material changes to this policy, we'll update the "Last updated" date at the top and, where the change affects existing data handling, notify signed-in users from within the app the next time they open it.

Contact

Email privacy@lectis.ai with any privacy question, deletion request, or correction. We respond within 7 days.

← Back to Lectis